• "Given their power to intercept and disrupt secret communications, it is not surprising that quantum computers have the attention of various U.S. government agencies.  The National Security Agency, which supports research in quantum computing, candidly declares that given its interest in keeping U.S. government communications secure, it is loath to see quantum computers built. On the other hand, if they can be built, then it wants to have the first one.”

    Prof Seth Lloyd of MIT, MIT Review 2008

    Read more...

  • “Given today’s common hardware and software architectural paradigms, operating systems security is a major primitive for secure systems – you will not succeed without it. This area is so important that it needs all the emphasis it can get. It is the current ‘black hole’ of security.”

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

    Read more...
  • "Dropping support for a broken crypto primitive is hard in practice
    - but crypto can be broken overnight
    -     what do we do if SHA-1 or RSA falls tomorrow?"

    Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Wegerr, "MD5 considered harmful today - Creating a rogue CA certificate", December 2008
    Read more...
Home Resources Frequently asked questions Security in general fact: The insurance industry is moving towards incenting high assurance systems
fact: The insurance industry is moving towards incenting high assurance systems
Thursday, 11 December 2008 07:41


To quote Brian Snow (former director of the Information Assurance Directorate of the US National Security Agency) at the end of his presentation at the AUScert 2008 security conference:

There is one other process going on now in the insurance industry that I think is great.  It’s putting the financial issue in the right place.  One of the most promising recent occurrences in the insurance industry was stated in the report of Rueschlikon 2005 (a conference serving the insurance industry).  Many participants felt that, and this is a direct quote:

‘The insurance industry’s mechanisms of premiums, deductibles, and eligibility for coverage can incent best practices and create a market for security . . .  This falls in line with the historic role played by the insurance industry to create incentives for good practices, from healthcare to auto safety . . .   Moreover, the adherence to a set of best practices suggest that if they were not followed, firms could be held liable for negligence.’

Bluntly, if your security product lacks sufficient robustness in the presence of malice, your customers will have to pay more in insurance costs to mitigate their risks.  Insurance is a recurring cost that business certainly try to manage.

Differential pricing based on quality of your security components, its coming.

I checked just before coming to this conference with a senior manager of Swiss Re, they are still on that path, and they are going to pull it off. (2008)

I think that is one of the greatest plugs that could possibly get going for us out there.  It’s great news.
Last Updated on Friday, 16 January 2009 13:25
 

Related Items