Information Security Fundamental Weaknesses

Place EPA Data and Operations at Risk 1st

edition by Government Accountability Office ISBN
1508400784 9781508400783 download
https://ebookball.com/product/information-security-fundamental-
weaknesses-place-epa-data-and-operations-at-risk-1st-edition-by-
government-accountability-office-
isbn-1508400784-9781508400783-16906/

Download more ebook instantly today - Get yours now at ebookball.com

 Get Your Digital Files Instantly: PDF, ePub, MOBI and More
Quick Digital Downloads: PDF, ePub, MOBI and Other Formats

National Security in the New World Order Government and the Technology
of Information 1st edition by Andrea Monti 9781000442571 1000442578

https://ebookball.com/product/national-security-in-the-new-world-
order-government-and-the-technology-of-information-1st-edition-
by-andrea-monti-9781000442571-1000442578-15476/

Managing Risk and Information Security Protect to Enable 2nd edition

by Malcolm Harkins ISBN 1484214560 978-1484214565

https://ebookball.com/product/managing-risk-and-information-
security-protect-to-enable-2nd-edition-by-malcolm-harkins-
isbn-1484214560-978-1484214565-16736/

Managing Risk and Information Security Protect to Enable 2nd edition

by Malcolm Harkins ISBN 1484214560 978-1484214565

https://ebookball.com/product/managing-risk-and-information-
security-protect-to-enable-2nd-edition-by-malcolm-harkins-
isbn-1484214560-978-1484214565-20328/

Total Information Risk Management Maximizing the Value of Data and

Information Assets 1st Edition by Alexander Borek, Ajith Kumar
Parlikad, Jela Webb, Philip Woodall ISBN 0124055478 9780124055476

https://ebookball.com/product/total-information-risk-management-
maximizing-the-value-of-data-and-information-assets-1st-edition-
by-alexander-borek-ajith-kumar-parlikad-jela-webb-philip-woodall-
isbn-0124055478-9780124055476-14052/
Information Assurance Handbook Effective Computer Security and Risk
Management Strategies 1st edition by Corey Schou, Steven Hernandez
ISBN 0071821651 978-0071821650

https://ebookball.com/product/information-assurance-handbook-
effective-computer-security-and-risk-management-strategies-1st-
edition-by-corey-schou-steven-hernandez-
isbn-0071821651-978-0071821650-16534/

Information Assurance Handbook Effective Computer Security and Risk

Management Strategies 1st edition by Corey Schou, Steven Hernandez
ISBN 0071821651 978-0071821650

https://ebookball.com/product/information-assurance-handbook-
effective-computer-security-and-risk-management-strategies-1st-
edition-by-corey-schou-steven-hernandez-
isbn-0071821651-978-0071821650-16492/

Information Security Program Guide Company Policies Departmental

Procedures IT Standards and Guidelines 1st edition by IT Security Risk
Manager, David Rauschendorfer 1795092432 978-1795092432

https://ebookball.com/product/information-security-program-guide-
company-policies-departmental-procedures-it-standards-and-
guidelines-1st-edition-by-it-security-risk-manager-david-
rauschendorfer-1795092432-978-1795092432-20016/

Security Analytics A Data Centric Approach to Information Security 1st

edition by Mehak Khurana 1000597563 9781000597561

https://ebookball.com/product/security-analytics-a-data-centric-
approach-to-information-security-1st-edition-by-mehak-
khurana-1000597563-9781000597561-20166/

Fundamental Numerical Methods and Data Analysis 1st Edition by George

W Collins ISBN

https://ebookball.com/product/fundamental-numerical-methods-and-
data-analysis-1st-edition-by-george-w-collins-isbn-14686/
 Information Security
FUNDAMENTALS

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 OTHER INFORMATION SECURITY BOOKS FROM AUERBACH
Asset Protection and Security Management Information Technology Control and Audit
Handbook Fredrick Gallegos, Daniel Manson,
POA Publishing and Sandra Allen-Senft
ISBN: 0-8493-1603-0 ISBN: 0-8493-9994-7
Building a Global Information Assurance Investigator's Guide to Steganography
Program Gregory Kipper
Raymond J. Curts and Douglas E. Campbell 0-8493-2433-5
ISBN: 0-8493-1368-6 Managing a Network Vulnerability Assessment
Building an Information Security Awareness Thomas Peltier, Justin Peltier, and John A. Blackley
Program ISBN: 0-8493-1270-1
Mark B. Desman Network Perimeter Security: Building Defense
ISBN: 0-8493-0116-5 In-Depth
Critical Incident Management Cliff Riggs
Alan B. Sterneckert ISBN: 0-8493-1628-6
ISBN: 0-8493-0010-X The Practical Guide to HIPAA Privacy and
Cyber Crime Investigator's Field Guide Security Compliance
Bruce Middleton Kevin Beaver and Rebecca Herold
ISBN: 0-8493-1192-6 ISBN: 0-8493-1953-6
Cyber Forensics: A Field Manual for Collecting, A Practical Guide to Security Engineering and
Examining, and Preserving Evidence of Information Assurance
Computer Crimes Debra S. Herrmann
Albert J. Marcella, Jr. and Robert S. Greenfield ISBN: 0-8493-1163-2
ISBN: 0-8493-0955-7 The Privacy Papers: Managing Technology,
The Ethical Hack: A Framework for Business Consumer, Employee and Legislative Actions
Value Penetration Testing Rebecca Herold
James S. Tiller ISBN: 0-8493-1248-5
ISBN: 0-8493-1609-X Public Key Infrastructure: Building Trusted
The Hacker's Handbook: The Strategy Behind Applications and Web Services
Breaking into and Defending Networks John R. Vacca
Susan Young and Dave Aitel ISBN: 0-8493-0822-4
ISBN: 0-8493-0888-7 Securing and Controlling Cisco Routers
Information Security Architecture: Peter T. Davis
An Integrated Approach to Security in the ISBN: 0-8493-1290-6
Organization Strategic Information Security
Jan Killmeyer Tudor John Wylder
ISBN: 0-8493-9988-2 ISBN: 0-8493-2041-0
Information Security Fundamentals Surviving Security: How to Integrate People,
Thomas R. Peltier Process, and Technology, Second Edition
ISBN: 0-8493-1957-9 Amanda Andress
Information Security Management Handbook, ISBN: 0-8493-2042-9
5th Edition A Technical Guide to IPSec Virtual
Harold F. Tipton and Micki Krause Private Networks
ISBN: 0-8493-1997-8 James S. Tiller
Information Security Policies, Procedures, and ISBN: 0-8493-0876-3
Standards: Guidelines for Effective Information Using the Common Criteria for IT Security
Security Management Evaluation
Thomas R. Peltier Debra S. Herrmann
ISBN: 0-8493-1137-3 ISBN: 0-8493-1404-6
Information Security Risk Analysis
Thomas R. Peltier
ISBN: 0-8493-0880-1

AUERBACH PUBLICATIONS
www.auerbach-publications.com
To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401
E-mail: [email protected]

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 Information Security
FUNDAMENTALS
Thomas R. Peltier
Justin Peltier
John Blackley

AUERBACH PUBLICATIONS
A CRC Press Company
Boca Raton London New York Washington, D.C.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 Library of Congress Cataloging-in-Publication Data

Peltier, Thomas R.
Information security fundamentals / Thomas R. Peltier, Justin Peltier, John Blackley.
p. cm.
Includes bibliographical references and index.
ISBN 0-8493-1957-9 (alk. paper)
1. Computer security. 2. Data protection. I. Peltier, Justin. II. Blackley, John A. III.
Title.

