29
Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX Mr. Dorough re- joined PricewaterhouseCoopers in 2012 and has over 19 years experience in IT Security, IT Forensics, IT Audit, and IT Governance. Areas of focus include digital threat assessments, Cyber incident identification and response, electronic investigations and IT Security organization assessment and development. Prior to returning to PwC, Mr. Dorough was the Global Chief Information Security Officer for Textron. As Global Chief Information Security Officer, Mr. Dorough was responsible for developing, maintaining and assuring continuous improvement of Textron’s Information Technology Security strategy, programs, policies and processes. This included leadership of the Information Technology Risk Management (ITRM) Council which is a team of Security leaders from across Textron’s Business Units and COEs. Mr. Dorough was also responsible for IT Privacy governance, software asset management, disaster recovery and led the IT portion of the electronic discovery (eDiscovery) program for Textron. Mr. Dorough has a Bachelor of Science in Computer Science from the University of Texas at Tyler. He is a certified DFSS Green Belt and has additional certifications in IT, IT Forensics, IT Data Privacy, eDiscovery, IT Audit, and IT Security. He is recognized as an industry SME in the area of IT, IT Security, eDiscovery and Forensics and frequently speaks at security related events, functions and conferences and sits on several security related boards and governing bodies. CIO Talk Radio, CXO Magazine, CSO perspectives, CISO Executive Summit to name a few.

Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

  • Upload
    others

  • View
    11

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

Richard Dorough

1

Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISAManaging Director, Forensic Technology SolutionsFort Worth, TX

Mr. Dorough re- joined PricewaterhouseCoopers in 2012 and has over 19 yearsexperience in IT Security, IT Forensics, IT Audit, and IT Governance. Areas of focusinclude digital threat assessments, Cyber incident identification and response,electronic investigations and IT Security organization assessment and development.

Prior to returning to PwC, Mr. Dorough was the Global Chief Information SecurityOfficer for Textron. As Global Chief Information Security Officer, Mr. Dorough wasresponsible for developing, maintaining and assuring continuous improvement ofTextron’s Information Technology Security strategy, programs, policies andprocesses. This included leadership of the Information Technology Risk Management(ITRM) Council which is a team of Security leaders from across Textron’s BusinessUnits and COEs. Mr. Dorough was also responsible for IT Privacy governance,software asset management, disaster recovery and led the IT portion of the electronicdiscovery (eDiscovery) program for Textron.

Mr. Dorough has a Bachelor of Science in Computer Science from the University ofTexas at Tyler. He is a certified DFSS Green Belt and has additional certifications inIT, IT Forensics, IT Data Privacy, eDiscovery, IT Audit, and IT Security. He isrecognized as an industry SME in the area of IT, IT Security, eDiscovery andForensics and frequently speaks at security related events, functions and conferencesand sits on several security related boards and governing bodies. CIO Talk Radio,CXO Magazine, CSO perspectives, CISO Executive Summit to name a few.

Page 2: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

Matthew Wilson

2

Matthew WilsonDirector, IT Risk, Security and PrivacyDallas, TX

Matt is a Dallas based PwC Risk Assurance Director with 10 years of experiencespecializing in IT, Risk and Security. Matt has held a number of internal and externalaudit leadership positions across many industries. Matt has been responsible for riskassessment, audit plan development and execution, leading business process andcompliance reviews, ERP system assessments, system implementation assurancereviews, SSAE16 reporting, and other internal and external audit engagements. Inthis capacity Matt has developed significant experience with IT risk assessment,system implementation assurance and information security.

Page 3: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

Ashley Shugart

3

Ashley ShugartManager, IT Risk, Security and PrivacyDallas, TX

Ashley Shugart is a Security & Privacy Services Manager specializing in privacy, dataprotection and information security. His privacy service delivery experience rangesfrom basic policy reviews, training/awareness development, benchmark analysis,privacy impact assessments and developing and implementing national and globalprivacy programs. Ashley's primary focus revolves around leading practices with anemphasis on program development, regulatory compliance, incident responsemanagement, and operational implementation. He also has extensive knowledge ofprivacy frameworks (e.g., Generally Accepted Privacy Principles) and the ever-evolving legal, regulatory and compliance landscape.

Ashley also advises clients on security best practices and requirements in order tosafeguard corporate assets, including confidential data, intellectual property, andsensitive data such as credit card and health related information. He has a broadunderstanding of technology, its role in the enterprise and the tools, techniques andprocesses required to mitigate technology risks. Ashley has performed a variety ofsecurity related services including program strategy and policy development, ITgovernance, incident response and handling, baseline assessment and benchmarkingreviews, as well as experience with HIPAA, NIST, COBIT, and ISO27002.

