© 2003 James P. Cavanagh, All Rights Reserved [email protected] Network Security:...
-
Upload
austen-sparks -
Category
Documents
-
view
212 -
download
0
Transcript of © 2003 James P. Cavanagh, All Rights Reserved [email protected] Network Security:...
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Network Security:The Business Value Proposition
ISSA Sacramento Valley ChapterApril 29, 2003
The Consultant RegistryTelecom, Network & Security Consulting and Training Since 1994
Presents
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Добро Добро пожаловать!пожаловать!
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
WelcomeWelcome
ROI
Liabilities
Due Diligence
FiduciaryResponsibilities
Budgets
Brand Value
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Michael. Kelley@Kc-Ec. Com
Michael Kelley
Michael Kelley
NEEDKELLEYPHOTO
• VP of Sacramento ISSA• Sixteen Years in Industry• Areas of Expertise
• Independent Validation & Verification• CMM Configuration Management• Strategic & Operational Planning • Risk Management / Project Management• Quality and Performance Improvement• RUP Methodology Training• Business Systems Analysis• Budgeting and Performance Estimating• Business Continuity Planning / Disaster Recovery Planning• Requirements Management & Process Re-engineering
• USAF Special Acts and Services Award, 1998• The Consultant Registry - Member
• Security Consultancy• C-Level Security Briefing Team
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Mission Statement
The Consultant Registry's mission is to applythe unique telecom, network and security expertise
of our member consultants for the benefitof our manufacturer, service provider,
government and end-user clients.
We have been doing this globally since 1994.
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
The Consultant Registry
• Consortium of Top Industry Consultants• All 7 Layers + Applications and O/S• World Recognized Experts• Average over 22 years experience each• Books, Articles, Patents, Firsts• Strong Security Focus
• ISS Strategic Partner• In Business since 1994• High Impact Teams• Certifications & Security Clearances• Global / Multilingual Support• Project History / Reputation
Highest Quality On Time On Budget
Bridging Gap Between Technology & Business
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Model
• All Consultants Are Independent• No Salaries / Overhead• Consultants Have Individual Practices*• Pick of the Best on Project by Project Basis• Hand-Picked Experts• Broad Range of Skills
• Best of Breed Teams• Excellent “Cross Pollenization”• Single Source Opportunity
* which is how The Consultant Registry is ‘weathering the storm’
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Global Coverage
The Consultant Registry is a Global Organization
Today’sFocus
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Introduction 9:00 - 9:10
am
The Security Business Value Proposition 9:10 - 9:40
Citadel vs Insurance Model 9:40 - 9:50
Bang for the Buck Analysis (BBA) 9:50 – 10:20
Break 10:20 -
10:35
The Red Team / Tiger Team 10:35 -
10:50
Executive Security Awareness (ESA) 10:50 -
11:05
Questions & Answers 11:05 -
11:25
Conclusion 11:25 -
11:30
Network Security:The Business Value Proposition
Agenda
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
James P. Cavanagh
James P. Cavanagh
• Over 25 Years Experience (Not 1 year’s experience 25 times!)• Areas of Expertise
• Voice• Data• Video• Security
• Two Security Books• “Security Handbook” (1996)• Threats & Vulnerabilities (2003/2004)
• Dozens of Articles, Presentations• Free Security White Papers
• 9,500 + Global Distribution List• Recognized by San Jose Silicon Valley CC
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
A Scientific Survey^Quick
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
A Scientific Survey
My Security Budget is Big Enough T/F
I Understand Why/Why Not T/F
I Know my Boss’s Budgeting Criteria T/F
I Follow His/Her Guidelines T/F
I Have Tried to Put My Boss and I on the Same {Requesting} Team T/F
I Have a Funding/Budgeting Strategy T/F
My Strategy Works Consistently T/F
I Have Sought Alternative Resources T/F
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
A Scientific Survey
My Boss’s “Top 3” Hot Buttons Are:1) _______________2) _______________3) _______________
My Boss’s Security Awareness: 1 2 3 4 5 (best)
My predecessor left my job because:_________________________________________
If I could talk to my predecessor, the top 3 things I would like to know are:
1) _______________2) _______________3) _______________
Do you challenge your Boss’s “Need to Know”?
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Network SecurityBusiness Value Proposition
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Network Security
The Business Value Proposition
Network security has long been the domain of the technologist, spy and hacker. Increasingly, however, management is realizing that network security has its own unique value within the business framework and that a successful security program is subject to the same evaluation criteria as any other part of the business.
