Standard Jet DBnb` Ugr@?~1y0̝cßFNn7ќ](#`{6n߱aCT:3y[ |*|: f_Љ$g'DeFx -bT4.0vdv0 YFS HH Y   Y Y  Y Y  Y  Y  Y   Y  Y  Y  Y  Y 2Y  Y   Y  Y ConnectDatabaseDateCreateDateUpdate FlagsForeignNameIdLvLvExtraLvModule LvPropName OwnerParentIdRmtInfoLongRmtInfoShortTypeYYIdParentIdName        OYSGY Y Y  Y 2ACMFInheritableObjectIdSID  AtYObjectId YSY  Y Y Y  Y  Y Y  Y AttributeExpressionFlagLvExtra Name1 Name2ObjectId Ordernzf edY"ObjectIdAttribute -YSY Y Y  Y  Y  Y  Y  Y ccolumn grbiticolumnszColumnszObject$szReferencedColumn$szReferencedObjectszRelationship   YYYszObject$szReferencedObjectszRelationshipYv1b N  : k & W  C t/   @@@@ @@ @ @@@ @@@  @ JO`YbOJmJJMMQkkfJUQkOJmJLJkQkSdi`k `dOo^Qk iQ^JmYdbkWYfkiQfdimk kMiYfmk kvkiQ^ mJL^QkJOOYmYdbJ^OdMo`QbmJmYdbJiQJkJiSdiJkJiSdiM`JiSdimWJiSdiqoJkSdimWJkkQmOdMo`QbmJmYdbJkkQmkJmSdimWJmmJM\QimvfQkM`SdimWM`SdiqoMdobmQi`QJkoiQOdMo`QbmJmYdbMdobmQi`QJkoiQkQbmivfdYbmkQfSdimW `kvkJMMQkkdL[QMmk!`kvkJMMQkku`^"`kvkJMQk`kvkdL[QMmk`kvkhoQiYQk`kvkiQ^JmYdbkWYfkfid[QMmiYk\WYkmdiv$mWiQJmOdMo`QbmJmYdb%mWiQJmk&qoSdimW'qo^bQiJLY^YmYQk(qo^bQiJLY^YmvOdMo`QbmJmYdb)JMMQkk^Jvdom`kvkOL+ FJB>DL6DO:6S>8Q6HMJHSHOL6J6F<:BJ+ +;K[*+ OB8QF:>JFQ:Q>@>JLLB>@>L:DOLFMHmWJkkQmkJiSdiJkJkkQmkJkkQmOdMo`QbmJmYdbJmmJM\QimvfQkJm>mW MdobmQi`QJkoiQkJiSdiM` MdobmQi`QJkoiQkMdobmQi`QJkoiQOdMo`QbmJmYdb MdobmQi`QJkoiQkMdobmQi`QJkoiQkSdiqo^bQiJLY^YmYQk QbmivfdYbmkQf>mW mWiQJmJiQJkmJ>mWmWiQJmkJkkQmkSdimWiQJmkmWiQJmkJm>mWmWiQJmkQf>mWmWiQJmkmJ>mWmWiQJmkmWiQJmOdMo`QbmJmYdbmWiQJmkqo^bQiJLY^YmYQkSdimWiQJmkqo^bQiJLY^YmYQkJiSdiqoqo^bQiJLY^YmYQkMdobmQi`QJkoiQkSdiqo^bQiJLY^YmYQkqo^bQiJLY^YmYQkqo^bQiJLY^YmYQkSdimWiQJmkqo^bQiJLY^YmYQkqo^bQiJLY^YmvOdMo`QbmJmYdbJLY^YmvOdMo`QbmJmYdb  @ @ @ @ @ @ @ @ @     * + ,         !"#$*06;AGNTZ_fl r!y"$%&'() @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @    ()*$%& ' ( ) * + , - . / 0 1 2 3 4 56789:;<=>?@ABCDEFGHIJKLMNO        !! !!"""#"$#%#&#' !"#+,-./0123456$7$8$9*:*;*<0=0>0?6@6A6B;C;D;EAFAGAHGIGJGNNNTTTZZZ _ _ _ f fflllrrryyy'()*+,-./012345678<=>  !"#### 7 @ @@ @@+ FJB>DL6DO:6S>8Q6HMJHSHOL6J6F<:BJ+ +;K[+ OB8QF:>JFQ:Q>@>JLLB>@>L:DOLFMHmW JkkQmkJiSdiJk JkkQmkJkkQmOdMo`QbmJmYdb JmmJM\QimvfQkJm>mW MdobmQi`QJkoiQkJiSdiM` MdobmQi`QJkoiQkMdobmQi`QJkoiQOdMo`QbmJmYdbMdobmQi`QJkoiQkMdobmQi`QJkoiQkSdiqo^bQiJLY^YmYQkQbmivfdYbmkQf>mWmWiQJmJiQJkmJ>mWmWiQJmkJkkQmkSdimWiQJmkmWiQJmkJm>mWmWiQJmkQf>mWmWiQJmkmJ>mWmWiQJmkmWiQJmOdMo`QbmJmYdbmWiQJmkqo^bQiJLY^YmYQkSdimWiQJmkqo^bQiJLY^YmYQkJiSdiqoqo^bQiJLY^YmYQkMdobmQi`QJkoiQkSdiqo^bQiJLY^YmYQkqo^bQiJLY^YmYQkqo^bQiJLY^YmYQkSdimWiQJmkqo^bQiJLY^YmYQkqo^bQiJLY^YmvOdMo`QbmJmYdb @@@ @@@@JiSdiJkJiSdiJk JiSdiM`JiSdiM` JiSdimWJiSdimWJiSdiqoJiSdiqoJkSdimW JkSdimWJkkQmOdMo`QbmJmYdbJkkQmOdMo`QbmJmYdb JmSdimW JmSdimWM`SdimWM`SdimWM`SdiqoM`SdiqoMdobmQi`QJkoiQOdMo`QbmJmYdbMdobmQi`QJkoiQOdMo`QbmJmYdbQfSdimWQfSdimWmWiQJmOdMo`QbmJmYdbmWiQJmOdMo`QbmJmYdbqoSdimWqoSdimWqo^bQiJLY^YmvOdMo`QbmJmYdbqo^bQiJLY^YmvOdMo`QbmJmYdb @     JOOYmYdbJ^OdMo`QbmJmYdbJOOYmYdbJ^OdMo`QbmJmYdbJOOYmYdbJ^OdMo`QbmJmYdbJOOYmYdbJ^OdMo`QbmJmYdbJiQJkJiQJkJiQJkJiQJkJkkQmk JkkQmk JkkQmk JmmJM\QimvfQk MdobmQi`QJkoiQkMdobmQi`QJkoiQk MdobmQi`QJkoiQkMdobmQi`QJkoiQkQbmivfdYbmkmWiQJmkmWiQJmkmWiQJmkmWiQJmkmWiQJmkmWiQJmkmWiQJmkqo^bQiJLY^YmYQkqo^bQiJLY^YmYQkqo^bQiJLY^YmYQkqo^bQiJLY^YmYQks-d Oc P  m 2 d  ] YI 8G+Q.*EčDjl   .˔خ@.˔خ@AdditionalDocumentationAssetDocumen .˔خ@.˔خ@AdditionalDocumentationAssetDocumentationEUttttttttttr  }@}@{D61E824A-8E2E-454A-BB64-54B27DB8C936}EUnnnnnnnnnnl }@}@{8A647B07-D20F-41E0-9CA9-F9DB0A08326A}EUnnnnnnnnnnl >M/@}@VulnerabilityDocumentationEUw@bbbVVVVVVVT @}@a!@VulnerabilitiesEU@LLL@@@@@@@> @}@L}@VUforTHEU@<<<0000000. @E}@G@ThreatsEU @<<<0000000. @.v@F:@ThreatDocumentationEUM@TTTHHHHHHHF @yw@w@MSysAccessXMLEU4MR2KeepLocal  T|||<<<<<<<: @lY}@K}@EPforTHEU@<<<0000000. @fҲ}@ ޗۤ@EntryPointsEU:@DDD88888886 @_>Q}@Mg@CountermeasuresEU @LLL@@@@@@@> @ZTf/@\&@CountermeasureDocumentationEU}@dddXXXXXXXV @Tɯ}@K}@CMforVUEU@<<<0000000. @NH}@3@CMforTHEUp@<<<0000000. @A}@P}@ATforTHEU@<<<0000000. @;}@Sgخ@AssetsEU @:::......., @6k خ@̔خ@AssetDocumentationEU@RRRFFFFFFFD @0H}@qۤ@ASforTHEU@<<<0000000. @*}@ۤ@ARforVUEU+@<<<0000000. @N }@P}@ARforCMEU@<<<0000000. @a خ@خ@ARforASEU@<<<0000000. @5¡}@]y@@AreasEU,@888,,,,,,,* @wۥ@ s@AdditionalDocumentationEU@\\\PPPPPPPN @ 5@pVخ@AdminEUdh#8,,,,,,,,,*  ::~@2%s@AccessLayoutEU4MR2KeepLocal T"@zz:::::::8 @^}@^}@SysRelEU.........., ^}@^}@ScriptsEU0000000000. ^}@^}@ReportsEU0000000000. ^}@^}@ModulesEU0000000000. ^}@^}@FormsEU,,,,,,,,,,* ^}@^}@DataAccessPagesEU@@@@@@@@@@> ݟ}@ݟ}@MSysRelationshipsDWDDDDDDDDDDB ݟ}@ݟ}@MSysQueriesDW88888888886 ݟ}@ݟ}@MSysACEsDW22222222220 ݟ}@ݟ}@MSysObjectsDW88888888886 ݟ}@ݟ}@RelationshipsDW<<<<<<<<<<: ݟ}@ݟ}@DatabasesDW44444444442 ݟ}@ݟ}@TablesDW.........., q YNY  Y  Y  Y DocumentIDDocumentFileDocumentTitleDescriptiondMitOQY6YZYYYY.rC.rD.rE.rFDocumentIDPrimaryKeyHv1b @@  @  @ .Y  = 251N Y  Y  Y Y Y Y Y  AreaIDAreaNameDescriptionUseForThreats*UseForVulnerabilities*UseForCountermeasuresUseForAssetsmentsttrdengYYY*Y$YY.rC.rD.rE.rFAreaID1PrimaryKeyHv1b@ @ @w tP, N Operating System;~Software3 Hardware3 Reputation{ Software Modules;Business procedures;Users configuration;Application