yet another reason to patch

by Michael Werneburg
on 2016.11.18

You are here:
Risk topics
» Risk topics blog
July, 2017
· getting it wrong with R
· de-identifying health information
· that's a lot of tracking!

June, 2017
· gaming Google news
· privacy in this day and age
· another record breach
· writing an industry standard
· ISACA article accepted

May, 2017
· Covey time-management quadrants
· safe harbor de-identification of health data
· an ISACA article

April, 2017
· my guide on managing third party risk
· PMP for five years
· metrics that matter
· 720 reads in 48 hours
· I lost my job

March, 2017
· farewell, SIRA board
· the message and the medium
· an interesting take on consulting

February, 2017
· the ever-expanding sh*tlist
· claiming professional expenses in Canada
· get cyber safe
· the flight of the wealthy

January, 2017
· virtual kidnapping
· financial industry vendor management

November, 2016
· securing your life
· yet another reason to patch

October, 2016
· DNS subdomain discovery
· fintech and information risk

September, 2016
· on failed persons

July, 2016
· how to sabotage innovative projects

June, 2016
· no fix for cyber security in our lifetime


more...

Today I had an illuminating call with our insurance broker and carrier about an exclusion in our errors &omissions insurance pertaining to unlicensed data and software.

The intent of the terms was to absolve a carrier in case someone performs an audit and discovers that you've got something unlicensed in use. But they confirmed my reading of its broad language to include other cases, such as:

1. A claim for other purposes (e.g. data breach) where it turns out that unlicensed software or data is in the mix. The presence of that unlicensed IP would mean the insurer would not cover a claim. In our case, we're good here.

2a. A similar case comes up that involves software for which there is no license because the software is now unsupported by its publisher but for which no current licensed. This software is still in use for some "business reason", and the system is otherwise properly maintained. This would not cause an exclusion. So again, we're good.

2b. Something comes up involving a system that has no license because it's become unpatchable despite the availability of current alternatives. In this case, the insurance company wouldn't cover a claim, because the insured hasn't done its part in keeping current. "Technical debt" makes itself felt yet again.


Thankfully that doesn't apply to any of us!

current
big list
first