[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Why Network Behavioural Analytics Should be a Critical Part of Your Security Strategy?
Network behavioural analysis – a systematic, architectural approach to network security – involves deep packet analysis to identify advanced persistent threats (APTs) and zero-day attacks.
Similar analytical capabilities are used by the financial and banking sectors to spot fraudulent transactions and card activity.
From an IT perspective, the sophisticated cyber attacks that have plagued Apple, Facebook and Microsoft (with the goal of carrying out industrial espionage) have been detected through behavioural analytics.
Remember, a complex network is a type of self-organising system.
Network behavioural analysis uses a range of techniques to find unusual or altered network activities.
These are often indicators of an advanced persistent threat.
Businesses will never be able to stop every single hacker at the network perimeter, so it is essential to spot abnormal activities occurring on the network before they develop.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ca9c81d49a&e=20056c7556
Most UK Workers Feel More Vulnerable to Data Hacks Than a Year Ago
According to new research from Citrix, the majority (71%) of respondents cited data theft as “inevitable” at some point.
And one in three (33%) 16 to 25-year-olds feel much more vulnerable to hacks, compared with just 15% of over-55s.
While workers clearly feel more at risk of personal data theft than ever before, it seems their approaches to combating this threat are outdated: Two in three respondents (68%) cited physical documentation as a risk and chose shredding as a preferred means of disposing of information, almost a third (30%) of respondents are still reliant on USB memory sticks to back-up important data and just nine percent use the cloud.
“While workers clearly accept their data is at risk, many are still reliant on dated practices—such as using USB sticks and shredding paper documents—to store and protect their information, when more advanced and robust measures are available,” Mayers said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ca79e56365&e=20056c7556
New Calif. law mandates warrants for access to private communications
The new law, backed by a number of tech companies and civil liberties groups, requires a judge to approve such access to a person’s private information, including data from personal electronic devices, email, digital documents, text messages and location information.
California Electronic Privacy Act (CalECPA, SB 178) was passed in September by the state assembly after the senate passed it in June.
The bill was co-sponsored by the American Civil Liberties Union of California, Electronic Frontier Foundation and California Newspaper Publishers Association.
While providing some exceptions for law enforcement in emergencies or for other public safety requirements, the law also prohibits access to electronic device information by means of physical interaction or electronic communication with the device, except with the specific consent of the authorized possessor of the device, or through other relevant provisions such as a warrant.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b906e0ad2b&e=20056c7556
Joint Partnership Bolsters Cybersecurity in Indiana; State, Purdue and Intel Team Up for Security Operations Center
WEST LAFAYETTE, Ind.–(BUSINESS WIRE)–Today, Lt.
Gov.
Sue Ellspermann, who chairs the Indiana Counterterrorism and Security Council, joined Purdue University Chief Information Officer Gerry McCartney and Intel Vice President Rick Echevarria to announce the opening of the state of Indiana Security Operations Center (SOC) near the Purdue campus.
The SOC is a project of the new Indiana Information Sharing and Analysis Center (IN-ISAC) – a joint mission of the Indiana Office of Technology, Indiana Department of Homeland Security, Indiana National Guard, Indiana State Police, Purdue University, Intel Security and other private sector partners.
At the outset, the IN-ISAC is focusing on serving Indiana state government and Purdue University through the sharing of threat information and collaboration on strategies.
It provides real-time network monitoring, vulnerability identification and threat warnings of state government computer systems.
Located in Purdue Research Park, the SOC is staffed by a combination of state employees and Purdue students who monitor security incidents across the state of Indiana’s computer network.
The students are employed as part of the Purdue Pathmaker Internship Program, which provides career-relevant internships to students on or near campus.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1a604a26e9&e=20056c7556
How to hack-proof your cloud with native AWS tools
On Wednesday, CloudCheckr CTO and founder Aaron Newman presented a breakout session at the 2015 Amazon AWS re:Invent conference detailing some of the ways that AWS users could secure what they have on the platform, using native AWS capabilities.
If you use the AWS platform then, by definition, you share responsibility for security with AWS.
As a customer, you are in charge of security for your applications and content, network security, inventory and configuration, data security, and access control.
AWS is responsible for securing its core products and infrastructure.
So, how do you assess your perimeter security in this new landscape.
Leverage the AWS API.
Since we are building out security on the AWS API, it’s a good idea to monitor the API itself.
AWS CloudTrail records each time your API is called and supports most AWS services.