servers;Networking;Data {Regulations{Operational{  @          @         YY NY Y AssetID AreaIDDhaDa sYYY;YY AreaIDAreasARforASAssetsARforAS CountermeasureIDPrimaryKeyv1 l    @        @      @@@      { }YNY Y  CountermeasureID AreaIDemDc!onib"#YYYYY_Y AreaIDAreasARforCM CountermeasureID,CountermeasuresARforCMPrimaryKeyv1vϾ                       @                           @                          @@                            ]YN%%Y Y ThreatID AreaID%'%(%)YYYYYPrimaryKeyThreatAreaID ThreatAreasTA4THThreatIDThreatsTA4THv1@@$  $@@&&&& &  &  &  &  &  &  &  &  &  &  $ @&&&& &  &  &  &  &  &  &  &  &  &  $ @&&&& & & & &  &  &  &  &  &  &  yYN++Y Y VulnerabilityID AreaIDly"l+-ilertn+.bl+/YYYYY AreaIDAreasARforVUPrimaryKey,VulnerabilitiesARforVUVulnerabilityIDv1@ *             * ,, ,, , , , , , , , , ,  *@@,, ,  ,  ,  ,  ,  ,  ,  ,  ,  ,  ,  * ,, ,  ,  ,  ,  ,  ,  ,  ,  ,  ,  , r Y N11Y Y Y AssetIDThreatID Damage[\13[]14[^Y15YY;YYYAssetIDAssetsA4THPrimaryKeyThreatID.ThreatsAssetsForThreatsv1 0yj[     22222  B12 0 @2222 22222222222 0@@@ 22222  22 2222 2 2 2 2 0 @22222222  2 2 2 2 2 2 2O YN77Y Y AssetIDDocumentID78797:YYY;YYYRAdditionalDocumentationAssetDocumentation0AssetsAssetDocumentationDocumentIDPrimaryKeyThreatIDv1 6 6 6 jY = 251N  <<Y  Y  Y Y Y  Y Y Y Y AssetIDAssetNameDescriptionFixedValue FixedValuePeriodRecurringValue"IncludeFixedValue*IncludeRecurringValueDisabled<?Y<@Y0YY6YY.rC.rD.rEAssetIDPrimaryKey<<Hv1b @@LVAL.  DIf contracts are breached or manipulated, financial damage may be caused to the business units that base their transactions on the contract The value of the asset is the maximal annual damage that can be caused by disclosure or manipulation of a single contract, calculated as 50% of the value of largest contract that was signed in 2006If contracts are breached or manipulated, financial damage may be caused to the business units thaIf contracts are breached or manipulated, financial damage may be caused to the business units that base their transactions on the contract The value of the asset is the maximal annual damage that can be caused by disclosure or manipulation of a single contract, calculated as 50% of the value of largest contract that was signed in 2006Pricing and terms of the company's response to competitive requests for proposal or information - if disclosed may hurt the company's ability to competeProprietary product design information - if leaked or stolen may affect ability of company to compete, amortize over a 24 month design cycleIf sensitive information is breached, then customers