CISSP考试指南笔记：7.11 保险

The BCP team should work with management to understand what the current coverage is, the various insurance options, and the limits of each option. The goal here is to make sure the insurance coverage fills in the gap of what the current preventive countermeasures cannot protect against.

Cyber insurance is a new type of coverage that insures losses caused by denial-of-service attacks, malware damages,hackers, electronic theft, privacy-related lawsuits, and more.

A company could also choose to purchase a business interruption insurance policy.

Another policy that can be bought insures accounts receivable. If a company cannot collect on its accounts receivable for one reason or another, this type of coverage covers part or all of the losses and costs.

The company’s insurance should be reviewed annually because threat levels may change and the company may expand into new ventures that need to be properly covered.