Newman said it’s “like the video camera in your data center.” The problem is, most people don’t turn it on in the beginning.
Newman recommends turning it on in every region and setting alerts for any time it could be disabled.
Another good monitoring tool is the VPC flow logs, which record each time packets enter or leave a VPC.
It’s the “metadata about who’s talking to who,” Newman said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ae2522dc1b&e=20056c7556
The result: 789 of the 3,125 employees baited — or 25 percent — clicked on a phony link in the “phishing” email, according to an IG audit publicly released Wednesday. Most of the would-be victims were administration personnel and operations workers.
This May, the USPS Office of Inspector General sent bogus emails to a sample population of agency employees as a way of evaluating compliance with incident reporting policies.
After clicking on a test email or even just receiving one, almost nobody (7 percent) reported the incident to the USPS Computer Incident Response Team, as required.
USPS officials said the evaluation took place right at the start of a new cybersecurity training course, adding that the 25 percent click rate is comparable to industry benchmarks for organizations just beginning their training.
The new course focuses on how to identify phishing traps, officials said.
About 18 percent of federal IT professionals ranked phishing among the primary security threats affecting their agencies, while negligent insiders were the most pervasive hazard, garnering 44 percent of votes, according to an Oct.1 Ponemon Institute study.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e1313e94b5&e=20056c7556
IP Expo Europe: The way you buy threat intelligence will change, says BAE Systems
BAE Systems has made a series of bold predictions about the future of threat intelligence.
Russell Kempley, BAE’s head of technical services for the EMEA region, gave a talk today at IPExpo, titled “The Future of Threat intelligence: how you ingest, analyse and act on threat intelligence?”
Kempley predicts that the future will see a split forming in how organisations and companies use threat intelligence.
Some will not have the need for round-the-clock comprehensive access to threat intelligence; those who think it’s not core to their business, says Kempley, will get their threat intelligence indirectly through vendors.
The advantage of this is, of course, that the vendor can share intelligence across their customer base.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0aeacc8ab5&e=20056c7556
Comparing Different Tools for Threat Sharing
I took a look at two tools for the sharing of threat intelligence data: MISP and IBM’s X-Force Exchange.
Although both tools aim to achieve the same result — sharing data — they use different approaches to achieve that goal.
MISP, the Malware Information Sharing Platform, needs to be installed on a server in your infrastructure.
You need a Web server, database and PHP support with a couple of modules.
All of the data is stored on your premises and is under your control.
The hardening of the server, securing the access and communication and foreseeing backups and redundancy are your responsibility.
Obviously, you fully control what happens with the data.
On the other hand, IBM’s X-Force Exchange is a cloud-based platform.
You need an IBM ID to get full access to the available threat data (anonymous access is also possible but with restrictive usage) and only a browser to get started; there’s no need for installing extra software.
All the data is stored in the cloud, so you do not have to worry about backups or redundancy.
MISP is very strong when it comes to building a central indicators of compromise database containing both technical and nontechnical information.
Meanwhile, the Web version of X-Force Exchange provides a much slicker interface for viewing trends and ongoing threat activity, giving you an immediate view on what’s happening.
The different tools available for sharing threat intelligence do not exclude each other.
It’s perfectly normal to acquire both on-premises and cloud-based solutions and then choose, depending on the type of threat information you are dealing with, where to store the information.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=81b1acbb1f&e=20056c7556
The politics of APT reports
Juan Andrés Guerrero-Saade made the argument in a recently-released paper, which he talked about last week at the Virus Bulletin conference in Prague.
Guerrero-Saade believes the race to issue malware discoveries has become part of vendors’ marketing campaigns, and there is truth to that.
Sometimes the purpose of issuing a report is to show a vendor, or individual security researcher, is a leader.
That doesn’t negate the significance of the find.
But Guerrero-Saade’s point is attribution has to be more carefully analyzed.
In fact one point he makes is that PR and marketing departments should be pulled out of the loop when it comes time to decide what should be in a report and when it should be released.
An example of his concern, Guerrero-Saade told SecurityWeek in an interview, is that threat actors can plant false evidence to throw investigators off track, like including code with strings in Russian and Romanian.
A good CISO, of course, cares less about where a threat has come from than for actionable intelligence.
But more ruthless scrutiny before threat reports are issued will help improve their usefulness.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7e4d27e9e3&e=20056c7556
Three Questions to Answer Before You Set Up a Security Operations Center
Security expert G.