may lose confidence in the ability of the company to protect their commercial information, calculated as 1% of outstanding stock value as of August 2006 (.01* 770M = 7.7M) + legal fees = 0.3MWAN bandwidth is used for branch, customer and business partner connectivity, valued at 1% of annual revenueThe ability of the executive and board to maintain confidentiality of M&A plans is a major factor in gaining (or losing) this reputation. ;0OsN2 ʚ; TRFP/RFI pricing and terms0@=A5  T ʚ; TRFP/RFI pricing and terms0@=A5  TProduct designs@=7+ TThe stability of the state's economy>@=L@  _ _Company reputation@=:.ʚ;ʚ;The accuracy and integrity of the exchange rates data*@=]Q /P Network bandwidth, corporate connectivity@ =QE ; @>>>>>>> ; @>>>>>>> uYNBBY Y ThreatIDAttackerTypeIDDagBD[BE[BF[YYGYYYAttackerTypeID$AttackerTypesAT4THPrimaryKeyThreatIDThreatsAT4THv1@ A    ACCCCCCCC A@CCCC C C C CACCCC C C C C YNHHY  Y  Y t Y  TypeIDTypeNameDescriptionToolsAvailableHLYHMYAYY.rCPrimaryKeyTypeID1HHHH v1b ,GfDState's enemiesEconomist@Kl@J)HackerInsider@K\@J'Web user&LVAL8Access to economist passwords and desktop applicationsAccess to the LAN and currency rates database.LVALZEconomist may be interested in tampering with the rates data for gaining personal profitMalicious insider may be an employee or a subcontractor of the treasury department. G IIIII G IIIII UYNOOY Y Y Y ThreatID CountermeasureIDMitigationLevel(IncludedInMitigation OQ haDhORNaaertnOSbaYY_YYYL{8A647B07-D20F-41E0-9CA9-F9DB0A08326A}L{D61E824A-8E2E-454A-BB64-54B27DB8C936} CountermeasureIDPrimaryKeyThreatIDv1N+yj[L=.                       (RR N @ @P P%PP' P P P*P#P"PP&P!P$P)P P(PPPPPPPPPPPPPP@ N@@@@P  PP#PP P' P*P$P P P% P" P& P! P( P) P P P P P P P P P P P P P P N @ @P PPP P#P$P'P*PP P! P" P% P& P( P) P P P P P P P P P P P P P P YNUUY Y VulnerabilityID CountermeasureIDnalyUWDeslUXUYYY_YYY CountermeasureID`CountermeasuresCountermeasuresForVulnerabilitiesPrimaryKeyThreatID`VulnerabilitiesCountermeasuresForVulnerabilitiesv1@@T&|qqff[PE:/           u T @ @V VVV!V  V V%VVVVVV"VVVV#VV$V T@@@@@V  V   V V V V V V V VVVVVV!V"V#V$ V% Vu T @ @V  V  V V V V V V V VVVVVV!V"V#V$V% V YN[[Y Y  CountermeasureIDDocumentID![\"[]#[^YYY_YYYdAdditionalDocumentationCountermeasureDocumentationTCountermeasuresCountermeasureDocumentationDocumentIDPrimaryKeyThreatIDv1@  Z Z Z dY  = 251N  ``  Y  Y  Y Y Y Y   Y Y Y Y  Y   CountermeasureID$CountermeasureNameDescription.FixedImplementationCostFixedCostPeriod6RecurringImplementationCostDetailedDesignImplemented IncludeFixedCost(IncludeRecurringCostDisabledY`dCr.