Audit: DRP and BCP for SCU Credit Union Term Paper

Introduction

The world today is becoming more and more dependent on technology for the management of many areas like business, communication, defense, internal security, and general administration. This technology is now dominated by the area of information technology. The use of computers in diverse fields has been increasing over the years and now has become an integral and unavoidable part in all the fields mentioned above. But increasing dependence has brought about other serious concerns like security of systems and hardware. Information technology systems have been under threat from many areas that include natural and man-made threats. It is now imperative that organizations do some sort of security and prevention systems for the protection of their hardware and software. The concept of disaster recovery systems is now being adopted by many organizations that include both the private and public sector. What most of them do is to formulate security auditing manuals for security audit and business continuity plans for minimal disruption of work in case of data loss. This paper is with regard to the development of a security audit manual for the SCU Credit Union, which is engaged in financial business in the United States.

The events of the 9/11 attacks shocked the entire world, but also put a new perspective on how disasters strike. Terrorism was added into the list of potential disasters, especially if an organization is situated in a high rise complex. Risk in an everyday part of the life of human beings. One can get hit by a car when crossing the road, or slip when coming down the stairs. As for organizational risks, the consequences are much more since it affects all stakeholders in varying degrees. It is essential to identify each and every risk that an organization can possibly face, terrorism included. It should be noted that not all risks have the same level of consequences. Some risks have petty consequences while others are more serious in nature. Communication, information, and knowledge are extremely important factors for organizations and these are the areas that should be protected more. (This is apart from providing protection to the employees through the adoption of workplace protection and safety measures). The three factors mentioned above are made possible in today’s organizations through the maintenance of an information technology infrastructure. It includes the hardware, software, required to comply with eh communication and information needs of the organization. It also includes all the personnel directly and indirectly involved in maintaining and running the system. Hence all organizations should ideally have in place a disaster management system. It should in such a case compulsorily maintain a disaster management audit manual and a business continuity plan. The first is primarily to prevent or lessen the chances of a disaster occurring in the first place. The second is the procedure to be followed in case of a disaster strike and is mainly to continue business operations with minimum of disruption. This section above was given mainly to highlight the importance of security of the IT systems in the organization. As mentioned earlier, this is a disaster recovery audit manual and its provisions and procedures should be put into operation in the organizing.

Prevention

Effective disaster management is necessary for preventing in time the occurrence of the disaster event and/ or reducing its impact. Disasters that may affect the organizational operations have to be identified and analyzed formerly in order to formulate adequate preventive measures before its occurrence. The potential problem that could cause business services to be shut down is termed as disaster. Disaster may be of different types such as tornado, hurricane, flood, fire, hacker, or disgruntled employee. In order to prevent the disasters the organization is required to follow adequate policies and strategies.

Prevention of fire hazards

In any organization, fire hazards are a possible event and its prevention is very important for organizations to securitizing its valuable resources. Fires can happen in an environment in many ways. It can happen through accidents, carelessness, and intentional acts of people who have some who has some grudge with the organization or through the use of poor material especially in the case of electrical wiring. For example, poorly insulated wiring can cause electrical short circuits if the load is more than normal. The wiring heats up resulting in the melting of the insulation causing short circuits which can eventually lead to a major fire hazard. It is best to check the quality of the wiring and other insulating factors and change the same if it is not up to standard. The work area has to be kept clean and free of ire hazards. A major percentage of the fire hazards in organization are resulting from electrical circuits. Thus the organization has to avoid overloading electrical outlets. The work environment has to keep as cool and dry at all times. Guidelines regarding the electrical safety measures should be provide by the organization to all of its employees. The organization has to ensure the follow up f the guidelines by zero exposure of the worker. The electrical safety program should be designed with procedures covering risks and hazards associated with work environment.

The evacuation routes in the building must be secured with free hall ways and fire escapes.

Adequate training should be given to the organizational personnel to adopt restrictive measures against the overturning of office equipment and furniture. The restrictive measures should be properly planed and designed and well communicated to all of the personnel in the organization. It must be accessible to all of the individuals in the organization. (Against a disaster, (n.d)).

In the building equipment designs, emergency exit door have to be fixed with automatic unlock system. Detection apparatus comprising sensors have to be fixed which is capable of detecting the presence of fire or smoke in the premises. The fire doors have to be fixed strategically capable of accessing to all of the employees in the organization. (Fire disaster prevention system and a method to prevent loss of life, 2009).