QA76.9.A25P427 2004
005.8—dc22 2004051024

This book contains information obtained from authentic and highly regarded sources. Reprinted material
is quoted with permission, and sources are indicated. A wide variety of references are listed. Reasonable
efforts have been made to publish reliable data and information, but the author and the publisher cannot
assume responsibility for the validity of all materials or for the consequences of their use.

Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic
or mechanical, including photocopying, microfilming, and recording, or by any information storage or
retrieval system, without prior permission in writing from the publisher.

The consent of CRC Press does not extend to copying for general distribution, for promotion, for creating
new works, or for resale. Specific permission must be obtained in writing from CRC Press LLC for such
copying.

Direct all inquiries to CRC Press, 2000 N.W. Corporate Blvd., Boca Raton, Florida 33431.

Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are
used only for identification and explanation, without intent to infringe.

Visit the CRC Press Web site at www.crcpress.com

© 2005 by CRC Press LLC

Auerbach is an imprint of CRC Press LLC

No claim to original U.S. Government works

International Standard Book Number 0-8493-1957-9
Library of Congress Card Number 2004051024
Printed in the United States of America 1 2 3 4 5 6 7 8 9 0
Printed on acid-free paper

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page v Monday, September 20, 2004 3:19 PM

Dedication

To our spouses, friends, children, and colleagues; without them we would

be without direction, support, and joy.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page vii Monday, September 20, 2004 3:19 PM

Contents

Acknowledgments
Introduction

Chapter 1 Overview
1.1 Elements of Information Protection
1.2 More Than Just Computer Security
1.2.1 Employee Mind-Set toward Controls
1.3 Roles and Responsibilities
1.3.1 Director, Design and Strategy
1.4 Common Threats
1.5 Policies and Procedures
1.6 Risk Management
1.7 Typical Information Protection Program
1.8 Summary

Chapter 2 Threats to Information Security

2.1 What Is Information Security?
2.2 Common Threats
2.2.1 Errors and Omissions
2.2.2 Fraud and Theft
2.2.3 Malicious Hackers
2.2.4 Malicious Code
2.2.5 Denial-of-Service Attacks
2.2.6 Social Engineering
2.2.7 Common Types of Social Engineering
2.3 Summary

Chapter 3 The Structure of an Information Security

Program
3.1 Overview
3.1.1 Enterprisewide Security Program

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page viii Monday, September 20, 2004 3:19 PM

3.2 Business Unit Responsibilities

3.2.1 Creation and Implementation of Policies and Standards
3.2.2 Compliance with Policies and Standards
3.3 Information Security Awareness Program
3.3.1 Frequency
3.3.2 Media
3.4 Information Security Program Infrastructure
3.4.1 Information Security Steering Committee
3.4.2 Assignment of Information Security Responsibilities
3.4.2.1 Senior Management
3.4.2.2 Information Security Management
3.4.2.3 Business Unit Managers
3.4.2.4 First Line Supervisors
3.4.2.5 Employees
3.4.2.6 Third Parties
3.5 Summary

Chapter 4 Information Security Policies

4.1 Policy Is the Cornerstone
4.2 Why Implement an Information Security Policy
4.3 Corporate Policies
4.4 Organizationwide (Tier 1) Policies
4.4.1 Employment
4.4.2 Standards of Conduct
4.4.3 Conflict of Interest
4.4.4 Performance Management
4.4.5 Employee Discipline
4.4.6 Information Security
4.4.7 Corporate Communications
4.4.8 Workplace Security
4.4.9 Business Continuity Plans (BCPs)
4.4.10 Procurement and Contracts
4.4.11 Records Management
4.4.12 Asset Classification
4.5 Organizationwide Policy Document
4.6 Legal Requirements
4.6.1 Duty of Loyalty
4.6.2 Duty of Care
4.6.3 Federal Sentencing Guidelines for Criminal Convictions
4.6.4 The Economic Espionage Act of 1996
4.6.5 The Foreign Corrupt Practices Act (FCPA)
4.6.5 Sarbanes–Oxley (SOX) Act
4.6.6 Health Insurance Portability and Accountability
Act (HIPAA)
4.6.7 Gramm–Leach–Bliley Act (GLBA)
4.7 Business Requirements

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page ix Monday, September 20, 2004 3:19 PM

4.8 Definitions
4.8.1 Policy
4.8.2 Standards
4.8.3 Procedures
4.8.4 Guidelines
4.9 Policy Key Elements
4.10 Policy Format
4.10.1 Global (Tier 1) Policy
4.10.1.1 Topic
4.10.1.2 Scope
4.10.1.3 Responsibilities
4.10.1.4 Compliance or Consequences
4.10.1.5 Sample Information Security Global Policies
4.10.2 Topic-Specific (Tier 2) Policy
4.10.2.1 Thesis Statement
4.10.2.2 Relevance
4.10.2.3 Responsibilities
4.10.2.4 Compliance
4.10.2.5 Supplementary Information
4.10.3 Application-Specific (Tier 3) Policy
4.11 Summary

Chapter 5 Asset Classification

5.1 Introduction
5.2 Overview
5.3 Why Classify Information?
5.4 What Is Information Classification?
5.5 Where to Begin?
5.6 Information Classification Category Examples
5.6.1 Example 1
5.6.2 Example 2
5.6.3 Example 3
5.6.4 Example 4
5.7 Resist the Urge to Add Categories
5.8 What Constitutes Confidential Information
5.8.1 Copyright
5.9 Employee Responsibilities
5.9.1 Owner
5.9.1.1 Information Owner
5.9.2 Custodian
5.9.3 User
5.10 Classification Examples
5.10.1 Classification: Example 1
5.10.2 Classification: Example 2
5.10.3 Classification: Example 3
5.10.4 Classification: Example 4

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page x Monday, September 20, 2004 3:19 PM

5.11 Declassification or Reclassification of Information

5.12 Records Management Policy
5.12.1 Sample Records Management Policy
5.13 Information Handling Standards Matrix
5.13.1 Printed Material
5.13.2 Electronically Stored Information
5.13.3 Electronically Transmitted Information
5.13.4 Record Management Retention Schedule
5.14 Information Classification Methodology
5.15 Authorization for Access
5.15.1 Owner
5.15.2 Custodian
5.15.3 User
5.16 Summary