In today's ever-changing glossary of terminology in this area, Ashley has directexperience in areas of privacy compliance, data protection, IT security, dataclassification, privacy strategy, privacy program management.

Page 4: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

Cybersecurity: Recent Data Breachesand the Evolving Role of Internal Audit

www.pwc.com/cybersecurity

Presented to the Association ofGovernment AccountantsDallas Chapter

October 16, 2014

Page 5: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

• The US government notifies 3,000

companies that they were were

attacked and charges nation-backed

hackers with economic espionage.

• Compromises of retailers culminate

in a recent breach of 56 million

credit cards.

• Heartbleed defect results in the loss

of 4.5 million healthcare records.

• Powerful malware infects

hundreds of energy companies

worldwide.

• More than half of global securities

exchanges are hacked.

• Regulators around the world are

beginning to more proactively address

cyber risks.

Recent statistics - today, security compromisesare a persistent—and globally pervasive—businessrisk

2Source: PwC’s The Global State of Information Security Survey 2015

Page 6: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

The number of security incidents continues

to soar

The total number of security incidents

detected by survey respondents climbed

to 42.8 million this year, an increase

of 48% over 2013.

It’s the equivalent of 117,339incoming attacks per day, every day.

And that’s just the compromises that

were discovered.

42.8 million

3Source: PwC’s The Global State of Information Security Survey 2015

Page 7: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

A steady 66% year-over-year growth since 2009

Taking a longer view, our survey data shows

that the compound annual growth rate

(CAGR) of detected security incidents has

increased 66% year over year since 2009.

4Source: PwC’s The Global State of Information Security Survey 2015

Page 8: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Primary Failure points

#4 Underestimating Technology

# 3 Underestimating Data

# 2 Senior Management Commitment

# 1 Maturity and Execution of Company ITSecurity Tools and Capabilities

5

Page 9: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Profile of threat actors

Nation State

Insiders

OrganizedCrime

Hacktivists

• Economic, political,and/or military advantage

• Immediate financial gain• Collect information for future

financial gains

• Personal advantage,monetary gain

• Professional revenge• Patriotism

• Influence political and /orsocial change

• Pressure business to changetheir practices

MotivesAdversary

• Trade secrets• Sensitive business

information• Emerging technologies• Critical infrastructure

• Financial / Payment Systems• Personally Identifiable

Information• Payment Card Information• Protected Health Information

• Sales, deals, market strategies• Corporate secrets, IP, R&D• Business operations• Personnel information

• Corporate secrets• Sensitive business information• Information related to key

executives, employees,customers & business partners

Targets

• Loss of competitiveadvantage

• Disruption to criticalinfrastructure

• Costly regulatory inquiriesand penalties

• Consumer and shareholderlawsuits

• Loss of consumer confidence

• Trade secret disclosure• Operational disruption• Brand and reputation• National security impact

• Disruption of businessactivities

• Brand and reputation• Loss of consumer confidence

Impact

6

Page 10: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Anatomy of a cyber attack

Recon Weaponize Deliver Exploit Install C2 Actions

Target anorganization orindustry

• Browsewebsites

• Social Media• Pre social

engineering• External scans

Craftmaliciouspayload

• Trojanizeddocs

• Packedexecutables

• Obfuscatedshell code

Payload sent totarget

• SQL injection• Spear phishing

Compromisesystem

• Execution ofpayload

• Critical phaseof the attack.

Installation ofmalware /tools postexploitation

• Install rootkits• Password

crackers• Keyloggers• Hacking tools

Command andcontrol

• Leverageexploit

• Accessbackdoors

• Reverse shell• Lateral

movement• Maintain

persistence

Ultimate goalsachieved

• Exfiltrate data• Launch other

attacks

7

Page 11: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Real-Time Monitoring of the Cyber Kill Chain

Phase Detect Deny Disrupt Degrade Deceive

Reconnaissance NIDS,Web analytics

Firewall ACL

Weaponize NIDS, In-line AV NIPS

Delivery In-line AV,User Awareness

Proxy filter In-line AV Queuing

Exploitation HIDS Patch DEP

Installation HIDS Whitelist AV

C2 NIDS, In-line AV Firewall ACL NIPS Tarpit DNS redirect

Actions HIDS, DLP DLP Quality ofService

Honeypot

8

Page 12: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Evolving business risks……impacting brand, competitive advantage, and shareholder value