To prevent employees from the panic of sudden disaster events, practical disaster management training should be provided to all of the personnel in the organization. It will make them to be well responding against the hazardous situations. They must be fully aware about the possibility of hazardous events in the organization. The role of each employee has to be specifically defined and implemented in case of security measures in the organization. (Against a disaster, (n.d)). Another fallout of fire prevention measures is the accidental triggering of sprinkler systems installed in the office premises. It is okay if the sprinkler system is triggered in case of a real fire. But sensitive systems can incorrectly read for example, cigarette smoke as a fire hazard and trigger the system to sprinkle water thereby damaging installed IT hardware. The level of detection should be set in such a way that the protection system correctly reads the smoke as coming from a cigarette (or other not so serious threats) and not from a real fire.

Work place safety management system

The work place safety management has to be clearly defined and implemented in order to avoid the safety issues relating to the work place. Accident prevention techniques have to be formulated by following the work place safety standards regulations. Work place safety programming has to frame with the involvement of top management.

Preventive measures of earth quake and other environmental hazards

1. Replacing the heavy weight objects in the ground floor to prevent injury from the falling of the objects.
2. For all critical computer equipment, equipment tie downs have to be applied.
3. Emergency power system has to be made available in the site all time.
4. Earth quake structure procedure has to be followed to reduce the impact of the disaster.
5. Important data resources and vital records are required to be backed up for kept stored in off site.
6. Proper training should be given to the staff to face the risk efficiently (Preventive measures example, 2008).

In order to provide safety working environment to the organizational personnel the building should be designed with appropriate techniques by following security standards. Adequate rescue measures have to be followed for safety of those trapped in elevators by framing earth quake resistant elevators. Advanced earth quake prevention techniques have to be framed and implemented in the organization. (Against a disaster, (n.d)).

In the work area, the equipment has to be secured by following safety regulations. In case of software updates and hardware, appropriate locking devices have to be applied. Sufficient safety measures have to be followed in case of IT equipments. Prepare emergency measures for IT equipments in order to avoid the safety issues. Information technology systems have to integrate with the preventive measures. Disruption on the technology will generate harmful results on the productivity of the organization. The attack of terrorists is another major threat that affects the safety and security of the organization. As seen from the September 11 attacks mentioned earlier, this form of new threat should be considered in any disaster prevention measures. In case of data resources security issues may be generated through the intervention of hackers. Penetrate of network fire walls, email viruses and pass words stealing are the major sources of issues affecting the data security. In order to prevent these threats, the data resources should be carefully stored and managed. (Workplace disasters and crisis management, 2009).

In order to prevent the terrorist related disasters, organization should have to follow thorough scrutiny of the security system in the organizations.

If access is restricted avoid social engineering / tailgating: Tailgating is the “Unethical practice by a broker of placing an order for the same security that a customer of his/hers just placed, hoping to profit from whatever information the customer might be trading on.” (Tailgating: Definition, 2009).

Tailgating is a crucial issue that affects the security of the organization. The T-DAR mantrap system is offering highest level security to the organization by preventing the act of tailgating through a protected portal system. In this system an additional door and supplementary walls are added with the existing security entrance portal system. (Tailgate prevention system, 2004). Social engineering is a method by which a potential trouble maker befriends key employees in the organization in order to obtain sensitive information. He or she will manage to get the trust of the victim over a period of time and obtains sensitive information like passwords. The unsuspecting victim is duped into providing this information in the belief that no harm will be done in doing so. An suggested by system security experts, the organization should change its system passwords periodically, say once a month. The audit team on their part should see to it that this password change does happen as specified. It should be noted that social engineering is not just related to information technology. It can happen in any instance where persons intent on creating problems use such methods to gain sensitive information with intent to harm.

