Posts - Integrating the
Model in the Real

1/13/09: Audit & Risk - Seeing the Forest from the Trees

9/4/08: Security ROI

6/28/08: Boise: A
Terrorist Target?

5/10/01: FFIEC Business
Continuity Planning

4/3/08: SOX 404 Audits


If the level of risk is significant and the organization is unable to implement Controls that it considers effective and efficient, there is one further option available, short of halting business - assignment or insurance. If a business is not satisfied that the current fire prevention, detection, and suppression controls in a data center are adequate, it can purchase fire insurance to mitigate the potential losses. While insurance is available to cover natural events such as fire, flood or earthquake, there is not a significant market for insurance that covers human error or intentional acts. An alterative is to assign the risk of loss to another person or business. For example, the business could outsource the management of the data center to a vendor and have the vendor assume liability for the failure to perform nightly backups of the data.