Advancements in and evolving use oftechnology – adoption of cloud-enabledservices; Internet of Things (“IoT”) securityimplications; BYOD usage

Value chain collaboration andinformation sharing – persistent ‘thirdparty’ integration; tiered partner accessrequirements; usage and storage of criticalassets throughout ecosystem

Operational fragility – Real-timeoperations; product manufacturing; servicedelivery; customer experience

Business objectives and initiatives –M&A transactions; emerging marketexpansion; sensitive activities of interest toadversaries

Historical headlines haveprimarily been driven bycompliance anddisclosure requirements

Cybersecurity must beviewed as a strategicbusiness imperative inorder to protect brand,competitive advantage,and shareholder value

Unmanagedrisks with

potential long-term, strategicimplications

However, the realimpact is often notrecognized, appreciated,or reported

Highlights of activities impacting risk:

9

Page 13: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Enterprise risks associated with cybercrime

Investigation costs

Legal costs

Brand damage

State and federal regulatory actions

Third-party and class action lawsuits

Business partner lawsuits/indemnification

10

Page 14: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Why organizations have not kept pace

Years of underinvestment in certain areas has left organizations unable toadequately adapt and respond to dynamic cyber risks.

Product & ServiceSecurity

PhysicalSecurity

OperationalTechnology

Security

Public/PrivateInformation

Sharing

ThreatModeling

& ScenarioPlanning

TechnologyAdoption andEnablement

Ecosystem &Supply Chain

Security

GlobalSecurity

Operations

BreachInvestigationand Response

Notificationand

Disclosure

Privileged AccessManagement

SecurityTechnology

Rationalization

Patch &ConfigurationManagement

consecteturadipiscing elit

InsiderThreat

UserAdministration

TechnologyDebt

Management

Secure Mobileand CloudComputing

Security Strategy and Roadmap

Board, Audit Committee, and Executive Leadership Engagement

Business Alignment and Enablement

Process andTechnology

Fundamentals

ThreatIntelligence

Incidentand Crisis

Management

Ris

ka

nd

Imp

ac

tE

va

lua

tio

nR

eso

ur

ce

Pr

ior

itiza

tion

Security Program, Functions, Resources and Capabilities

ComplianceRemediation

Security Cultureand Mindset

Monitoringand Detection

Critical AssetIdentification and

Protection

11

Page 15: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC Prevent Detect Respond

Hu

ma

n/

Ex

tern

al

Ne

two

rk

Op

era

tin

gS

yste

mD

ata

/D

ata

ba

seA

pp

lica

tio

n

Threat Intelligence

SecurityInfo &EventMgmt

Firewalls IPS/IDS

Encryption

FileIntegrity

DBFirewall

Antivirus /Endpoint

MalwareAnalysis

Forensic Tools

White listing

MemoryAnalysis

IdentityMgmt

SpamFilter

DLP / InformationProtection

Malware Appliance

Live MemoryMonitor

Resilient Cyber Security

Functional Security Capabilities

Network Analysis

NAC

Anti-phishing

Traditional Security

12

Page 16: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Managing the risks

Know the Who, What, Where of your sensitive data

Ignoring compliance is not an option

Review internal policies and procedures

Update privacy policy

Make your plan bigger than technology

Review existing insurance coverage

Monitor and audit

Establish call-back procedures to help defend against social engineering

Consider using encryption

Control or limit access to payment and other sensitive systems

13

Page 17: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Transformation Journey

Log IgnoranceLog Collection and

Review

Security Incident andEvent Management

CapableActionable Threat

Intelligence

Increased Threat Intelligence and Threat Visibility

• No log collection andreview process

• No documentedcompliance processand policies

• Ad hoc log collectionprocess

• Limited access & activitylogging

• Logs are reviewed aspart of incident response

• Real-time Log Analysis

• Real-time Alerting

• SIEM tools areconfigured based onlimited use cases

• Enterprise SecurityInformationManagement

• Multi dimensionalsecurity analytics

• ContinuousImprovement inprocesses & architecture

• Business risk awaremonitoring

• Focus on risk avoidance

1

StandardizedLogging and

Monitoring forCompliance

3

2

4

• Log collection and logmanagement is in place

• Review log reportsperiodically

• Delayed Alerting

• SIEM / Logmanagement is focusedonly for compliance

5

14

Page 18: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Responding to a breach