`eIDYNYYZYTYY.rC.rD.rE.rF CountermeasureIDPrimaryKey```` v1b v_ @@DS, Alert on transfer of structured data from enterprise mgmt/design databasesv@cnnb?Q _oOooNNΔΔΔΔΔΔΔ3NM|M:ML PSet severe punishments in law against in PSet severe punishments in law against insiders economical crimesTTT PSet severe punishments in law against insiders economical crimesTTT; 0uSecurity o PSet severe punishments in law against insiders economical crimesTTT;  PSet severe punishments in law against insiders economical crimesTTT; PSet severe punishments in law against insiders economical crimesTTT; 0uSecurity o PSet severe punishments in law against insiders economical crimesTTT;  PSet severe punishments in law against insiders economical crimesTTT;  PSet severe punishments in law against insiders economical crimesTT PSet severe punishments in law against insi  NDataSafe, Monitor unusual file transfers|@cHH<?Detect unauthorized non-proxied end points>>>;Monitor AUP violations,@c66*?Alert on transfer of structured data from enterprise mgmt/design databasesv@cjj^?Alert on Web postings@ c55)?PEstablish AUP and enforce for insider disclosuresEEE; NEnforce security code reviewF@c<<0?Enforce policy of downloading and deployment of latest security patches for OS, database and Web server@c{Database login accounts should be given the minimal rights that are necessary for their functionalityF@ cyfLVALrrrrr,|  ^ The Web application account uWeb application account useThe network is secured by using industry standard firewall, which is configured to block traffic from the internet to the local area network, excluding HTTP requests to Exchange Rates Web site. The cost of the implementation is the one time cost of the firewall purchase and deployment.Web application account used for retrieving daily rates is assigned with rWeb applicationReview all sWrite one page AUP (acceptable usage procedure - for usage of the company network/IT resources), have all employees, sign that they read and understandReview all system's source codes according to 'secure code writing' industry standards. The cost here is the one time effort for implementing this software review. SDLC == Software development Life CycleMonitor large, off-hours file transfers by remote-access usersDetect suspected violations of accepted usage policy: audio, bad words, executables, images, video sharing, movie and music downloads - on any channelDetect unauthorized transfer of business and/or design dataMonitor IM/Web forum/Web mail/Mail channels using KWIC to detect unauthorized