Risk Assessment

Equipments and types of risk to which they can be subject to

As far as I am concerned, the Servers, web servers, bastion hosts, branch locations and computer are the highly risk equipment in SCU. Any disasters on above mentioned equipment (natural or man made hazard) will make huge impact on companies stability. It will directly affect to the companies economic reputation. Server is the place where information (data) are storing safe and secure. SCU has 50 centralized servers which are containing financial information such as customer’s name, loan holder’s name, credit and debit information and share holders etc. All the branches of SCU had connected by this main server. So the server is the essential part of the organization. There is a chance of loosing data if any disaster has occurred. After 26/11 (twin tower attack in US) terrorist attack has been raised rapidly. We must give adequate security to this area by the reason of external and internal threats like computer hacking, power Outages, virus, terrorist attack and natural threats. These threats will make extensive damage to the company and human life. Printers, Routers, Modems, UPS these are the supporting equipment of the server. It will not carrying any information. Comparatively it will not make much impact on company’s constancy while any disaster is occurred.

Generally, two types of disasters effecting in any organization

1. Natural disaster: natural disaster is very hard to avoid. We can only take possible precautions to prevent maximum losses. Flood, fire, hurricane, volcano, earthquake etc. these are considering as common natural disasters. It is highly threatening for human life and assets.
2. Man made disasters: the main reason for these disasters is failure. It can be mainly occurred by human error and involvement. This error or involvement might have intentionally or unintentionally. But which can affect gigantic failures such as loss of communication and utility. Protest, damage, virus, theft, interruption, etc. these are common human induced disasters.

Generally credit union companies are delivering financial services similar like banks. They offering saving accounts, share draft, credit cards, loans, certificate of deposits, and online banking to their customers. SCU Credit union company has to give a primary priority of being prepared from the expected and unexpected. Disaster recovery planning is a division of wider process known as business continuity planning which include continuation of application, data, network communication and other IT infrastructure. Generally any disaster (natural or manmade) can be occurred and destroying main area and data centre of any business organization. Data centre is a brain of the organization where data is keeping up to date and safely. Here, there is a possibility of man made disasters like hacking, system intrusion, and unauthorized system access, computer crime etc. the hackers, computer criminals, Terrorists, industrial espionage, employees (poorly trained, negligent, dishonest, or terminated) are behind of this human threats.

The hackers, they have motivation like ego, challenge, rebellion would guided him to do hacking, social engineering, system interruption, unauthorized system access such kind of activities.

Companies today are more in danger to computer crime and employee fraud than ever before. None of the company is resisting today from computer crime both external and internal threats to safe their data and information. Their motivations are destruction of information, illegal information disclosure, monetary gain, unauthorized data alteration etc. these motivations leads them into computer crime like cyber stalking, replay, impersonation, information bribery, spoofing, system interruption kind of activities.

Today, all the nations and organizations are facing the common issue is terrorism. Their intention is to do blackmail, demolition, utilization, vengeance etc. the terrorist attack to the organization causes bombing, information warfare, system attack, system penetration, system tampering etc. the other man made disaster is an industrial spying. Foreign country or other organizations are behind of this activity to get maximum competitive advantages and economic espionage from their competitive nation or organization. It is affected to Economic exploitation, information theft, interruption on personal privacy, social engineering, system penetration, access to unauthorized system etc. the poorly trained, negligent, dishonest, or terminated employees are making disasters in IT infrastructure. Sometimes their intentions like curiosity take them into danger. Otherwise the common factors like ego, cleverness, economic gain, and vengeance are motivating to do such type of hazards. The other danger situation is still using active logins and passwords by the former employees which help them enter into the organization network and can access easily. The server room should always keep very safe and secure. Otherwise there is a possibility of theft, fraud, and unauthorized access from unauthorized users, disgruntled employees or computer criminals. (Risk assessment of E banking, 2008).

Natural disasters are commonly terrifying and hard to predict because we have no power over when and where they occur. The natural threats like flood, hurricane, tornado, volcano, earthquake, fire are making highly losses on companies. There is a chance of destroying buildings and data during the period of natural threats. Earthquake is a trembling and vibrating of the surface by the rapid dislocation with in the inner part of the earth called crust. Earthquake is causes to extensive damage like building collapse and human life.

Hurricane is a seasonal giant storm developing from easterly waves.generally they follow a funnel shaped path. The force of the hurricane varies. “Wind speed of a hurricane range from seventy to one hundred fifty miles per hour.” (Hurricanes, (n.d)). This natural threat cause human death and extensive damage of property.

Generally, the people of United States were victim of tornados. They are suffering a lot by these deadly and fascinating forces. It makes high volume of destruction and death. It is also called as twisters or cyclones. Flood is another natural hazard. It is caused by excessive rain or destruction of dams in a particular place.

