ABSTRACT
Traditional approaches to security architecture and design have attempted to achieve the goal of the
elimination of risk factors-the complete prevention of system compromise through technical and
procedural means. Insurance-based solutions to risk long ago admitted that a complete elimination of
risk is impossible and, instead, have focused more on reducing the impact of harm through financial
avenues-providing policies that indemnify the policyholder in the event of harm.