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Impact of Bad Network Security
Financial LossDirect Financial Loss
Direct CostsLoss of Productivity
Indirect Financial LossLost Opportunities
Loss of Brand Value / Stock Price / Reputation
Other LossesLegal Liability / Risk
TrustNational Security Issues
National Reputation
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Tip #1: Learn from CNN: Use‘sound bites’Bad: Computer viruses are bad, as you know. Many companies lose a lot of money because of them.
Better*: Every hour of down time costs us $x, and the average virus attack requires x.x hours to clean up.
Good: For every virus attack we are unable to process x driver’s license requests.
Best: By approving the expenditure of $x for virus prevention we have saved $y and z hours of staff time.
Tip #2: Share sound bites that work
* Less bad?
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Business Security Objectives:
Confidentiality / PrivacyConfidentiality / PrivacyInformation IntegrityInformation Integrity
Non-RepudiationNon-RepudiationAccountabilityAccountability
AvailabilityAvailability
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Security Objectives
Confidentiality / Privacy
Confidentiality / PrivacyInformation Integrity
Non-RepudiationAccountability
Availability
Keep Private Information PrivateAvoid Unauthorized Disclosure and/or UsePrivacy / Security Critical to Customer ConfidencePrivacy Often Mandated by Law (i.e. HIPAA)Protect Information
• In Transit on Network• Sitting on Disk
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Tip #3: Talk liabilitiesBad: If our patient information were to be illegally disclosed we could be in real trouble, boss.
Better: Because we are a health care organization we are governed by the Federal HIPAA regulations.
Good: Because we are a health care organization we are governed by the Federal HIPAA regulations, and HIPAA has strict penalties for unauthorized disclosure of patient information, even accidental disclosure.
Best: Our HIPAA training program only costs an average of $650 per employee while a single HIPAA violation can cost thousands of dollars. That’s ROI!
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Security Objectives
Information Integrity
Confidentiality / PrivacyInformation Integrity
Non-RepudiationAccountability
Availability
Assure Information is Unaltered
Protect Accuracy / Reliability of Information
Avoid Indirect Changes
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Tip #4: Use “case studies”, not just factsBad: Without proper security someone could change our information. We need to protect against that.
Good: Think, for a moment, about the impact of something as simple as an unauthorized change to someone’s date of employment. That’s a change that might go unnoticed, and unchallenged, for years but could affect retirement eligibility, payments and other factors and could be almost impossible to fix later. A change of just five years for a k-12 teacher, as an example, could cost our retirement system an additional $x in payments.
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Security Objectives
Non-Repudiation
Confidentiality / PrivacyInformation Integrity
Non-RepudiationAccountability
Availability
Assure Origin, Accuracy of TransactionsGuarantee Transactions Will Stand Up to ChallengesEnhance / Maintain Trust in Financial TransactionsAppropriate for:
eCommerce / mCommerce Transactions Contracts Records
Financial Medical Personal
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Tip #5: Be the ‘teacher’, not just the ‘expert’Bad: A top security objective is non-repudiation, in other words, to assure that transactions can not be repudiated.
Good: One of the big concerns in security today, including one of our biggest issues, is non-repudiation. Non-repudiation means that if a transaction is challenged, its origin, accuracy and authenticity can be verified beyond any reasonable doubt. This is not just for electronic security, but our tools are different, and, if properly applied, better. Take for example a written signature, it is possible to claim that the signature is a forgery, but its origin can be established. A digital …
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Security Objectives
Accountability
Confidentiality / PrivacyInformation Integrity
Non-RepudiationAccountability
Availability
Who Did What to Which Systems / ResourceWhen Did They Do It?Extension of Traditional Accounting Practices
Checks and Balances Back-Ups and Checkpoints
Invaluable for ForensicsImportant for Court / Evidence
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Tip #6: Ask for opinions, engage in a dialog*Bad: We must have accountability for all transactions. It will be invaluable when we prosecute the bad guys.
Best: How important is accountability to our organ-ization? What is our policy regarding prosecution of hackers? Is our policy different for outside hackers and malicious insiders? Have we ever tested these policies and procedures? How much of our budget are we willing to devote to proactively gathering evidence and assuring that we have met all forensic rules?
* dialog means two-sided, monolog means one-sided
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Security Objectives
Availability
Confidentiality / PrivacyInformation Integrity
Non-RepudiationAccountability
Availability
Assure that Systems are Available As Needed•For Employees•For Customers•For Suppliers
Avoid Loss of Productivity / Loss of SalesOften a Customer “Gauge” of Quality / Reliability
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Tip #7: Openly discuss scenarios / alternativesBad: Availability is our #1 objective.
Best: I am working on our availability policy and I wanted to solicit your thoughts on a few points. Should availability be the #1 objective, or should we keep people out of the system who fail to meet certain criteria? For instance, if a person fails to enter the correct password three times, should they be given access to the system after a phone call to the SOC and having their password reset, or should they require an email and/or phone call from their supervisor? Or something else? Should the policy consider local, remote fixed and remote mobile users differently?
