We have seen some really goofy cybersecurity insurance application questions. It is always best to not answer a question that is goofy, but instead to write an addendum that defines terms and explains the cybersecurity posture of an organization related to the topic. You need to try to figure what the insurance company was trying to evaluate rather than just answering their questions because their questions are frequently not suitable for yes/no answers.
Greg Cloon joins me to discuss this topic.
We also touch on when you would use file hash integrity checking, when to use disk encryption, and when to use encryption for communications.
Here's a link to IISCrypto.