Chapter 6 Access Control

6.1 Business Requirements for Access Control
6.1.1 Access Control Policy
6.2 User Access Management
6.2.1 Account Authorization
6.2.2 Access Privilege Management
6.2.3 Account Authentication Management
6.3 System and Network Access Control
6.3.1 Network Access and Security Components
6.3.2 System Standards
6.3.3 Remote Access
6.4 Operating System Access Controls
6.4.1 Operating Systems Standards
6.4.2 Change Control Management
6.5 Monitoring System Access
6.5.1 Event Logging
6.5.2 Monitoring Standards
6.5.3 Intrusion Detection Systems
6.6 Cryptography
6.6.1 Definitions
6.6.2 Public Key and Private Key
6.6.3 Block Mode, Cipher Block, and Stream Ciphers
6.6.4 Cryptanalysis
6.7 Sample Access Control Policy
6.8 Summary

Chapter 7 Physical Security

7.1 Data Center Requirements
7.2 Physical Access Controls

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page xi Monday, September 20, 2004 3:19 PM

7.2.1 Assets to be Protected

7.2.2 Potential Threats
7.2.3 Attitude toward Risk
7.2.4 Sample Controls
7.3 Fire Prevention and Detection
7.3.1 Fire Prevention
7.3.2 Fire Detection
7.3.3 Fire Fighting
7.4 Verified Disposal of Documents
7.4.1 Collection of Documents
7.4.2 Document Destruction Options
7.4.3 Choosing Services
7.5 Agreements
7.5.1 Duress Alarms
7.6 Intrusion Detection Systems
7.6.1 Purpose
7.6.2 Planning
7.6.3 Elements
7.6.4 Procedures
7.7 Sample Physical Security Policy
7.8 Summary

Chapter 8 Risk Analysis and Risk Management

8.1 Introduction
8.2 Frequently Asked Questions on Risk Analysis
8.2.1 Why Conduct a Risk Analysis?
8.2.2 When to Conduct a Risk Analysis?
8.2.3 Who Should Conduct the Risk Analysis?
8.2.4 How Long Should a Risk Analysis Take?
8.2.5 What a Risk Analysis Analyzes
8.2.6 What Can the Results of a Risk Analysis Tell an
Organization?
8.2.7 Who Should Review the Results of a Risk Analysis?
8.2.8 How Is the Success of the Risk Analysis Measured?
8.3 Information Security Life Cycle
8.4 Risk Analysis Process
8.4.1 Asset Definition
8.4.2 Threat Identification
8.4.3 Determine Probability of Occurrence
8.4.4 Determine the Impact of the Threat
8.4.5 Controls Recommended
8.4.6 Documentation
8.5 Risk Mitigation
8.6 Control Categories

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page xii Monday, September 20, 2004 3:19 PM

8.7 Cost/Benefit Analysis

8.8 Summary

Chapter 9 Business Continuity Planning

9.1 Overview
9.2 Business Continuity Planning Policy
9.2.1 Policy Statement
9.2.2 Scope
9.2.3 Responsibilities
9.2.4 Compliance
9.3 Conducting a Business Impact Analysis (BIA)
9.3.1 Identify Sponsor(s)
9.3.2 Scope
9.3.3 Information Meeting
9.3.4 Information Gathering
9.3.5 Questionnaire Design
9.3.6 Scheduling the Interviews
9.3.7 Conducting Interviews
9.3.8 Tabulating the Information
9.3.9 Presenting the Results
9.4 Preventive Controls
9.5 Recovery Strategies
9.5.1 Hot Site, Cold Site, Warm Site, Mobile Site
9.5.2 Key Considerations
9.5.2.1 People
9.5.2.2 Communications
9.5.2.3 Computing Equipment
9.5.2.4 Facilities
9.6. Plan Construction, Testing, and Maintenance
9.6.1 Plan Construction
9.6.1.1 Crisis Management Plan
9.6.1.2 Plan Distribution
9.6.2 Plan Testing
9.6.2.1 Line Testing
9.6.2.2 Walk-through Testing
9.6.2.3 Single Process Testing
9.6.2.4 Full Testing
9.6.2.5 Plan Testing Summary
9.6.3 Plan Maintenance
9.7 Sample Business Continuity Plan Policy
9.8 Summary
Glossary
Bibliography

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page xiii Monday, September 20, 2004 3:19 PM

Acknowledgments

An organization that has moved to the forefront of creating usable infor-

mation for the information security professional is the National Institute
of Standards and Technology (NIST). The NIST 800 Series of Special
Publications is a great source of information that many security profes-
sionals have provided over the years. Joan Hash and the other dedicated
people who work at NIST have added greatly to the profession.
The Computer Security Institute (CSI) has been the leader in the
information security industry since 1974 and continues to provide leader-
ship and direction for its members and the industry as a whole. John
O’Leary has been the constant in all the changes seen in this industry.
The new CSI management team of Julie Hogan, Chris Keating, and Jennifer
Stevens continues to provide the tools and classes that the security
professional needs to be successful. The new team has blended well with
the CSI seasoned veterans of Pam Salaway, Kimber Heald, Frederic Martin,
Nancy Baer, and Joanna Kaufman.
No one has all of the answers to any question, so the really “smart”
person cultivates good friends. Having been in the information security
business for nearly 30 years, I have had the great good fortune of having
a number of such friends and fellow professionals. This group of long-
time sources of great information include Mike Corby, Terri Curran, Peter
Stephenson, Merrill Lynch, Bob Cartwright, Pat Howard, Cheryl and Carl
Jackson, Becky Herold, Ray Kaplan, Genny Burns, Anne Terwilliger,
Patrice Rapalus, David Lynas, John Sherwood, Herve Schmidt, Antonio
and Pietro Ruvolo, Wayne Sumida, Caroline Hamilton, Dan Erwin, Lisa
Bryson, and William H. Murray.
My working buddies must also be acknowledged. My son Justin is the
greatest asset any father — and more importantly, any information security
team — could ever hope for. Over the past two years, we have logged

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page xiv Monday, September 20, 2004 3:19 PM

nearly 150,000 air miles together, and each day we learn something new
from each other.
The other working buddy is John Blackley, a strange Scotsman who
makes our life more fun and interesting. I have worked with John since
1985 and have marveled at how well he takes obtuse concepts and
condenses them so that even management types understand.
Who can leave out their publisher? Certainly not me; Rich O’Hanley
has taken the time to discuss security issues with numerous organizations
to understand what their needs are and then presented these findings to
us. A great deal of our work here is a direct result of what Rich discovered
the industry wanted. Rich O’Hanley, not only the world’s best editor and
task master, but a good friend and source of knowledge. Thanks Rich!
And finally I extend a thank-you to my editor Andrea Demby. She
takes the time to take the raw manuscript and put it into a logically
flowing work. She sometimes has to ask me the same question more than
once, but finally I get what needs to be done.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C000.fm Page xv Monday, September 20, 2004 3:19 PM

