Your SlideShare is downloading. ×
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Mark E.S. Bernard ISMS ISO 27001 Governance, Risk, Compliance (GRC)

10,017

Published on

How can ISO/IEC 27001 ISMS solve the GRC dilemma? Check this presentation out...

How can ISO/IEC 27001 ISMS solve the GRC dilemma? Check this presentation out...

Published in: Business
4 Comments
6 Likes
Statistics
Notes
No Downloads
Views
Total Views
10,017
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
464
Comments
4
Likes
6
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Compiled by; Mark E.S. Bernard, ISO 27001 Lead Auditor,CISSP, CISM, SABSA-F2, CISA, CRISC, CGEIT *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 2. • Introduction • Threats • Governance • Risk • Compliance • ISMS Overview • Incident Management • Security Architecture • Policy, Procedure, Standards*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 3. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 4. Registration need not be thefinal goal however everybusiness can benefit fromadopting a management systemthat provides assurance ofinformation assets in alignmentwith strategy and tacticalbusiness goals while addressingGovernance, Risk Management,Compliance Managementrequirements. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 5. Mark E.S. Bernard, CRISC, CGEIT, CISA, CISM, CISSP, PM, ISO 27001, SABSA-F2 Information Security, Privacy, Governance ,Risk Management, Consultant Mark has 22 years of proven experience within the domain of Information Security, Privacy & Governance. Mark hasled teams of 30 or more as a Director and Project Manager and managed budgets of $5 Million +. Mark has also providedover sight as a senior manager during government outsourcing contract valued at $300 million and smaller contracts forspecialized services for ERP systems and security testing. Mark has led his work-stream during RFP process, negotiations,on-boarding, contract renegotiation and as Service Manager. Mark has architected information security and privacy programsbased on ISO 27001 and reengineered IT processes based on Service Manager ITIL/ISO 20000 building in QualityManagement ISO 9001.Mark is a volunteer on the local professional associations for HTCIA, ISACA, ISSA, IIA. Mark has also been published in trademagazines and on the Internet in addition to being sought after as an expert by local radio, news papers and television. Markhas taught as a Professor of a third-year iSeries systems engineering course and led many workshops, led keynote speeches.Mark’s expertise has been applied in a number of verticals including Financial Services, Banking, Insurance, Pharmaceutical,Telecommunications, Technology, Manufacturing and Academia. Some of Mark’s recent project highlights are as follows:Accomplishments:• In 2012 Assisted a Executive Relocation Organization to ISO/IEC 27001 Registration/Certification• In 2012 Assisted a Nanotechnology Fabrication Facility to ISO/IEC 27001 Registration/Certification• In 2012 Assisted a Cloud Software as a Service Provider to ISO/IEC 27001 Registration/Certification• In 2010/11 co-led US based Cloud Service Provider ISO/IEC 27001 Registration/Certification• In 2009 led 1st Canadian Public Sector ISO/IEC 27001 Registration/Certification• In 2009 led On-boarding Project for ERP Service Provider• In 2009 led Technology and Operations work-stream during Negotiated Request for Proposal• In 2007 led 1st Canadian Online banking, Trade & Wholesale Service to ISO/IEC 27001 Registration /Certification• In 2005 led Privacy, Security, and Privacy Compliance work-stream during outsourcing to alternate service delivery organization• In 2002 led Information Security Program development for International Food Manufacturer.• In1999 led Independent Security Assurance Review of financial systems located off shore. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 6. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 7. Source: Computer Security Institute 2010/11 Survey*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 8. Source: Verizon business 2011 Data Breach Investigations Report• Large-scale breaches dropped dramatically while small attacks increased. The report notes there are several possiblereasons for this trend, including the fact that small to medium-sized businesses represent prime attack targets formany hackers, who favour highly automated, repeatable attacks against these more vulnerable targets, possiblybecause criminals are opting to play it safe in light of recent arrests and prosecutions of high-profile hackers.• Outsiders are responsible for most data breaches. Ninety-two percent of data breaches were caused by externalsources. Contrary to the malicious-employee stereotype, insiders were responsible for only 16 percent of attacks.Partner-related attacks continued to decline, and business partners accounted for less than 1 percent of breaches.• Physical attacks are on the rise. After doubling as a percentage of all breaches in 2009, attacks involving physicalactions doubled again in 2010, and included manipulating common credit-card devices such as ATMs, gas pumps andpoint-of-sale terminals. The data indicates that organized crime groups are responsible for most of these card-skimming schemes.• Hacking and malware is the most popular attack method. Malware was a factor in about half of the 2010 caseloadand was responsible for almost 80 percent of lost data. The most common kinds of malware found in the caseloadwere those involving sending data to an external entity, opening backdoors, and key logger functionalities.• Stolen passwords and credentials are out of control. Ineffective, weak or stolen credentials continue to wreak havocon enterprise security. Failure to change default credentials remains an issue, particularly in the financial services,retail and hospitality industries. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 9. Source: 2010 Cloud Security Alliance Threats#1: Abuse and Nefarious Use of Cloud Computing#2: Insecure Interfaces and APIs#3: Malicious Insiders#4: Shared Technology Issues#5: Data Loss or Leakage#6: Account or Service Hijacking#7: Unknown Risk Profile *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 10. Source: 2010 OWSAP Top 10 Web Application Security RisksA1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer ProtectionA10: Invalidated Redirects and Forwards *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 11. Source: ‘The Risk of Insider Fraud’ Ponemon Institute 2011•Employee-related incidents of fraud, on average, occur weekly in participating organizations.