Mark Hardy, president of the National Security Corporation, suggested that there are at least three questions you should answer before you set up a security operations center.
They are:
– Will management make a long-term commitment to support the SOC?
– Which systems and networks should you put under the legal purview of the SOC?
– What authority does the SOC have to take action in the event of a security incident?
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d3e85dfaaa&e=20056c7556
What’s in a Boarding Pass Barcode? A Lot
The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead.
Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.
“I found a website that could decode the data and instantly had lots of info about his trip,” Cory said, showing this author step-by-step exactly how he was able to find this information. ‘
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b827143898&e=20056c7556
Five criteria for purchasing Web fraud detection systems
Some Web fraud detection vendors focus specifically on the banking/financial services industry or e-commerce, whereas others offer products that claim to tackle nearly any type of sector that maintains online accounts and conducts transactions.
In its Market Guide for Online Fraud Detection (revised on July 21, 2015) and previous publications, Gartner highly recommends using multiple fraud prevention layers designed to help prevent or stop further damage from Internet-based malware attacks.
The most significant layers involve endpoints (Layer 1), navigation (Layer 2) and users or entities (Layer 3).
According to Gartner’s layering scheme, an endpoint product analyzes computer, mobile device or telephony device characteristics, such as recent login data, and provides validation of a user’s account privileges.
A navigation system analyzes session navigation for anomalies.
A user- or entity-centric product compares transactions to the “norm” for that user or entity, for a specific channel such as e-commerce.
Many Web fraud detection systems provide protection for all three layers; others focus on only one layer.
It’s possible to get complete coverage from various products, but it makes sense to look for a product that provides protection at all three layers.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cb07f82930&e=20056c7556
A Call for Open Cybersecurity Middleware
Swisscom proposing a standard abstraction layer for integration and more rapid incident detection and response.
Jungo described Swisscom’s cybersecurity strategy which is anchored by a “nerve center” (based upon Splunk) that centralizes all security data – network data, endpoint forensics, application logs, identity and access management, threat intelligence, etc.
Christof mentioned that this process has helped Swisscom accelerate threat detection.
To move beyond this cybersecurity bottleneck, Swisscom is championing an intriguing idea: Open security middleware through an abstraction layer, which Christof calls the collaborative security model.
This middleware has a worthwhile objective as it is designed to accelerate the ability to operationalize security data analytics.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3fb7103cab&e=20056c7556
The CISO role rises: How is it working out?
Many organizations have elevated the visibility of a dedicated chief information security function but the battle for top talent remains challenging.
Some companies are hiring fulltime CISOs for the first time.
Others are revisiting reporting structures and shoring up their ranks with CISOs who can attract talent.
If the CISO is really just a guy who manages the firewalls, then that’s a different situation, according to Rice. “If you have a grownup CISO, who is part of the business and sees his job as risk manager and is part of that solution for a company, with knowledge of regulatory and law and all these data standards, and he contributes to the conversation with the chief legal counsel and chief risk officer at the company … then that person is probably going to end up not reporting to the CIO in a large organization,” he says. “The reason for that is the board of directors and all the collateral that they are getting — magazines and things like that — ask if the [CISO] role should evolve into an autonomous role.”
Along with the expanding role, CISOs at mature organizations require business acumen and new skill sets, according to Christiansen. “They need to go into a board meeting and articulate the risks that they are seeing and explain it to all the other people who are reporting to the board, which means they have to change their language, they have to change their presentation style, and they have to be good public speakers.”
Reporting channels that bypass the CIO and go directly to the board of directors and other C-level executives often result in higher compensation, according to a 2013 salary benchmark report conducted by the Ponemon Institute.
That same study indicated that more than 80% of CISOs still reported to CIOs.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bb8b37a52f&e=20056c7556
When it comes to breaches, time is the biggest challenge
A new SANS report includes results of a survey that polled 430 security and risk professionals from the SANS community, all working in private and public sector organizations ranging in size from 100 to more than 15,000 employees.
55 percent of respondents were dissatisfied with the length of time it takes them to contain and recover from attacks.
“Most respondents said they use traditional tools to monitor traffic between data centers and internal or external clouds, and are unhappy with the level of visibility and containment speeds they get.
If our security stance is going to improve, we need better visibility, the ability to make configuration changes faster and to contain attacks more quickly.”