Introduction

The purpose of information security is to protect an organization’s valuable

resources, such as information, computer hardware, and software. Through
the selection and application of appropriate safeguards, security helps the
organization’s mission by protecting its physical and financial resources,
reputation, legal position, employees, and other tangible and intangible
assets. To many, security is sometimes viewed as thwarting the business
objectives of the organization by imposing poorly selected, bothersome
rules and procedures on users, managers, and systems. Well-chosen secu-
rity rules and procedures do not exist for their own sake — they are put
in place to protect important assets and thereby support the overall
business objectives.
Developing an information security program that adheres to the prin-
ciple of security as a business enabler is the first step in an enterprise’s
effort to build an effective security program. Organizations must continually
(1) explore and assess information security risks to business operations;
(2) determine what policies, standards, and controls are worth implement-
ing to reduce these risks; (3) promote awareness and understanding among
the staff; and (4) assess compliance and control effectiveness. As with other
types of internal controls, this is a cycle of activity, not an exercise with
a defined beginning and end.
This book was designed to give the information security professional
a solid understanding of the fundamentals of security and the entire range
of issues the practitioner must address. We hope you will be able to take
the key elements that comprise a successful information security program
and implement the concepts into your own successful program.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 1 Monday, September 20, 2004 3:21 PM

Chapter 1

Overview

The purpose of information protection is to protect an organization’s

valuable resources, such as information, hardware, and software. Through
the selection and application of appropriate safeguards, security helps the
organization meet its business objectives or mission by protecting its
physical and financial resources, reputation, legal position, employees,
and other tangible and intangible assets. We will examine the elements
of computer security, employee roles and responsibilities, and common
threats. We will also examine the need for management controls, policies
and procedures, and risk analysis. Finally, we will present a comprehensive
list of tasks, responsibilities, and objectives that make up a typical infor-
mation protection program.

1.1 Elements of Information Protection

Information protection should be based on eight major elements:

1. Information protection should support the business objectives or

mission of the enterprise. This idea cannot be stressed enough. All
too often, information security personnel lose track of their goals
and responsibilities. The position of ISSO (Information Systems
Security Officer) has been created to support the enterprise, not
the other way around.
2. Information protection is an integral element of due care. Senior
management is charged with two basic responsibilities: a duty of

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 2 Monday, September 20, 2004 3:21 PM

loyalty — this means that whatever decisions they make must be

made in the best interest of the enterprise. They are also charged
with a duty of care — this means that senior management is
required to protect the assets of the enterprise and make informed
business decisions. An effective information protection program
will assist senior management in meeting these duties.
3. Information protection must be cost effective. Implementing con-
trols based on edicts is counter to the business climate. Before any
control can be proposed, it will be necessary to confirm that a
significant risk exists. Implementing a timely risk analysis process
can complete this. By identifying risks and then proposing appro-
priate controls, the mission and business objectives of the enterprise
will be better met.
4. Information protection responsibilities and accountabilities should
be made explicit. For any program to be effective, it will be
necessary to publish an information protection policy statement
and a group mission statement. The policy should identify the roles
and responsibilities of all employees. To be completely effective,
the language of the policy must be incorporated into the purchase
agreements for all contract personnel and consultants.
5. System owners have information protection responsibilities outside
their own organization. Access to information will often extend
beyond the business unit or even the enterprise. It is the respon-
sibility of the information owner (normally the senior level manager
in the business that created the information or is the primary user
of the information). One of the main responsibilities is to monitor
usage to ensure that it complies with the level of authorization
granted to the user.
6. Information protection requires a comprehensive and integrated
approach. To be as effective as possible, it will be necessary for
information protection issues to be part of the system development
life cycle. During the initial or analysis phase, information protec-
tion should receive as its deliverables a risk analysis, a business
impact analysis, and an information classification document. Addi-
tionally, because information is resident in all departments through-
out the enterprise, each business unit should establish an individual
responsible for implementing an information protection program
to meet the specific business needs of the department.
7. Information protection should be periodically reassessed. As with
anything, time changes the needs and objectives. A good informa-
tion protection program will examine itself on a regular basis and
make changes wherever and whenever necessary. This is a dynamic

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 3 Monday, September 20, 2004 3:21 PM

and changing process and therefore must be reassessed at least

every 18 months.
8. Information protection is constrained by the culture of the organi-
zation. The ISSO must understand that the basic information pro-
tection program will be implemented throughout the enterprise.
However, each business unit must be given the latitude to make
modifications to meet its specific needs. If your organization is
multinational, it will be necessary to make adjustments for each
of the various countries. These adjustments will have to be exam-
ined throughout the United States. What might work in Des Moines,
Iowa, may not fly in Berkeley, California. Provide for the ability
to find and implement alternatives.

Information protection is a means to an end and not the end in itself.

In business, having an effective information protection program is usually
secondary to the need to make a profit. In the public sector, information
protection is secondary to the agency’s services provided to its constancy.
We, as security professionals, must not lose sight of these goals and objectives.
Computer systems and the information processed on them are often
considered critical assets that support the mission of an organization.
Protecting them can be as important as protecting other organizational
resources such as financial resources, physical assets, and employees. The
cost and benefits of information protection should be carefully examined
in both monetary and nonmonetary terms to ensure that the cost of controls
does not exceed the expected benefits. Information protection controls
should be appropriate and proportionate.
The responsibilities and accountabilities of the information owners,
providers, and users of computer services and other parties concerned
with the protection of information and computer assets should be explicit.
If a system has external users, its owners have a responsibility to share
appropriate knowledge about the existence and general extent of control
measures so that other users can be confident that the system is adequately
secure. As we expand the user base to include suppliers, vendors, clients,
customers, shareholders, and the like, it is incumbent upon the enterprise
to have clear and identifiable controls. For many organizations, the initial
sign-on screen is the first indication that there are controls in place. The
message screen should include three basic elements:

1. The system is for authorized users only

2. That activities are monitored
3. That by completing the sign-on process, the user agrees to the
monitoring

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 4 Monday, September 20, 2004 3:21 PM

1.2 More Than Just Computer Security

Providing effective information protection requires a comprehensive
approach that considers a variety of areas both within and outside the
information technology area. An information protection program is more
than establishing controls for the computer-held data. In 1965 the idea of
the “paperless office” was first introduced. The advent of third-generation
computers brought about this concept. However, today the bulk of all of
the information available to employees and others is still found in printed
form. To be an effective program, information protection must move
beyond the narrow scope of IT and address the issues of enterprisewide
information protection. A comprehensive program must touch every stage
of the information asset life cycle from creation to eventual destruction.

1.2.1 Employee Mind-Set toward Controls

Access to information and the environments that process them are
dynamic. Technology and users, data and information in the systems, risks
associated with the system, and security requirements are ever changing.
The ability of information protection to support business objectives or the
mission of the enterprise may be limited by various factors, such as the
current mind-set toward controls.
A highly effective method of measuring the current attitude toward
information protection is to conduct a “walk-about.” After hours or on a
weekend, conduct a review of the workstations throughout a specific area
(usually a department or a floor) and look for just five basic control activities:

1. Offices secured
2. Desk and cabinets secured
3. Workstations secured
4. Information secured
5. Diskettes secured

When conducting an initial “walk-about,” the typical office environment

will have a 90 to 95 percent noncompliance rate with at least one of these
basic control mechanisms. The result of this review should be used to
form the basis for an initial risk analysis to determine the security require-
ments for the workstation. When conducting such a review, employee
privacy issues must be remembered.

1.3 Roles and Responsibilities

As discussed, senior management has the ultimate responsibility for pro-
tecting the organization’s information assets. One of these responsibilities

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 5 Monday, September 20, 2004 3:21 PM

is the establishment of the function of Corporate Information Officer (CIO).