• Sixty-four percent of the respondents in this study say the risk of insider fraud is very high orhigh within their organizations.• CEO’s and other C-level executives may be ignoring the threat, according to respondents.• The majority of insider fraud incidents go unpunished, leaving organizations vulnerable tofuture such incidents.• The threat vectors most difficult to secure and safeguard from insider fraud are mobiledevices, outsourced relationships (including cloud providers) and applications.• The majority of respondents do not believe their organization has the appropriatetechnologies to prevent or quickly detect insider fraud, including employees’ misuse of ITresources. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 12. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Source: Computer Security Institute 2010/11 Survey
  • 13. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 14. Purpose: Management shall review the organization’s ISMS at planned intervals (at leastonce a year) to ensure its continuing suitability, adequacy and effectiveness. This reviewshall include assessing opportunities for improvement and the need for changes to theISMS, including the information security policy and information security objectives. Theresults of the reviews shall be clearly documented and records shall be maintained,(ISO27k clause 4.3.3).Goals: The ISMS Management Review Committee has been formed to provide aneffective joint forum which will contribute to the following goals: • Decision making which supports the CSO program; • Balanced and informed review and advisory services contributing to a range of CSO planning, service delivery and issue resolution activities; and • Proactive CSO alignment with higher level joint governance functions to improve the effectiveness and efficiency within the CSO domain. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 15. Committee Functions: Review input (ISO27k clause 7.2)The input to a management review shall include: a). results of ISMS audits and reviews; b). feedback from interested parties; c). techniques, products or procedures, which could be used in the organization to improve the ISMS performance and effectiveness; d). status of preventive and corrective actions; e). vulnerabilities or threats not adequately addressed in the previous risk assessment; f). results from effectiveness measurements; g). follow-up actions from previous management reviews; h). any changes that could affect the ISMS; and i). recommendations for improvement. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 16. Review output (ISO27k clause 7.3)The output from the management review shall include any decisions and actions relatedto the following.a). Improvement of the effectiveness of the ISMS.b). Update of the risk assessment and risk treatment plan.c). Modification of procedures and controls that effect information security, as necessary,to respond to internal or external events that may impact on the ISMS, including changesto: 1). business requirements; 2). security requirements; 3). business processes effecting the existing business requirements; 4). regulatory or legal requirements; 5). contractual obligations; and 6). levels of risk and/or criteria for accepting risks.d). Resource needs.e). Improvement on how the effectiveness of controls is being measured *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 17. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 18. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 19. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 20. Extreme = range 90+: A Risk Rating of 90+ indicates that an ‘Extremely’ serious riskexists based on our assessment a highly motivated threat is present with thetechnical capability to exploit multiple vulnerabilities that will result in a seriousimpact to Enterprise assets and services. Compounding the seriousness of thissituation is the fact that existing controls are ineffective to prevent the known threatfrom exploiting the known vulnerability and/or no controls have been implementedresulting in the same serious ‘Extreme’ risky condition to Enterprise assets andservices. Risk Rating of 80 – 89: indicates that a ‘Critical’ risk exists based on our assessmenta highly motivated threat is present with some technical capability to exploit aknown vulnerability that will result in a negative impact to Enterprise assets andservices. Compounding the seriousness of this situation is the fact that existingcontrols are somewhat effective and may or may not prevent a known threat fromexploiting a known vulnerability and/or no controls have been implementedresulting in a ‘Critically’ risky condition to Enterprise assets and services. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 21. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 22. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 23. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 24. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 25. •Health Insurance Portability and Accountability Act (HIPAA)•Health Information Technology for Economic and Clinical Health Act (HITECH Act)•Federal Information Security Management Act (FISMA)•Gramm-Leach-Bliley Act (GLBA)•Payment Card Industry Data Security Standard (PCI-DSS)•Payment Card Industry Payment Application Standard•Sarbanes-Oxley Act (SOX)•U.S. state data breach notification law•International privacy or security laws *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 26. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 27. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 28. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 29. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 30. The demand for ISO/IEC 27001:2005 has nearly tripled in six years and thenumber of countries adopting the Information Security Management System hasdoubled. ISO/IEC 27001:2005 will soon be releasing its first major revision sincethe 2005 adoption and if it turns out to be anything like the changes that weveseen in ICFR /ICIF, ISAE 3402 or NIST SP 53 there will be significant improvementsto be leveraged.In 2006, the first year of the annual survey, ISO/IEC 27001:2005 certificates atthe end of December 2006 totaled 5,797. The number of countries adoptingISO/IEC 27001 totaled 64. At the end of 2010, at least 15,625 certificates hadbeen issued in 117 countries. The 2010 total represents an increase of 2,691 or(+21 %) since December 2009.In 2006 the top three countries adopting ISO/IEC 27001 included Japan, UnitedKingdom and India and in 2010 that trend continued. However, the top threecountries from December 2009 to 2010 were Japan, China and the CzechRepublic. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 31. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 32. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 33. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 34. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 35. • Governance • Incident Management • Human Resources • Security Architecture • Roles and Responsibilities • Internal Audit • Charter • Legal Obligations • Oversight Committee (ToR) • Service Management • Communication Strategy • Knowledge Management • Statement of Applicability • Procurement • Impact • Annual Security Testing • Budget • Outsourcing• Risk Management • Awareness Training • Policy •Implementing ISMS • Methodology • PDCA Activities • Procedure • Time allocations • Risk Treatment • Resources• Continuous Improvement • Post Implementing ISMS• Document Control • PDCA Activities• Record Management • Time allocations• Monitoring • Resources *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 36. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 37. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 38. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 39. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 40. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 41. An Information Security Event occurs when a threat agent attempts to exploit a vulnerability within the Enterprise Environment, but is not successful. A report maybe generated on a weekly, biweekly or monthly basis and securely distributed to the Enterprise Information Security Office for further analysis and reporting. An Information Security Incident results when a threat agent successfully exploits a vulnerability within the Enterprise Environment. The Enterprise Information Security Office must be notified immediately whenever a Security Incident occurs. The Enterprise Security Office will assist with the evidence collection, containment, eradication and recovery.Information security incidents typically result in a negative impact to Enterprise Assets and one or more of the characteristics defined by three principles of information security confidentiality, integrity or availability *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 42. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 43. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 44. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 45. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 46. Key Policy Access Systems Control Practice Acquisition, Human Development, Resources Maintenance Physical & Standard Compliance Environmental Correct Asset Processing in Communications Management Applications & Operations Business Technical IncidentContinuity Vulnerability Management Management InfoSec Education & Business Awareness Personal Continuity Information BreachManagement ProcessControl Objectives Practices Specifically linked tothe role of TSH CISO Management of Personal Information InfoSec Incident & Allocation Protection Standard Information Improvements of InfoSec Security Policy Responsibilities. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 47. • Information Security Policy (ISMS Policy)* • Acceptable use of assets** • Backup policy • Access control policy • Clear desk and clear screen policy • Policy on use of network services • Mobile computing and communications • Policy on the use of cryptographic controls*I recommend having one policy at this level and calling it the ‘Information Security Policy’.**not identified as a specific requirement however I highly recommend this policy. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 48. NOTE: Each process is documented using the template described in subsequent slidesLevel 1 - Description of the process in wording* High-level Narrative Describing the General Process Operating Parameters and Interaction of ParticipatingOrganizations•Level 2 - Process end to end summary* Mid-level End-to-End Flowchart Summary of Key Sub-processes Described in Level 3A DocumentsLevel 3A- Detailed process description* Walkthrough"-level Process Flowchart: Shows Operational Execution Sequence with Participants and Key FinancialControl Points Identified. Typically Detailed to the line Manager Layer. (NOTE: 3-A Is Not Detailed Down to the DeskProcedures Level)Level 3B - Control design, objective, risks, control point* Control Design Evaluation Template: Maps to the -A Flowchart: Indicates control objectives for the Process withAssociated Risks: Lists Key Controls for these Risks: and Summarizes the Execution of These Controls.Level 3C - Test procedure description* Testing and Remediation Template: Lists Key I-rnarzcral Control Points: Documents Specific Tests Pertaining to EachControl: and Describes Any Notable Exception Items that Require Correction. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 49. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 50. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 51. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 52. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 53. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 54. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 55. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 56. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  • 57. For more information contact Skype; Mark_E_S_Bernard Twitter; @MESB_TechSecureLinkedIn; http://ca.linkedin.com/in/markesbernard *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

×