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value PropositionTip #8: Always have an opinion/solutionNever approach management without a defensible opinion and clear solution in mind. You are not asking for your boss to solve your problems – you are trying to clarify the acceptability of your desired solution and the likelihood that it will be accepted.You are also determining the amount of preparation and awareness training that will be needed to get your desired solution accepted. You know that it is better not to ask than to be turned down and are trying to determine your chances of success before making a formal request.BUT, always have an open mind, be ready to change or compromise, as needed, in light of new facts.
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Tip #9: Learn from IBM: Always be ‘selling’ Always look for a chance to sell your solution: don’t let an opportunity go by. Deliver one clear message at a time, be successful and put another building block in place. Go for achievable ‘interim closes’ and build your program step-by-step. Have a long term vision.
Use internal communications, emails, newsletters and company events as vehicles for your selling program. Be relentless, but be subtle.
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Tip #10: Involve your entire team.Be sure that your team shares your vision, satisfy naysayers or get rid of them and let your team help sell the vision within the organization. Train them, coach them and set them loose. Teach them the 10 tips and let them be your ambassadors.
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Business Value Proposition
Business Value Proposition
Business Security Objectives:
Confidentiality / PrivacyConfidentiality / PrivacyInformation IntegrityInformation Integrity
Non-RepudiationNon-RepudiationAccountabilityAccountability
AvailabilityAvailability
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Citadel vs InsuranceSecurity Models
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Citadel vs Insurance
Citadel vs Insurance Security Models
Model originated by Bruce SchneierCitadel Approach
Traditional Security Model - Technology Driven Keep Out the “Bad Guys” - Let In the “Good Guys”
Insurance Approach Emerging Security Model - Business Driven Risk / Liability Assessment
CitadelModel
InsuranceModel
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Citadel vs Insurance
Citadel vs Insurance Security Models
Insurance Model says Security is ...• Risk / Return Analysis• Subject to all ROI and Actuarial Analysis of
ANY other Business Process• Managed Risk
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Citadel vs Insurance
Citadel vs Insurance Security Models
“Hacking Insurance”• May Directly or Indirectly Be Part of
Present Insurance Coverage• May Be Completely Separate Policy• Offered from a Growing List of Insurers
Should be Part of a Review Process May require Managed Security Monitoring (MSM) MSM May Reduce Premiums
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Citadel vs Insurance
Citadel vs Insurance Security Models
Insurability Rating Process• Who is Doing It?
• Background• Who Are They Working With
• Process• Clear Process for Insurability Rating• “Veiled” Vulnerability Assessment
• Insurance Experience
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Citadel vs Insurance
Citadel vs Insurance Security Models
Sample of Companies offering Hacking Insurance
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Citadel vs Insurance
Citadel vs Insurance Security Models
Questions to AskDoes the organization carry any business insurance to cover:
… financial loss or business interruption due to network security problems?
… technology errors or omissions?
… Intellectual Property losses as a result of computer/network security breaches?
… computer fraud and extortion?
… improper disclosure or damage to digital assets?
… loss of business income (services or sales of hard goods)?
… additional cost of security or counter-measure consulting or products?
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Citadel vs Insurance
Citadel vs Insurance Security Models
Bottom Line: Both Models are Still Needed Insurance Model Provides
Added Business Protection Companies Should Review Current Insurance
and Consider Additional Coverage Should Be Part of Vulnerability Assessment
CitadelModel
InsuranceModel
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Citadel vs Insurance
Insurance Security Model to Bang for the Buck Analysis
InsuranceModel
BBARisk
Analysis
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck (BBA)Analysis
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Mission StatementTo develop an objective budgeting strategy to
optimize impact of budget dollars spent
and assure maximum allocation and
utilization of budget resources.
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
From Inside Internet Security …What Hackers Don’t Want You to Know
by Jeff Crume (Chapter 4)
Bang for the Buck Analysis
“Each company must strike an appropriate balancebetween risk and opportunity.”
Risk
Analysis
Post
Mortemvs
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
“… a few calculations that can help guide,(but not dictate) the decision making process.”
Bang for the Buck Analysis
• Bang for the Buck Ratio (BBR)
• Vulnerability Index (VI)
• Relative Value (RV)
Calculated for each (potential) countermeasure Provides basis for budgeting strategy Will vary by organization, industry, etc.