The CIO directs the organization’s day-to-day management of information
assets. The ISSO and Security Administrator should report directly to the
CIO and are responsible for the day-to-day administration of the informa-
tion protection program.
Supporting roles are performed by the service providers and include
Systems Operations, whose personnel design and operate the computer
systems. They are responsible for implementing technical security on the
systems. Telecommunications is responsible for providing communication
services, including voice, data, video, and fax.
The information protection professional must also establish strong work-
ing relationships with the audit staff. If the only time you see the audit staff
is when they are in for a formal audit, then you probably do not have a
good working relationship. It is vitally important that this liaison be estab-
lished and that you meet to discuss common problems at least each quarter.
Other groups include the physical security staff and the contingency
planning group. These groups are responsible for establishing and imple-
menting controls and can form a peer group to review and discuss controls.
The group responsible for application development methodology will
assist in the implementation of information protection requirements in the
application system development life cycle. Quality Assurance can assist
in ensuring that information protection requirements are included in all
development projects prior to movement to production.
The Procurement group can work to get the language of the informa-
tion protection policies included in the purchase agreements for contract
personnel. Education and Training can assist in developing and conducting
information protection awareness programs and in training supervisors in
the responsibility to monitor employee activities. Human Resources will
be the organization responsible for taking appropriate action for any
violations of the organization’s information protection policy.
An example of a typical job description for an information security
professional is as follows:

1.3.1 Director, Design and Strategy

Location: Anywhere, World
Practice Area: Corporate Global Security Practice
Grade:
Purpose: To create an information security design and
strategy practice that defines the technology structure

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 6 Monday, September 20, 2004 3:21 PM

needed to address the security needs of its clients. The

information security design and strategy will comple-
ment security and network services developed by the
other Global Practice areas. The design and strategy
practice will support the clients’ information technology
and architecture and integrate with each enterprise’s
business architecture. This security framework will pro-
vide for the secure operation of computing platforms,
operating systems, and networks, both voice and data,
to ensure the integrity of the clients’ information assets.
To work on corporate initiatives to develop and imple-
ment the highest quality security services and ensure
that industry best practices are followed in their imple-
mentation.
Working Relationships: This position reports in the Global
Security Practice to the Vice President, Global Security.
Internal contacts are primarily Executive Management,
Practice Directors, Regional Management, as well as
mentoring and collaborating with consultants. This posi-
tion will directly manage two professional positions:
Manager, Service Provider Security Integration; and
Service Provider Security Specialist. Frequent external
contacts include building relationships with clients,
professional information security organizations, other
information security consultants; vendors of hardware,
software, and security services; and various regulatory
and legal authorities.
Principle Duties and Responsibilities: The responsibilities
of the Director, Design and Strategy include, but are
not limited to, the following:

Develop global information security services that will
provide the security functionality required to protect
clients’ information assets against unauthorized disclo-
sure, modification, and destruction. Particular focus ar-
eas include:

Virtual private networks
– Data privacy
– Virus prevention
– Secure application architecture
– Service provider security solutions

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 7 Monday, September 20, 2004 3:21 PM

Develop information security strategy services that can

adapt to clients’ diverse and changing technological
needs.

Work with Network and Security practice leaders and
consultants; create sample architectures that communi-
cate the security requirements that will meet the needs
of all client network implementations.

Work with practice teams to aid them from the concep-
tion phase to the deployment of the project solution.
This includes a quality assurance review to ensure that
the details of the project are correctly implemented
according to the service delivery methodology.

Work with the clients to collect their business require-
ments for electronic commerce, while educating them
on the threats, vulnerabilities, and available risk miti-
gation strategies.

Determine where and how you should use cryptogra-
phy to provide public key infrastructure and secure
messaging services for clients.

Participate in security industry standards bodies to en-
sure that strategic information security needs will be
addressed.

Conduct security focus groups with the clients to cultivate
an effective exchange of business plans, product devel-
opment, and marketing direction to aid in creating new
and innovative service offerings to meet client needs.

Continually evaluate vendors’ product strategies and
future product statements, and advise which will be
most appropriate to pursue for alliances, especially in
the areas of:
– Virtual private networks
– Data privacy
– Virus prevention
– Secure application architecture
– Service provider security solutions

Provide direction and oversight of hardware- and soft-
ware-based cryptography service development efforts.
Accountability: Maintain the quality and integrity of the
services offered by the Global Security Practice. Review
and report impartially on the potential viability and prof-
itability of new security services. Assess the operational

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 8 Monday, September 20, 2004 3:21 PM

efficiency, compliance with industry standards, and

effectiveness of the client network designs and strate-
gies that are implemented through the company’s pro-
fessional service offerings. Exercise professional
judgment in making recommendations that may impact
business operations.
Knowledge and Skills:

10 Percent Managerial and Practice Management:
– Ability to supervise a multidisciplinary team and a small
staff; must handle multiple tasks simultaneously; ability to
team with other Practice Directors and Managers to develop
strategic service offerings
– Willingness to manage or to personally execute necessary
tasks, as resources are required
– Excellent oral, written, and presentation skills

40 Percent Technical:
– In-depth technical knowledge of information processing
platforms, operating systems, and networks in a global dis-
tributed environment
– Ability to identify and apply security techniques to develop
services to reduce clients’ risk in such an environment
– Technical experience in industrial security, computer sys-
tems architecture, design, and development, physical and
data security, telecommunications networks, auditing tech-
niques, and risk analysis principles
– Excellent visionary skills that focus on scalability, cost effec-
tiveness, and implementation ease

20 Percent Business:
– Knowledge of business information flow in a multinational,
multiplatform networked environment
– Solid understanding of corporate dynamics and general busi-
ness processes; understanding of multiple industries
– Good planning and goal-setting skills

20 Percent Interpersonal:
– Must possess strong consulting and communication skills
– Must have the ability to work with all levels of management
to resolve issues
– Must understand and differentiate between tactical and stra-
tegic concepts
– Must be able to weigh business needs with security require-
ments
– Must be self-motivating

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 9 Monday, September 20, 2004 3:21 PM

Attributes: Must be mature, self-confident, and perfor-

mance oriented. Will clearly demonstrate an ability to
lead technological decisions. Will establish credibility
with personal dedication, attention to detail, and a
hands-on approach. Will have a sense of urgency in
establishing security designs and strategies to address
new technologies to be deployed addressing clients’
business needs. Will also be capable of developing
strong relationships with all levels of management.
Other important characteristics include the ability to
function independently, holding to the highest levels
of personal and professional integrity. Will be an excel-
lent communicator and team player.
Specific requirements include:

Bachelor’s degree (Master’s degree desirable)

Advanced degree preferred

Fifteen or more years of information technology con-
sulting or managerial experience, eight of those years
spent in information security positions

CISM or CISSP certification preferred (other appropriate
industry or technology certifications desirable)
Potential Career Path Opportunities: Opportunities for
progression to a VP position within the company.