Disaster management Budgeting

The IT department is using 15% of total IT funds to fund the DRP to help bring services back online in case of an emergency. Cost of downtime to the business has a heavy to disastrous impact since financial transactions happen numerous times per day by our clients. As well as in case of emergency the clients of SCU will also need access to their financial information and funds. The total funds used for the DRP is 15 % of the total IT funds.

Budget for the procurement of equipment and items which is needed during an emergency disaster

Table showing the budgetary requirements for preventing the occurrence of a disaster event

Replacement costs of equipments in case of Disaster

Emergency Vendor sheet

A Vendor is company or someone which sells product or services to some other company to get economical benefit. Mainly SCU has two vendors. Dell is the major vendor of SCU which delivers highly efficient service for servers and computer components. Emergency Vendor sheet: we can not expect that when disaster will occur. So SCU has to maintain emergency vendor sheet. We have to register every detail of the vendors in vendor sheet. Vendor name, product based or service based, address of the vendor, contact person, phone number, alternate phone number, 24 hour number, FAX number and other number should be mentioned on the vendor’s sheet.

The Plan

Disaster recovery planning is a very important part for any organization. Many organizations were shutdown due to the lack of proper disaster recovery planning. “According to the Disaster Recovery Journal (2002), 43 percentage of businesses that suffer a massive data lose will never reopen their doors.” (Foust, et al, 2006, p.30).

Recovery strategy

Immediately after the disaster is confirmed the security team starts it recovery operation. This recovery is start from the cold site not from the main site. For this purpose the security team use maximum twenty four time format. This is because avoid confusion between evening and morning hours. For example there will be two similar figures, 6AM and T PM to denote the time. If AM is mistakenly written instead of PM then their will be problems with the schedule. But if the times are written as 06 hours and 18 hours this confusion can be avoided. Till finishing the recovery the security team has full power over the cold site. The recovery is started from the preceding working day. Then it gradually moves to all day to day functions. After this recovery the system gets regular operating status.

SCU’s disaster recovery strategy aimed to save the systems and the data kept in it. Here already mentioned that recovery is started form the cold site. Assume that the main site is fully damaged or entire equipments and the data are lost. In the SCU the cold site is situated at WS and NC. SCU has a agreement with the Dell computer group. According to this agreement Dell computers are responsible for provide all the necessary additional equipments. These equipments must the deliver within 24 hours after they receive the notification. It is very important for the proper functioning of the SCU. Major equipments in the SCU or related to the SCU which may have a chance for effecting the disaster are e 50 centralized servers, financial information, two web servers, two Bastion Hosts, Branch locations, one HQ Raleigh N. Carolina, 400 user computers w/ monitors, printers, routers, modems and UPS(Uninterrupted Power Supply). All of these equipments may lose due to different type of disasters. So security team must have a predefined strategy to recover these equipments if they lose. If SCU lost the network connection security team repairs the network.

Stages of recovery

Servers are the most important equipment in SCU. If SCU lost the server its hardware and software part can be recover from the Del computers. But the data kept in this computer recovering is not an easy task. SCU credit union keeps a lot of financial information. It contains very crucial information related to the customers and their financial state of the customers as well as the company. For recover these matters SCU can depends the backup storage facility. Store the back up usually one in a week. Transfer these backup into the main site. SCU has two web servers. If these web servers are lost, it will effect the smooth functioning of the Internet service in the company. Web server fetches the requested web page from each browser and sends these web pages to the corresponding web browser. Del computers can install the server software into the computer immediately. Then it connects to the internet. So inform the Del computers immediately about the web browser complaint.

Bastion host is important equipment for the network security. It is a gateway. It is used to guard the internal network from any type of attack. Bastion host may be lost due to various reasons. Flood, fire earthquake etc are some reasons. In SCU chance for loosing bastion host due to earthquake is very low. Anyway if the bosten host is lost, inform it to the Del computers immediately. They can add new one or repair the damaged service quickly. Otherwise it increases the damage rate.

SCU has 10 branch locations. The branch locations have computers and related facilities. The disaster planning should include the recovery of these branch locations also. For that first the security team check whether any effect is their in the branch locations. Branch location is connected to the main site through the Internet. The chance for lost due to power outage is very high compared to other reason. It the duration for power outage is extending then it effect the functioning of the computers in the branch location. So SCU planned to inform the Del computers to install new generator to these branches. SCU also inform the Del computers to add the capacity of the existing UPS’s.