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Bang for the Buck RatioBBR = CC / CP
CC = Cost of CompromiseCP = Cost of Protection
Cost of Compromise rises vs Cost of Protection then BBR will be bigger
Cost of Protection rises vs Cost of Compromise then BBR will be smaller
CC and CP are from Your Budgetary Estimates
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Vulnerability Index VI = CC x PC
CC = Cost of CompromisePC = Probability of Compromise
As Cost of Compromise rises relative to Probability of Compromise, VI Increases
VI highlights vulnerabilities
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Relative Value
RV = VI x CPVI = Vulnerability IndexCP = Cost of Protection
Relative Value used to compare proposed countermeasures
Weighs Cost relative to Vulnerability
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting Scenario1. Perform Vulnerability Assessment / Poll2. List Vulnerabilities and Proposed Countermeasures3. For each Countermeasure assign:
a. Cost of Compromise (from peers, press, experience,scenarios, consultants, etc.)
b. Cost of Protection(from your budget estimates)c. Probability of Compromise (from consensus, poll, experience,
industry statistics, etc.)
4. For each Countermeasure calculate:a. Bang for the Buck Ration (BBR)b. Vulnerability Index (VI)c. Relative Value (RV)
5. Sort Based on BBR6. Determine Budget Coverage, OK? DONE 7. Work through Acceptable Scenarios / Options / Alternatives8. Adjust Assumptions
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioPerform Vulnerability Assessment / Poll
Past Experience “Scenarios” Security Report Card or similar tools Staff Consultants Law Enforcement Press / Research
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioList Vulnerabilities and Proposed Countermeasures
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioFor each Countermeasure assign:
Cost of Compromise (from peers, press, experience,scenarios, consultants, etc.)
Cost of Protection(from your budget estimates)Probability of Compromise (from consensus, poll, experience,
industry statistics, etc.)
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioFor each Countermeasure calculate:
Bang for the Buck Ration (BBR)Vulnerability Index (VI)Relative Value (RV)
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioSort Based on BBR
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioDetermine Budget Coverage
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioWork through Acceptable Scenarios / Options / Alternatives
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioAdjust Assumptions
Return to Step 3
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioFor each Countermeasure assign:
Cost of Compromise (from peers, press, experience,scenarios, consultants, etc.)
Cost of Protection(from your budget estimates)Probability of Compromise (from consensus, poll, experience,
industry statistics, etc.)
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioFor each Countermeasure calculate:
Bang for the Buck Ration (BBR)Vulnerability Index (VI)Relative Value (RV)
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioSort Based on BBR
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioDetermine Budget Coverage
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioWork through Acceptable Scenarios / Options / Alternatives
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Sample Budgeting ScenarioAdjust Assumptions
Return to Step 3
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Bang for the Buck Analysis
Keys to Success Get Management “Buy In” on Process Use “Security Report Card*” or Similar Tool
for Vulnerability Assessment Workshop / Training on Process Keep all Parties informed of Progress Document Basis of CP, CC and PC Do NOT Change Process After Start
* Described in Executive Security Awareness Section
Side benefits are getting you and your management on thesame budget team and having a defensible budget strategy.
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Break15 Minutes!
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Red Team /Tiger Team
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Executive Security Awareness™
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Questions & Answers
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Questions & Answers
Questions & Answers
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Conclusion
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Conclusion
Bring Security to The Board RoomBring Security to The Board Room
1. Use “Sound Bites”2. Share “Sound Bites” That Work3. Talk Liabilities4. Use Case Studies, not just facts5. Be the teacher, not just the expert6. Ask for opinions, engage in dialog7. Openly discuss scenarios, alternatives8. Always have an opinion / solution9. Always be selling10. Involve your entire team
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Conclusion
Help Make “The Shift” …Help Make “The Shift” …
… … From Citadel to Insurance ModelsFrom Citadel to Insurance Models
CitadelModel
InsuranceModel
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Conclusion
Adopt the BBA as the OfficialAdopt the BBA as the OfficialSecurity Budgeting StrategySecurity Budgeting Strategy
Get Management “Buy In” on Process Use “Security Report Card*” or Similar Tool
for Vulnerability Assessment Workshop / Training on Process Keep all Parties informed of Progress Document Basis of CP, CC and PC Do NOT Change Process After Start
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Conclusion
Use Red Teams / Tiger TeamsUse Red Teams / Tiger TeamsTo Increase Budget SuccessTo Increase Budget Success
A
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Conclusion
Work to IncreaseWork to IncreaseExecutive Security AwarenessExecutive Security Awareness
A
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Conclusion
Take Take CONTROLCONTROL of your of yourSecurity BudgetSecurity Budget
BEFORE ITBEFORE ITTAKES CONTROL OF YOUTAKES CONTROL OF YOU
© 2003 James P. Cavanagh, All Rights Reserved [email protected]
Thanks for Coming
Thanks forComing
James P. [email protected]