According to the survey, 59 percent of organizations are able to contain attacks within 24 hours, leaving many open to prolonged and increased damages as attacks spread laterally through data centers and clouds.
Containment times reported by respondents included:
Traditional tools not stopping breaches
Security losing ground in cloud, distributed computing game
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cfa169d56f&e=20056c7556
Why ATM Fraud Will Continue to Grow
A new report from the European ATM Security Team shows that global ATM fraud losses increased 18 percent to €156 million (U.S. $177.5 million) in the first half of this year, compared to the same period a year ago.
EAST attributes much of that increase to an 18 percent rise in global card-skimming losses, which account for €131 million (U.S. $149 million) of that total.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6fe4446b6e&e=20056c7556
Microsoft is ready to save your PC from huge ransomware infection
TeslaCrypt doesn’t mean anything to many PC users, but there are thousands of people who have somehow contracted this infectious malware program that imprisons personal files on a computer until a monetary reward is paid.
There already are tools that can deal with certain versions of this dangerous ransomware program, but Microsoft decided to step in, creating its own rescue tool.
The tool was included in the Patch Tuesday update this week.
The company created the malware-removal instrument in response to a spike in malware installations detected in August.
As ZDNet reports, TeslaCrypt infections grew from below 1,000 per day in late August to over 3,500 on August 25.
Since then, the number of detections spiked and fell but remained higher than before that first peak, the company noted.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6b9537639c&e=20056c7556
MasterCard Launches Safety Net to Protect Against Cyber Hacking of Banks and Processors in Europe
The FINANCIAL — MasterCard on October 14 announced the launch of Safety Net in Europe.
Safety Net is a global tool that reduces the impact of cyber hacking of banks and processors.
It is designed to use the power of MasterCard’s global network, to identify unusual behavior and potential attacks – often, even before the bank or processor is even aware.
Ajay Bhalla, Enterprise Security Solutions President for MasterCard said, “Safety Net is the latest in a strong line up of network level defenses available to issuers in their fight against major cyberattacks.
With Safety Net, we are screening billions of transactions twenty four hours a day, seven days a week, protecting our issuers against events like a cash out attacks and misuse of payment accounts.”
Safety Net is an external layer of security complementing the issuing banks’ own tools and defenses.
By using sophisticated algorithms and by monitoring different channels and geographies to provide the most appropriate level of support for each market and partner business, Safety Net adds a new level of protection into the payment system without any disruptions to the network.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f412dada27&e=20056c7556
U.S., U.K. Law Enforcement Takes Down Dridex Botnet
The Dridex banking botnet, also known as Bugat or Cridex, takes a major hit after authorities take action.
The botnet stole at least $10 million from victims.
The Dridex botnet is somewhat diminished today, following a coordinated U.S. and U.K. effort to disrupt the global banking malware threat.
The Dridex botnet, also known as Bugat and Cridex, has pilfered millions of dollars from unsuspecting victims.
Though U.S. and U.K. authorities have taken legal aim at Dridex, Kessem said the banking botnet may not be done, yet. “While other botnets do see their operations end with a law-enforcement takedown, I’m not sure this is the last we’ll hear from the Dridex gang,” Kessem said. “We’re closely monitoring for its resurrection.
The next few weeks will be telling of the potential future of this Bugat-derived menace.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=788c35de30&e=20056c7556
SEC Announces Second Wave of Cyber Exams of Broker Dealers and Advisors – Is Your Firm Ready?
In April 2014, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert announcing its first cybersecurity sweep initiative.[1] Pursuant to that initiative, the OCIE conducted an examination sweep of 57 registered broker-dealers and 49 registered investment advisors from a cross-section of the securities industry to assess their vulnerability to cyber-attacks.
On February 3, 2015, the OCIE published a summary of the results of this examination sweep.[2] We previously published an update on that OCIE summary report on March 8, 2015.[3]
The OCIE noted that the second round of examinations would emphasize testing aimed at assessing the implementation of firm cyber security procedures and controls.
This focus is intended to build on the 2014 examination sweep and further assess the securities industry’s cyber security preparedness and ability to protect broker-dealer customer and investment advisor client information.
This emphasis is also occasioned by public reports about cyber security breaches arising from weaknesses in basic controls.
The OCIE noted that this round of examinations will focus on the following areas:
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b62e1c03e7&e=20056c7556
California Amends Data Breach Notification Statute by Requiring Specific Notification Content and Expanding the Definition of Personal Information
California’s Data Breach Notification Statute was amended on October 6, 2015, by Governor Jerry Brown.