1.4 Common Threats

Information processing systems are vulnerable to many threats that can
inflict various types of damage that can result in significant losses. This
damage can range from errors harming database integrity to fires destroy-
ing entire complexes. Losses can stem from the actions of supposedly
trusted employees defrauding a system, from outside hackers, or from
careless data entry. Precision in estimating information protection-related
losses is not possible because many losses are never discovered, and
others are hidden to avoid unfavorable publicity.
The typical computer criminal is an authorized, nontechnical user of
the system who has been around long enough to determine what actions
would cause a “red flag” or an audit. The typical computer criminal is an
employee. According to a recent survey in “Current and Future Danger:
A CSI Primer on Computer Crime & Information Warfare,” more than

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 10 Monday, September 20, 2004 3:21 PM

80 percent of the respondents identified employees as a threat or potential

threat to information security. Also included in this survey were the
competition, contract personnel, public interest groups, suppliers, and
foreign governments.
The chief threat to information protection is still errors and omissions.
This concern continues to make up 65 percent of all information protection
problems. Users, data entry personnel, system operators, programmers,
and the like frequently make errors that contribute directly or indirectly
to this problem.
Dishonest employees make up another 13 percent of information
protection problems. Fraud and theft can be committed by insiders and
outsiders, but it more likely to be done by a company’s own employees.
In a related area, disgruntled employees make up another 10 percent of
the problem. Employees are most familiar with the organization’s infor-
mation assets and processing systems, including knowing what actions
might cause the most damage, mischief, or sabotage.
Common examples of information protection-related employee sabo-
tage include destroying hardware or facilities, planting malicious code
(viruses, worms, Trojan horses, etc.) to destroy data or programs, entering
data incorrectly, deleting data, altering data, and holding data “hostage.”
The loss of the physical facility or the supporting infrastructure (power
failures, telecommunications disruptions, water outage and leaks, sewer
problems, lack of transportation, fire, flood, civil unrest, strikes, etc.) can
lead to serious problems and make up 8 percent of information protection-
related problems.
The final area comprises malicious hackers or crackers. These terms
refer to those who break into computers without authorization or exceed
the level of authorization granted to them. While these problems get the
largest amount of press coverage and movies, they only account for five
to eight percent of the total picture. They are real and they can cause a
great deal of damage. But when attempting to allocate limited information
protection resources, it may be better to concentrate efforts in other areas.
To be certain, conduct a risk analysis to see what the exposure might be.

1.5 Policies and Procedures

An information protection policy is the documentation of enterprisewide
decisions on handling and protecting information. In making these deci-
sions, managers face difficult choices involving resource allocation, com-
peting objectives, and organization strategy related to protecting both
technical and information resources as well as guiding employee behavior.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 11 Monday, September 20, 2004 3:21 PM

When creating an information protection policy, it is best to understand

that information is an asset of the enterprise and is the property of the
organization. As such, information reaches beyond the boundaries of IT
and is present in all areas of the enterprise. To be effective, an information
protection policy must be part of the organization’s asset management
program and be enterprisewide.
There are as many forms, styles, and kinds of policy as there are
organizations, businesses, agencies, and universities. In addition to the
various forms, each organization has a specific culture or mental model
on what and how a policy is to look and who should appr ove the
document. The key point here is that every organization needs an infor-
mation protection policy. According to the 2000 CSI report on Computer
Crime, 65 percent of respondents to its survey admitted that they do not
have a written policy. The beginning of an information protection program
is the implementation of a policy. The program policy creates the organi-
zation’s attitude toward information and announces internally and externally
that information is an asset and the property of the organization and is
to be protected from unauthorized access, modification disclosure, and
destruction.
This book leads the policy writer through the key structure elements
and then reviews some typical policy contents. Because policies are not
enough, this book teaches the reader how to develop standards, proce-
dures, and guidelines. Each section provides advice on the structural
mechanics of the various documents, as well as actual examples.

1.6 Risk Management

Risk is the possibility of something adverse happening. The process of
risk management is to identify those risks, assess the likelihood of their
occurrence, and then taking steps to reduce the risk to an acceptable
level. All risk analysis processes use the same methodology. Determine
the asset to be reviewed. Identify the risk, issues, threats, or vulnerabilities.
Assess the probability of the risk occurring and the impact to the asset
or the organization should the risk be realized. Then identify controls that
would bring the impact to an acceptable level.
The book entitled Information Security Risk Analysis (CRC Press, 2001)
discusses effective risk analysis methodologies. It takes the reader through
the theory of risk analysis:

1. Identify the asset.

2. Identify the risks.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 12 Monday, September 20, 2004 3:21 PM

3. Prioritize the risks.

4. Identify controls and safeguards.

The book will help the reader understand qualitative risk analysis; it
then gives examples of this process. To make certain that the reader gets
a well-rounded exposure to risk analysis, the book presents eight different
methods, concluding with the Facilitated Risk Analysis Process (FRAP).
The primary function of information protection risk management is the
identification of appropriate controls. In every assessment of risk, there
will be many areas for which it will not be obvious what kinds of controls
are appropriate. The goal of controls is not to have 100 percent security;
total security would mean zero productivity. Controls must never lose
sight of the business objectives or mission of the enterprise. Whenever
there is a contest for supremacy, controls lose and productivity wins. This
is not a contest, however. The goal of information protection is to provide
a safe and secure environment for management to meet its duty of care.
When selecting controls, one must consider many factors, including
the organization’s information protection policy. These include the legis-
lation and regulations that govern your enterprise along with safety,
reliability, and quality requirements. Remember that every control will
require some performance requirements. These performance requirements
may be a reduction in user response time; additional requirements before
applications are moved into production or additional costs.
When considering controls, the initial implementation cost is only the
tip of the “cost iceberg.” The long-term cost for maintenance and moni-
toring must be identified. Be sure to examine any and all technical
requirements and cultural constraints. If your organization is multinational,
control measures that work and are accepted in your home country might
not be accepted in other countries.
Accept residual risk; at some point, management will need to decide
if the operation of a specific process or system is acceptable, given the
risk. There can be any number of reasons that a risk must be accepted;
these include but are not limited to the following:

The type of risk may be different from previous risks.

The risk may be technical and difficult for a layperson to grasp.

The current environment may make it difficult to identify the risk.

Information protection professionals sometimes forget that the manag-

ers hired by our organizations have the responsibility to make decisions.
The job of the ISSO is to help information asset owners identify risks to
the assets. Assist them in identifying possible controls and then allow
them to determine their action plan. Sometimes they will choose to accept
the risk, and this is perfectly permissible.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 13 Monday, September 20, 2004 3:21 PM

1.7 Typical Information Protection Program

Over the years, the computer security group responsible for access control
and disaster recovery planning has evolved into the enterprisewide infor-
mation protection group. This group’s ever-expanding roles and respon-
sibilities include:

Firewall control

Risk analysis

Business Impact Analysis (BIA)

Virus control and virus response team

Computer Emergency Response Team (CERT)

Computer crime investigation

Records management

Encryption

E-mail, voice-mail, Internet, video-mail policy

Enterprisewide information protection program

Industrial espionage controls

Contract personnel nondisclosure agreements

Legal issues

Internet monitoring

Disaster planning

Business continuity planning

Digital signature

Secure single sign-on

Information classification

Local area networks

Modem control

Remote access

Security awareness programs

In addition to these elements, the security professional now has to ensure

that standards, both in the United States and worldwide, are examined
and acted upon where appropriate. This book discusses these new stan-
dards in detail.

