SlideShare une entreprise Scribd logo

Data Risks In A Digital Age

P
padler01
Technologie
1  sur  39
Privacy and Security Risks in a Digital Age Risk Management Strategies January 26, 2009 professional underwriters, inc .
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Data Breach Focal Points Organizations continue to face mounting consequences with their lack of protection of private data. Unauthorized Disclosure or Breach of Your PII Personally Identifiable Information Credit Card or Bank Account Numbers Social Security Numbers Customer Records Protected Health Information Laptop Theft Backup Tape Theft Wireless Access Breach E-Commerce Breach Rogue Employees Data Leakage Hacks & Viruses Vendors/ Outsourcing
A Sectoral Approach… National Security Corporate IT Governance Health Care Payment Cards Consumer Protection Financial Services Infrastructure Protection Other Higher Education
… Created Numerous Laws, Regulations and Standards… Int’l Law State Law SOX FTCA ,[object Object],[object Object],[object Object],[object Object],[object Object],FISMA HIPAA GLBA
…Which has Led to Compliance “Silos”
Creating Inefficiencies and other Problems for Our Clients ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],FTCA Consultants PCI Consultants Int’l Consultants State Law Consultants
Managing Information Risks Avoid Mitigate Control Transfer Assume RISK
Response: A Unified Approach to Information Security Compliance Includes Insurance Coverage Addresses all of the legal requirements: Security, Privacy and Identity Theft Uses popular standards and compliance frameworks Risk Assumption, Mitigation and Control Risk Transfer Comprehensive Risk Management Program
Possibly Applicable Laws ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
State Laws ,[object Object],[object Object]
State Notice of Breach Laws ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Most require businesses and/or government to notify state residents if their computerized “personal information” is involved in a data breach ,[object Object],[object Object],[object Object],[object Object],[object Object]
State Data Security Laws ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Massachusetts: Compliance Program Elements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Massachusetts: Safeguards ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],- Secure user authentication protocols; - Secure access, providing access to only to those require information to perform their job duties; assign unique ID and passwords to each person; - Encrypt records containing PI transmitted over the Internet, transmitted wirelessly, or are stored on laptops or other portable devices; - Monitor systems for unauthorized access or use; and - Keep current firewall protection, operating system security patches for systems connected to the Internet, and malware/virus software. - Implement reasonable restrictions on physical access to records; and - storage of records containing PI and data in locked facilities, storage areas or containers. Physical Administrative Technical
State Disposal Rules ,[object Object],[object Object],[object Object]
SOX and Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
FTC Authority ,[object Object],[object Object],[object Object]
FTC Security Enforcement Based on notice of privacy practices and official statements regarding how an organization safeguards sensitive information. (e.g., In re Guidance Software Inc. Deceptive Trade Practices Unfair Trade Practices Practices that "threaten data security“ are unfair practices. (e.g., In re BJ’s Wholesale Club ) GLBA Safeguards Violations of Safeguards Rule, (e.g., In re Superior Mortgage Corp. )
Recent Enforcement/Consent Orders - FTCA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Total of 18 Cases
FTC Consent Orders and Security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Implement administrative, technical, and physical safeguards appropriate to the size, the nature of the company’s activities, and the sensitivity of the personal information collected by each organization. ,[object Object],[object Object],Must be performed by a CISSP or equivalent
International Laws ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Inadequacy of U.S. Protections ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Unified Approach To Security      Security Awareness and Training      Contracts X X    Review/Evaluation      Contingency Planning      Security Incident Procedures      Management of Information Access      Workforce Security      Assigned Security Responsibility      Security Management Process Administrative Safeguards State FTCA PCI DSS NIST FIPS ISO 27002 Security Practices
Unified Approach to Security      Transmission Security      Person or Entity Authentication      Integrity Controls      Audit Controls      Access Control Technical Safeguards      Device and Media Controls      Workstation Use and Security      Facility Access Controls Physical Safeguards State FTCA PCI DSS NIST FIPS ISO 27002 Security Practice
Consider all of Your Security and Privacy Compliance Requirements SOX FTCA State International PCI DSS ISO FTCA (CO) COBIT COSO OECD AICPA PCI 1.2 Follow a UNIFIED APPROACH to Compliance
Part 2 Risk Transfer: A Valuable Tool for Risk Management Avoid Mitigate Control Transfer Assume RISK Transfer
Data Breach Focal Points Organizations continue to face mounting consequences with their lack of protection of private data. Unauthorized Disclosure or Breach of Your PII Personally Identifiable Information Credit Card or Bank Account Numbers Social Security Numbers Customer Records Protected Health Information Laptop Theft Backup Tape Theft Wireless Access Breach E-Commerce Breach Rogue Employees Data Leakage Hacks & Viruses Vendors/ Outsourcing
Risk Transfer One risk management tactic is risk transfer. ,[object Object],[object Object],[object Object],Protects you from attacks on your network Pays for costs associated with public relations damage control Protects you from threats of attack on your network Media Covers libel, slander, unfair trade practices via organization website or electronic media Network Security Covers liability caused by breach of network (e.g. hack or viruses) Privacy Protects organizations from losing or compromising employee and third party data
How do the policies work? ,[object Object],[object Object],[object Object],[object Object]
Important Coverage Trends ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Application Process ,[object Object],[object Object],[object Object],[object Object]
Example: Darwin ,[object Object],[object Object],[object Object],[object Object]
Risk Management ,[object Object],[object Object],[object Object],[object Object],[object Object]
Darwin / Pepper Offering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
So…How do you sell it? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Allied World/Darwin Financial Strength ,[object Object],[object Object],[object Object]
Takeaways ,[object Object],[object Object],[object Object],[object Object]
Thank You Adam Sills AVP, Technology Liability Underwriting (860)-284-1382 [email_address] M. Peter Adler Attorney at Law Direct: 202.220.1278 Direct Fax: 800.684.2749 [email_address] Hamilton Square 600 Fourteenth Street, N.W. Washington DC 20005-2004 202.220.1200 Fax: 202.220.1665 www.pepperlaw.com professional underwriters, inc