The amendment, which takes effect on January 1, 2016, makes important changes to the existing law, including new requirements for security breach notification through the use of prescribed headings in the notification letter.
In addition, the definition of “personal information” has been expanded, and there is a new definition of the word “encrypted.” This amendment applies to all persons and businesses that conduct business in California (Civil Code Section 1798.82) and to all California governmental agencies (California Civil Code Section 1798.29).
The amendment requires that the notification shall now be titled “Notice of Data Breach,” and shall present information under the prescribed headings shown in the model form as set forth in the amendment (see below).
Additional information may be provided as a supplement to the notice.
The model security breach notification form, with the prescribed headings and written in plain English, shall be deemed to be in compliance.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3780352319&e=20056c7556
Beware ‘Starving’ Cyber Risk Budgets, CFOs Warned
With cyber risks looming ever larger, CFOs must avoid “starving” information technology security budgets, the author of a recently released survey concerning cybersecurity and corporate governance warns.
“When you start looking at why [a] company had a weak security program, it usually comes down to allocation of resources,” says Jody Westby, the chief executive officer of Global Cyber Risk, a consulting firm. “The CFO should be very concerned, because often it’s the security programs that have been starved for cash.”
Problems with CIOs reporting to CFOs arise when cost-obsessed finance chiefs are prone to automatically nix every project. “Then the security program can be starved, and it increases risk to the company.
But if you have a CFO who really tries to understand the cyber risk and tries to insure there is adequate funding — within reason — then that is a very good person [for the CIO] to report to,” she says. “So a lot depends on the mindset of the CFO.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=63f49383d3&e=20056c7556
Asean members ready to share intelligence data to tackle militancy threats, says minister
BEIJING, Oct 16 — All 10 members of Asean have collectively stated their readiness to tackle the threats of the so-called IS militant group, including to share intelligence data, says Malaysian Defence Minister Datuk Seri Hishammuddin Hussein.
Hishammuddin said this to reporters after the China-Asean (10+1) Defence Minister Unofficial Meeting that aimed at intensifying strategic ties and pragmatic cooperation between China and Asean here today.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=572579d445&e=20056c7556
How boards calibrate strategy and risk
Corporate boards are deepening their involvement in company strategy and refining their oversight of the critical risks facing the company, according to a recent global survey from KPMG.
Fifty-three percent of the directors and executives surveyed said their board has increased its involvement in the formulation of strategy alternatives, and 61 percent said the board has sharpened its focus on improving risk-related information. “Rather than an annual decision by management and the board, strategy is becoming an ongoing discussion, with continual assessment, evaluation, and adjustment as conditions change,” noted Whalen.
Among the key findings:
– Boards continue to deepen their involvement in strategy
– Effectively linking strategy and risk continues to elude many boards.
– Better risk information and access to expertise are (still) top of mind.
– Cyber security may require deeper expertise, more attention from the full board, and potentially a new committee.
– Oversight of key strategic and operational risks could be more-effectively communicated among the board and its committees
– Respondents from Indonesia, Japan, Korea, and Singapore cited the greatest need for deeper board involvement in strategy.
– Directors and executives in India, Singapore, Switzerland, and UK, said they want to spend more time testing the ongoing validity of underlying assumptions.
– Financial services, insurance, health care, and communications/media sector respondents are devoting notably more time to technology issues, including cyber risks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=22d3de00cb&e=20056c7556
Europe Leads In Global Privacy — Announcing Forrester’s 2015 Data Privacy Heat Map
In the age of the customer, defined by Forrester as a 20-year business cycle when successful enterprises will reinvent themselves as digital businesses in order to serve their increasingly powerful customers, protecting customer data is a critical aspect of fostering trust and building long-lasting relationships.
Forrester’s 2015 key findings include:
– The trend since 2012 continues: European countries are clear data privacy leaders.
Forrester found that non-European countries are adopting similar provisions of Europe, most recently including Chile, South Africa and Thailand.-
Constitutional backing and government surveillance are key data privacy differentiators, as it’s those countries with constitutional provisions that protect individuals’ rights that enforce data privacy laws.
On the other hand, governments with widely-known citizen surveillance, including recent highly-publicized activities in the US, are examples of those with lower ratings.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=adf070603a&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage2.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=5d2b8d974d)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)