SCU’s Headquarters is located at Raleigh N. Carolina. There also has a chance for occurring disasters like flood and earthquake. But there is less chance for fire. If any type of disaster is occurred in the headquarters, recovery is start from the cool site. The responsibility for the cool site is also to the Del computers. If such a catastrophe is occurred, SCU is planned to inform the Del to repare and reconfigure the damaged systems and network connection. To recover the information only one way is to take the back up file. So SCU is strictly planned to keep the back ups regularly. After repairing all damages occurred in the main site, transfer the backup files into the main site.

SCU has 400 user computers with monitors. Possibility for virus attack is very high. There exists a chance for loosing the valuable data’s due to virus attack. SCU planned to inform the Del computers to update the anti-virus software regularly, confirm the existing firewall system is always turned on, and update the anti spy ware technology regularly. SCU also inform the Del computers to up-to-date the operating system used in the organization. (4 steps to protect your computer, 2009).

SCU has 100 printers.Here one printer is shared by four user computers. If anyone of the printer is damage or stuck, it will affect the working of four computers. So SCU planned to inform Del computers to install 10 extra printers. SCU had router for sending packets through the LAN and the WAN. Currently SCU has exists the wired router system. To increase the security they planned and inform Del computers to install the wireless router system.

SCU’s current modem sends 2400 bps. Here is a possibility for modem damage due to thunderstorm and some other reason. It effects the functioning of the organization. SCU planned to prevent the following actions.1) Connect the modems at the time of lighting storm.2) Connect the modem in the wet environment. 3) Plug the modem into the Ethernet connector. 4) Connecting the modem at the time of installing an internal device. (Precautions for Products with Modems, Telecommunications, or Local Area Network Options). (Preparing for installation, 2009).

Currently SCU has 10 UPS connection. Each of them works one hour. If a power failure is occurred and it continues to more than one hour it will effect the functioning of the entire organization. So they decide to increase the capacity of the battery to store the power for five hours working. They inform it to the Del computers.

Here early mentioned that the recovery is starting not from the main site. It is from the cool site. Currently the cool site has the following facilities for recovering the DRP.

Electronically secured premise

Digital recorded on site monitoring of premise

T-1 network connection ready to use

Operational A/C for server rooms and premise maintaining well over 40,000 BTU’s which meets the requirements based on the industry standard calculation of cooling requirements these calculations can be found in the file for server rooms requirements or by asking any member of the security team the basic equation is listed below.

“Total Heat Load = Room Area BTU + Windows BTU + Total Occupant BTU + Equipment BTU + Lighting BTU”

To the recovery of the DRP security team should have a well planned recovery strategy. Team follows the above mentioned stages in a cool or hot site with the guidance of their team leader. It helps them to fulfill their recovery process at maximum speed.

Testing of the backup systems (Full and Incremental hot and cold site)

Peter Searborough will be responsible for testing of the backup systems, testing of the T1 connection and testing of the security system.

Regular assessment and testing needed for a successful storage backup program. Backup program ensures its accurate function and stored data can bring back if necessary. To do this, SCU need to occasionally bring back some folders and files from back up media to confirm the backup process is performing properly. A backup systems assessment and testing method ought to take no more than 30 minutes to execute.

The first step is in the occasion of a tape backup failure, “you have a set of virus-free files to bring back to the system.” (Back up and restore: Evaluation and testing tips for small and mid sized businesses, 2008). You confirmed that the sample file was copied properly. This is extremely essential because the files will ultimately be erased from their unique site. A graphic file has to contain as part of your test set. Graphic files, in addition to text files, grant an image mode to effortlessly identify corruption if it occurs during the backup and restore process.

A cold backup site is an average big and an appropriately designed room in a building. The whole thing necessary to restore service to your users must be keep to the site before the procedure of recovery can start. The holdup from a cold backup site will affected to make extensive of total operation.

A warm backup site is reserved with hardware. To restore examine, we must carry the last backups from the off-site storage facility, and bare metal restoration finished, earlier than the process of recovery can start.

Hot backup site are very similar to the data center. It is already well designed and expecting for the last backups from the off-site storage facility. This is very costly movement to disaster recovery. Backup site are mainly depending three special sources. 1. Companies focusing in providing DRS. 2. Extra site hired and controlled by our company. To make a good relationship with other organization this is helping to share data center facility by the time of disaster.