Recommandé

Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 aIT Strategy Group
 
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperSupply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperNIIT Technologies
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementMafazo: Digital Solutions
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyGovernment Technology and Services Coalition
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsGovernment Technology and Services Coalition
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 

Recommandé

Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 a11 pp-cybersecurity-revised2 a
11 pp-cybersecurity-revised2 aIT Strategy Group
 
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperSupply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperNIIT Technologies
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementMafazo: Digital Solutions
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyGovernment Technology and Services Coalition
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsGovernment Technology and Services Coalition
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMInfinIT - Innovationsnetværket for it
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudSymantec
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover StoryPatrick Spencer
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsGovernment Technology and Services Coalition
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Privacy and education in the internet age
Privacy and education in the internet agePrivacy and education in the internet age
Privacy and education in the internet ageCliff Landis
 

Contenu connexe

Tendances

Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudSymantec
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 

Tendances (20)

Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the Cloud
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for Cybersecurity
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
 

En vedette

Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Privacy and education in the internet age
Privacy and education in the internet agePrivacy and education in the internet age
Privacy and education in the internet ageCliff Landis
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013Dinesh O Bareja
 
Cyberstalking
CyberstalkingCyberstalking
CyberstalkingTrevschic
 
07 E-commerce Advertising
07 E-commerce Advertising07 E-commerce Advertising
07 E-commerce Advertisingmonchai sopitka
 
Copyright & related rights (1 of 2)
Copyright & related rights (1 of 2)Copyright & related rights (1 of 2)
Copyright & related rights (1 of 2)LawScienceTech
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 

En vedette (12)

Information Security
Information SecurityInformation Security
Information Security
 
Privacy and education in the internet age
Privacy and education in the internet agePrivacy and education in the internet age
Privacy and education in the internet age
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013
 
Cyberstalking
CyberstalkingCyberstalking
Cyberstalking
 
Privacy in the Digital Age
Privacy in the Digital AgePrivacy in the Digital Age
Privacy in the Digital Age
 
07 E-commerce Advertising
07 E-commerce Advertising07 E-commerce Advertising
07 E-commerce Advertising
 
Copyright & related rights (1 of 2)
Copyright & related rights (1 of 2)Copyright & related rights (1 of 2)
Copyright & related rights (1 of 2)
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
 
E-Business & E-Commerce Basics
E-Business & E-Commerce BasicsE-Business & E-Commerce Basics
E-Business & E-Commerce Basics
 
Skimming & Scanning
Skimming & ScanningSkimming & Scanning
Skimming & Scanning
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 