1.8 Summary
The role of the information protection professional has changed over the
past 25 years and will change again and again. Implementing controls to
be in compliance with audit requirements is not the way in which a
program such as this can be run. There are limited resources available
for controls. To be effective, the information owners and users must accept

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_C001.fm Page 14 Monday, September 20, 2004 3:21 PM

the controls. To meet this end, it will be necessary for the information
protection professionals to establish partnerships with their constituencies.
Work with your owners and users to find the appropriate level of controls.
Understand the needs of the business or the mission of your organization.
And make certain that information protection supports those goals and
objectives.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 15 Friday, September 10, 2004 5:46 PM

Chapter 2

Threats to Information
Security

2.1 What Is Information Security?

Information security is such a wide-ranging topic that it can be rather
difficult to define precisely what it is. So when it came time for me to try
to define it for the introduction of this chapter, I was stuck for a long
period of time. Following the recommendation of my wife, I went to the
best place to find definitions for anything — the dictionary. I pulled up
the Merriam-Webster dictionary online and came up with these entries:

Main Entry: in⋅for⋅ma⋅tion

Pronunciation: “in′f r ma– ′sh n
e e

Function: noun
1: the communication or reception of knowledge or intel-
ligence
2 a (1): knowledge obtained from investigation, study, or
instruction
(2): INTELLIGENCE, NEWS
(3): FACTS, DATA b : the attribute inherent in and
communicated by one of two or more alternative
sequences or arrangements of something (as
nucleotides in DNA or binary digits in a computer

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 16 Friday, September 10, 2004 5:46 PM

program) that produce specific effects c (1) : a

signal or character (as in a communication system
or computer) representing data (2) : something
(as a message, experimental data, or a picture)
which justifies change in a construct (as a plan
or theory) that represents physical or mental
experience or another construct d : a quantitative
measure of the content of information; specifi-
cally : a numerical quantity that measures the
uncertainty in the outcome of an experiment to
be performed
3: the act of informing against a person
4: a formal accusation of a crime made by a prosecuting
officer as distinguished from an indictment presented
by a grand jury
—in′for⋅ma′tion⋅al, adjective
—in′for⋅ma′tion⋅al⋅ly, adverb

And for security, my result was this:

Main Entry: se⋅cu⋅ri⋅ty

–
Pronunciation: sikyur′i t e
Function: noun
Inflected Form(s): plural -ties
1: the quality or state of being secure: as a : freedom
from danger : SAFETY b: freedom from fear or anxiety
c: freedom from the prospect of being laid off <job
security>
2a: something given, deposited, or pledged to make
certain the fulfillment of an obligation b: SURETY
3: an evidence of debt or of ownership (as a stock
certificate or bond)
4a: something that secures: PROTECTION b (1): mea-
sures taken to guard against espionage or sabotage,
crime, attack, or escape (2): an organization or depart-
ment whose task is security

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 17 Friday, September 10, 2004 5:46 PM

So even after looking up information security in this dictionary, I still

did not have a good way to describe and explain what information security
was. Considering that I have worked in information security for almost
nine years now, it was a little unsettling to not be able to define, at the most
basic level, what I really did. The greatest difficulty in defining information
security is, to me, because it is a little bit like trying to define infinity. It
just seems far too vast for me to easily comprehend. Currently, information
security can cover everything from developing the written policies that
an organization will follow to secure its information, to the implementation
of a user’s access to a new file on the organization’s server. With such a
wide range of potential elements, it often leaves those in information
security feeling as if they are a bit of the “Jack of all trades — and master
of none.” To give you a better feeling of the true breadth of information
security, we will cover some of the more common aspects of information
security in brief. All of the facets that we cover in the next few paragraphs
are discussed in more detail throughout the remainder of the book.
The first and probably most important aspect of information security
is the security policy (see Figure 2.1). If information security were a person,
the security policy would be the central nervous system. Policies become
the core of information security that provides a structure and purpose for
all other aspects of information security. To those of you who may be a
bit more technical, this may come as a surprise. In the documentation for

Secure

Security
Improve Monitor
Policy

Test

FIGURE 2.1 Security Wheel

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 18 Friday, September 10, 2004 5:46 PM

their Cisco PIX® product, the folks at Cisco® even refer to the security
policy as the center of security. RFC 2196 “Site Security Handbook” defines
a security policy as “a formal statement of the rules by which people who
are given access to an organization’s technology and information assets
must abide.” Because of the central nature of security policies, you cannot
discuss information security without mentioning security policies.
Another aspect of information security is organizational security. Orga-
nizational security takes the written security policy and develops the
framework for implementing the policy throughout the organization. This
would include tasks such as getting support from senior management,
creating an information security awareness program, reporting to an
information steering committee, and advising the business units of their
role in the overall security process. The role of information security is still
so large that there are many other aspects beyond just the organizational
security and security policy.
Yet another aspect of information security is asset classification. Asset
classification takes all the resources of an organization and breaks them
into groups. This allows for an organization to apply differing levels of
security to each of the groups, as opposed to security settings for each
individual resource. This process can make security administration easier
after it has been implemented, but the implementation can be rather
difficult. However, there is still more to information security.
Another phase of information security is personnel security. This can
be both fun and taxing at the same time. Personnel security, like physical
security, can often be a responsibility of another person and not the sole
responsibility of the information security manager. In small organizations,
if the word “security” is in your job description, you may be responsible
for everything. Personnel security deals with the people who will work
in your organization. Some of the tasks that are necessary for personnel
security are creating job descriptions, performing background checks,
helping in the recruitment process, and user training.
As mentioned in the previous paragraph, physical security is a com-
ponent of information security that is often the responsibility of a separate
person from the other facets of information security. Even if physical
security is some other person’s responsibility, the information security
professional must be familiar with how physical security can impact
information security as a whole. Many times when an organization is
thinking of stopping a break-in, the initial thought is to stop people from
coming in over the Internet — when in fact it would be easier to walk
into the building and plug into the network jack in the reception area.
For years I have heard one particular story, which I have never been able
to verify, that illustrates this example very well.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 19 Friday, September 10, 2004 5:46 PM