Maintain an incident-response plan and team

• Identify team members and responsibilities• Outline breach response measures• Involve outside professionals (legal, forensic, public relations)

Consult with legal counsel

• Guide breach response• Ensure compliance• Preserve applicable privileges

Preserve digital evidence

• Do not alter compromised systems• Do not turn compromised machine off; isolate from network• Preserve logs and log all actions taken

15

Page 19: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Responding to a breach

Maintain network diagrams and Scan to detect rogues

• Provides quick, clear picture of environment

Establish vendor and law enforcement relationships

Be accurate and be fast

• Prepare to implement a communications plan

• Communicate at the earliest appropriate opportunity• Commit to updating as more facts become available

Containment

• Prevent further compromise

Remediation

• Patch vulnerabilities (ALL vulnerabilities and ALL devices connected to the net)

16

Page 20: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Given all this, how should InternalAudit (IA) respond to rapidlyevolving risks and threats?

17

Page 21: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Addressing the board level discussion.

Do we understand our risk?

Do we know the maturity of our capabilities?

What are we trying to achieve,and how do we measure?

18

Page 22: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Do we understand our risk?

What are we trying to protect?

Evaluating the likelihood and impact.

Understanding IT Risk Management in the context ofEnterprise Risk Management.

Communicate strategy of the program concisely to the board.

What are our most critical assets?

What are our legal, regulatory and compliance obligations?

Summarize Risk Simply Value

19

Page 23: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Do we know our capabilities?

Security Maturity

Frameworks

Tools, Tools, Tools

Current and

1. Profile the Program2. Conduct Industry Benchmark3. Score Program maturity

PwC’s ATLAS, NIST CSF, C2M2, FISMA, 800-53, etc.

Detail and process testing – both are needed.

Investment in tools does not necessarily mean a capabilityhas been developed.

Where are we?

Where do we want to be?

Assessments

And Testing

Target State

Traditional risk assessmentsdo not assess whether theinformation security strategyand program is aligned withthe business strategy.

20

Page 24: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Evolving role of IA – Measuring achievement andstrategic alignment

Evaluating Capabilities

Auditing Processes and Controls

Roadmap and Risk Management participation

ValueThe Evolving Role

of Internal Audit

21

Page 25: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

IA Focus Areas

Threat and Vulnerability Management

• How is cyber intelligence integrated into the vulnerabilitymanagement program?

• Patch management and system hardening are highly technical yetthese capabilities should be understood and evaluated

• Evaluation requires a detailed understanding of your ITarchitecture

Common pitfalls

• Security by obscurity is no longer relevant with operationaltechnology

• End of life systems are improperly managed

• Asset management does not support vulnerability management

• Metrics are incomplete or not used at all

22

Page 26: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

IA Focus Areas

Governance and IT Risk Management

• Strong security practices develop from mature capabilities,grounded by documented policies and procedures

• A consistent, metrics driven process to substantiate progress withinformation security initiatives

• Formal IT security risk management to determine how to reactwhen vulnerabilities are detected

Common pitfalls

• Not prioritizing security based on the risk to the organization –where is your sensitive data or valuable assets?

23

Page 27: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

IA can provide value in every one of theseactivities.

4 Assess cybersecurity of third parties and supply chain partners, and ensure theyadhere to your security policies and practices

2Identify your most valuable information assets, and prioritize protection of thishigh-value data

1 Ensure that your cybersecurity strategy is aligned with business objectives and isstrategically funded

3 Understand your adversaries, including their motives, resources, and methods ofattack to help reduce the time from detect to respond

5 Collaborate with others to increase awareness of cybersecurity threats andresponse tactics

24

Page 28: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

For more information on cybersecurity…

www.pwc.com/cybersecurity

• Results of 2015 Global State of InformationSecurity

• Answering you cybersecurity questions; the needcontinued action

• 2013 US State of Cybercrime Survey Whitepaper

• 10Minutes on the stark realities of cybersecurity

• Cybersecurity risk on the board’s agenda

• Cyber Video Series

• A response to the President’s CybersecurityExecutive Order

25

Page 29: Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA...Richard Dorough 1 Richard Dorough, EnCE, C-CISO, CIPP, CGEIT, CISA Managing Director, Forensic Technology Solutions Fort Worth, TX

PwC

Key Contacts

© 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and maysometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. Thiscontent is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

Richard DoroughManaging DirectorFt. Worth, [email protected](817) 296-2835

Ashley ShugartManagerDallas, [email protected](202) 679-5939

Matthew WilsonDirectorDallas, [email protected](678) 427-1042