Similaire à Data Risks In A Digital Age

Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4stevemeltzer
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentBill Lisse
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsDoubleHorn
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1stevemeltzer
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010madamseane
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Keeping Client Data Safe (Final)
Keeping Client Data Safe (Final)Keeping Client Data Safe (Final)
Keeping Client Data Safe (Final)AdvogadaZuretti
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf503SaranyaS
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 

Similaire à Data Risks In A Digital Age (20)

Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy Development
 
An Overview of the Major Compliance Requirements
An Overview of the Major Compliance RequirementsAn Overview of the Major Compliance Requirements
An Overview of the Major Compliance Requirements
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Keeping Client Data Safe (Final)
Keeping Client Data Safe (Final)Keeping Client Data Safe (Final)
Keeping Client Data Safe (Final)
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 

Dernier

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 

Dernier (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 

Data Risks In A Digital Age

  • 1. Privacy and Security Risks in a Digital Age Risk Management Strategies January 26, 2009 professional underwriters, inc .
  • 2.
  • 3. Data Breach Focal Points Organizations continue to face mounting consequences with their lack of protection of private data. Unauthorized Disclosure or Breach of Your PII Personally Identifiable Information Credit Card or Bank Account Numbers Social Security Numbers Customer Records Protected Health Information Laptop Theft Backup Tape Theft Wireless Access Breach E-Commerce Breach Rogue Employees Data Leakage Hacks & Viruses Vendors/ Outsourcing
  • 4. A Sectoral Approach… National Security Corporate IT Governance Health Care Payment Cards Consumer Protection Financial Services Infrastructure Protection Other Higher Education
  • 5.
  • 6. …Which has Led to Compliance “Silos”
  • 7.
  • 8. Managing Information Risks Avoid Mitigate Control Transfer Assume RISK
  • 9. Response: A Unified Approach to Information Security Compliance Includes Insurance Coverage Addresses all of the legal requirements: Security, Privacy and Identity Theft Uses popular standards and compliance frameworks Risk Assumption, Mitigation and Control Risk Transfer Comprehensive Risk Management Program
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. FTC Security Enforcement Based on notice of privacy practices and official statements regarding how an organization safeguards sensitive information. (e.g., In re Guidance Software Inc. Deceptive Trade Practices Unfair Trade Practices Practices that "threaten data security“ are unfair practices. (e.g., In re BJ’s Wholesale Club ) GLBA Safeguards Violations of Safeguards Rule, (e.g., In re Superior Mortgage Corp. )
  • 20.
  • 21.
  • 22.
  • 23.
  • 24. Unified Approach To Security      Security Awareness and Training      Contracts X X    Review/Evaluation      Contingency Planning      Security Incident Procedures      Management of Information Access      Workforce Security      Assigned Security Responsibility      Security Management Process Administrative Safeguards State FTCA PCI DSS NIST FIPS ISO 27002 Security Practices
  • 25. Unified Approach to Security      Transmission Security      Person or Entity Authentication      Integrity Controls      Audit Controls      Access Control Technical Safeguards      Device and Media Controls      Workstation Use and Security      Facility Access Controls Physical Safeguards State FTCA PCI DSS NIST FIPS ISO 27002 Security Practice
  • 26. Consider all of Your Security and Privacy Compliance Requirements SOX FTCA State International PCI DSS ISO FTCA (CO) COBIT COSO OECD AICPA PCI 1.2 Follow a UNIFIED APPROACH to Compliance
  • 27. Part 2 Risk Transfer: A Valuable Tool for Risk Management Avoid Mitigate Control Transfer Assume RISK Transfer
  • 28. Data Breach Focal Points Organizations continue to face mounting consequences with their lack of protection of private data. Unauthorized Disclosure or Breach of Your PII Personally Identifiable Information Credit Card or Bank Account Numbers Social Security Numbers Customer Records Protected Health Information Laptop Theft Backup Tape Theft Wireless Access Breach E-Commerce Breach Rogue Employees Data Leakage Hacks & Viruses Vendors/ Outsourcing
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. Thank You Adam Sills AVP, Technology Liability Underwriting (860)-284-1382 [email_address] M. Peter Adler Attorney at Law Direct: 202.220.1278 Direct Fax: 800.684.2749 [email_address] Hamilton Square 600 Fourteenth Street, N.W. Washington DC 20005-2004 202.220.1200 Fax: 202.220.1665 www.pepperlaw.com professional underwriters, inc