Person has significant security and networking knowledge who is conducting security testing. He must have the ability in the subsequent areas: scanning of network, susceptibility scanning, password hacking, log review, integrity checkers, virus recognition, war dialing, war driving, penetration testing. (Wack, Tracy & Aouppaya, 2003). T1 testing is significantly important for the supplier and the client to equilibrium to the risks arising out of this circumstances. T1 testing is very expensive process, but also to create the T1 line fault free. T1 testing is a somewhat difficult process for a technical part. You must have an adequate technical knowledge of interne to connect T1 lines and get it functioning accurately.

the primary thing is to find out the break down problem whether it is from the PC or the T1 connection. To make sure CSU/DSU, the router and hub whether it is plugged into the telephone properly or not. If it is proper, switch them on and off alternatively more than four times. Generally, this is the method using for solving this kind of problems. The Bit Error Test (BER) test is the accepted one to identify the signal problems on T1 cables. John Van Berkum is taking care of the testing of server room connections, testing of UPS and generators.

Generally, Testing of UPS goes through into three phases. Physical preventive maintenance, protection setting and calibration, and functional load setting these are the tests conducting on UPS test. Again functional load testing divided in to six unique operations, includes steady-state load test, harmonic analysis, filter integrity, transient response, module fault test, and battery rundown. (Effective testing of an UPS system is a complex and potentially dangerous operation, 2009). There are many tests are performing on Generator. The tests consists of Open- circuit saturation tests, field short-circuit tests and d-and q-axis current interruption tests. Apart from this the tests like excitation systems tests, governor test, reactive power capability test, power system stabilizer tests are testing on generators. (Generator testing and model validation, 2005).

Conclusion

The above mentioned audit manual gives a comprehensive risk management audit procedure for prevention or minimizing potential risks to CSU Credit Union. It has spelt out in detail and under different subsections/headings the different requirement that is needed in disaster management. It has also clearly laid out responsibilities for different personnel. It has also mentioned them by name. It is strongly suggested that the procedures mentioned in the manual be followed verbatim and within the time schedules mentioned. What is important is that the loss of data will severely affect the performance, day to operations, and even the goodwill of the company. Being a finance company, there are a large number of stakeholders involved. They have been dealing with the company for a long time and have large financial transactions involved. Loss of data will be a serious matter to them also. The employees will also be affected by loss of performance and the stress they have to go through in case of disaster related problems. They will have to work very hard to get the company back into its normal state. The management should take this opinion very seriously and see to it that the audit is put into operation in its entirety as soon as possible. It is better to be prepared for an eventuality and prevent it or minimize its consequence rather than do corrective work after a disaster has struck. It is true that an organization may not be able to prevent a disaster always, but it is better have systems in palace that can at least identify a potential problem and try to prevent it or be ready for it when it strikes. Once again the importance of implementing this audit plan is stressed and the management should see to it that it is done at the earliest.

References

1. Against a disaster. (n.d.). Tokyo’s Metropolitan Government.
2. Back up and restore: Evaluation and testing tips for small and mid sized businesses. (2008). Imation.
3. Effective testing of an UPS system is a complex and potentially dangerous operation. (2009). Eng Tips Forum. Web.
4. Fire disaster prevention system and a method to prevent loss of life. (2009). Free Patents Online. Web.
5. Foust, Mark., et al. (2006). MCSE: Windows server 2003 network infrastructure planning and maintenance study guide. John Wiley and Sons. 30. Web.
6. Generator testing and model validation. (2005). Powertech.
7. Hurricanes. (n.d.). Think Quest.
8. Preparing for installation. (2009). Cisco.
9. Preventive measures example. (2008). HIPAA.net.
10. Risk assessment of E banking. (2008). Sooper Tutorials.
11. Tailgating: Definition. (2009). Investor Words.com.
12. Tailgate prevention system. (2004). Newton Security.
13. Wack, John., Tracy, Miles., & Aouppaya, Murugiah. (2003). Guideline on network security testing: Computer Security. NIST Special Publication.
14. Workplace disasters and crisis management. (2009). Reinhart: Boemer Van Dueren S C Attorneys at Law.
15. 4 steps to protect your computer. (2009). Microsoft.