disclosureCost reflects administrative effortThe current security patches for all software infrastructures in the system should be maintained. The cost estimation is based on the yearly effort for deploying the patches by system administration. _ @bb bbbbbbbbbbbbbbbb _ @bb bbbbbbbbbbbbbbbbY0NggY  Y  Y eEntryPointIDEntryPointNameDescriptiongjgkYlYY.rCIDPrimaryKeyggHv1bdLVALvwhich is available to the economistswhich is available to the public.fm?The database serverA computer machine on the LAN%%The economist desktop application for updating ratesH@hH<The rates page of the Web applicationB@h9- fiiii fiiii iYNmmY Y EntryPointIDThreatIDmoDmpEmqFYYfYYYEntryPointID EntryPointsEP4THPrimaryKeyThreatIDThreatsEP4THv1@@llnnnnnnnn l@nnnnnnnnlnnnn n n n n Y NssY Y DataIDTeIsxYAOIndexv1Kr[ DPM0wSysAccessObjectsLLLLLLLLLLJ Kr[ࡱ>   Root Entry 0t΁@ VBAϫ }g0t΁VBAProject0Jg0t΁VBA0Jg0Ogdir_VBA_PROJECTPROJECT,%PROJECTwm1  !"#$%&'()*+-./0ɱ0* pHdProject1,@ Z= n sPB %J< rst dole>stdole h%^*\G{0002`0430-C 0046}#2.0#0#C:\WINDOWS\System32\e2.tlb#OLE Automation#`DAO>JDAO5A A5E401A5Agram Files\CommonMicrosoft Shared\;\dao360.dll# 3.6 Ob LibraryHADO DB> ADZDB\\\10-8AA006D2EA4N1N.S\ado\ms@21T+ActiveX Data-s 2.1K.")"*am  *\G{000204EF-0000-0000-C000-000000000046}#4.0#9#C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL#Visual Basic For Applications*\G{4AFFC9A0-5F99-101B-AF4E-00AA003F0F07}#9.0#0#C:\Program Files\Microsoft Office2003\OFFICE11\MSACC.OLB#Microsoft Access 11.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\WINDOWS\System32\stdole2.tlb#OLE Automation*\G{00025E01-0000-0000-C000-000000000046}#5.0#0#C:\Program FiKr[les\Common Files\Microsoft Shared\DAO\dao360.dll#Microsoft DAO 3.6 Object Library*\G{00000201-0000-0010-8000-00AA006D2EA4}#2.1#0#C:\Program Files\Common Files\System\ado\msado21.tlb#Microsoft ActiveX Data Objects 2.1 Library sPB)"x %AccessVBAWin16~Win32MacVBA6#Project1 stdole`DAOADODBsH   ID="{BEF604E4-2F34-450F-B552-1D0C2B4D5C02}" Name="Project1" HelpContextID="0" VersionCompatible32="393222000" CMG="0D0FDBE8E5F1E9F1E9F1E9F1E9" DPB="1A18CCE3D8E4D8E4D8" GC="2725F1F6F30E010F010FFE" [Host Extender Info] &H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000 ijMSysDbAcessVBAData2 Forms  ϫ }gϫ }gCmdbarsϫ }gϫ }gModules ϫ }gϫ }gReportsϫ }gϫ }gScripts ϫ }gϫ }gPropData3Databasesϫ }g0t΁0ϫ }g& }gBlob DirData4CustomGroupsϫ }gϫ }gDataAccessPages ϫ }gϫ }gKr[ rtuvwS YNzzY   Y Y - Y  Y ! Y !-Id LValueObjectGuidObjectNameProperty Value-!-!z{!--!-!z|!--!-!z}!-YYYId$ObjectGuidProperty$ObjectNamePropertyzHv1b  y y yۏ Software Development3