Supposedly, the CEO of a large company stands up in the general

session of a hacker conference and announces, “This is a waste of time.
My organization is so secure that if anyone here can break into our
computers, I’ll eat my hat.”
Someone in the audience decides that the CEO needs to learn a lesson.
The attacker decides to break into the organization, not by using the
Internet or their telecommunication connection, but instead decides to
take a physical approach to the attack. The attacker walks in the front
door of the organization, walks to the second floor server room and
proceeds to enter. Supposedly, the server room was having HVAC prob-
lems, so the door had to be propped open to allow the excess heat out.
The attacker walks through the rows of devices in the server room and
walks up to each of the cabinets and reads the electronically generated
label on each device. When he finds the rack with the device marked
“Firewall,” he realizes he has found what he was seeking. The attacker
then proceeded to turn off the firewall, disconnect the cables, and remove
the firewall from the rack. The attacker followed this by hoisting the
firewall up onto his shoulder and walking into the CEO’s office.
When the attacker entered the CEO’s office, he had only one thing to
say. He asked, “What kind of sauce would you like with your hat?”
Physical security is much like information security in that it can be
immense in its own right. Physical security can encompass everything
from closed-circuit television to security lighting and fencing, to badge
access and heating, ventilation, and air conditioning (HVAC). One area of
physical security that is often the responsibility of the information security
manager is backup power. The use of uninterruptible power supplies
(UPS) are usually recommended even if your organization has other power
backup facilities such as a diesel generator.
However, there is still more to information security. Another area of
information security is communication and operations management. This
area can often be overlooked in smaller organizations because it is often
mistakenly considered “overhead.” Communication and operations man-
agement encompass such tasks as ensuring that no one person in an
organization has the ability to commit and cover up a crime, making sure
that development systems are kept separate from production systems, and
making sure that systems that are being disposed of are being disposed
in a secure manner. While it is easy to overlook some of these tasks,
doing so can create large security holes in an organization.
Access control is another core component of information security.
Following the analogy used previously, if information security is the central
nervous system of information security, access control would be the skin.
Access control is responsible for allowing only authorized users to have

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 20 Friday, September 10, 2004 5:46 PM

access to your organization’s systems and also for limiting what access an
authorized user does have. Access control can be implemented in many
different parts of information systems. Some common places for access
control include:

Routers

Firewalls

Desktop operating system

File server

Applications

Some organizations create something often referred to as a “candyland.”

A “candyland” is where the organization has moved the access to just one
or two key points, usually on the perimeter. This is called a “candyland”
because the organization has a tough crunchy exterior, followed by a soft
gooey center. In any organization, you want access control to be in as
many locations as your organization’s support staff can adequately manage.
In addition to the previously mentioned components of information
security, system development and maintenance is another component that
must be considered. In many of the organizations that I have worked for,
we never followed either of these principles. One area of system devel-
opment and maintenance has been getting a lot of attention lately. Patch
management would be a task from the maintenance part of system
development and maintenance. This is a task that has many information
security professionals referring to themselves as “patch managers.” With
such a large number of software updates coming out so frequently for
every device on the network, it can be difficult — if not impossible —
for support staff to keep everything up-to-date. And all it takes is one
missed patch on any Internet-facing system to provide attackers a potential
entry point into your organization. In addition to keeping systems up-to-
date with patches, system development is another area that should be
security-minded. When a custom application is written for your organiza-
tion, each component or module of the application must be checked for
security holes and proper coding practices. This is often done quickly or
not at all, and can often lead to large exposure points for the attacker.
In addition to keeping our systems secure from attackers, we also need
to keep our systems running in the event of a disaster — natural or
otherwise. This becomes another facet of information security, and is often
called business continuity planning. Every information security profes-
sional should have some idea of business continuity planning. Consider
what you would do if the hard drive in your primary computer died. Do
you have a plan for restoring all your critical files?

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 21 Friday, September 10, 2004 5:46 PM

If you are like me, you probably never plan for a hard drive failure
until after the first one happens. For me, it actually took many failed hard
drives before I became more diligent in performing home backups of my
critical files. In a large organization, just having an idea what you would
do in the event of a disaster is not enough. A formal plan must be written,
tested, and revised regularly. This will ensure that when something much
worse than a hard drive dying happens to your organization, everyone
will know exactly what to do.
The last aspect of information security discussed here is compliance.
Now you may be thinking that compliance is someone else’s job. And
you might be telling the truth; but if we go back to our analogy that if
information security were a person with security policy being the back-
bone and access control being the skin, then compliance would be the
immune system. I know that might be a rather odd comparison, but
compliance is a component of information security and I like to think of
the compliance folks like a partner to the security folks. Many information
security professionals spend some time reviewing and testing an informa-
tion system for completeness and adequacy, and that is compliance.
So maybe now you see why information security is so difficult to
define — it is just huge! With all the phases from policy to telecommu-
nications, there is a lot to it. All the phases are equally important, because
when it comes to threats to an organization, a breakdown in any of the
phases of information security can present a gaping hole to the attacker.
This is why the information security professional must have an under-
standing of all the aspects of information security.

2.2 Common Threats

From the hacker sitting up until all hours of the night finding ways to
steal the company’s secrets, to the dedicated employee who accidentally
hits the delete key, there are many foes to information security. Due to
the many different types of threats, it is a very difficult to try to establish
and maintain information security. Our attacks come from many different
sources, so it is much like trying to fight a war on multiple fronts. Our
good policies can help fight the internal threats and our firewall and
intrusion detection system can help fight the external threats. However,
a failure of one component can lead to an overall failure to keep our
information secure. This means that even if we have well secured our
information from external threats, our end users can still create information
security breaches. Recent statistics show that the majority of successful
compromises are still coming from insiders. In fact, the Computer Security

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 22 Friday, September 10, 2004 5:46 PM

Availability

Integrity Confidentiality

FIGURE 2.2 CIA Triad

Institute (CSI) in San Francisco estimates that between 60 and 80 percent

of network misuse comes from inside the enterprise.
In addition to the multiple sources of information security attacks, there
are also many types of information security attacks. In Figure 2.2, a well-
known model helps illustrate this point. The information security triad
shows the three primary goals of information security: integrity, confiden-
tiality, and availability. When these three tenets are put together, our
information will be well protected.
The first tenet of the information security triad is integrity. Integrity is
defined by ISO-17799 as “the action of safeguarding the accuracy and
completeness of information and processing methods.” This can be inter-
preted to mean that when a user requests any type of information from
the system, the information will be correct. A great example of a lack of
information integrity is commonly seen in large home improvement ware-
houses. One day, I ventured to the local home improvement mega-mart
looking for a hose to fix my sprinkler system. I spent quite some time looking
for the hose before I happened upon a salesperson. Once I had the
salesperson’s attention, I asked about the location and availability of the
hoses for which I was looking. The salesperson went to his trusty computer
terminal and pulled up information about the hose I needed. The sales-
person then let me know that I was in luck and they had 87 of the
particular type of hose I needed in stock. So I inquired as to where these
hoses could be found in the store and was told that just because the
computer listed 87 in the store, this did not mean that there really were
any of the hoses. While this example really just ruined my Sunday, the
integrity of information can have much more serious implications. Take
your credit rating; it is just information that is stored by the credit reporting
agencies. If this information is inaccurate, or does not have integrity, it
can stop you from getting a new home, a car, or a job. The integrity of
this type of information is incredibly important, but is just as susceptible
to integrity errors as any other type of electronic information.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 23 Friday, September 10, 2004 5:46 PM

The second tenet of the information security triad is confidentiality.

Confidentiality is defined by ISO-17799 as “ensuring that information is
accessible only to those authorized to have access to it.” This can be one
of the most difficult tasks to ever undertake. To attain confidentiality, you
have to keep secret information secret. It seems easy enough, but remember
the discussion on threat sources above. People from both inside and outside
your organization will be threatening to reveal your secret information.
The last tenet of the information security triad is availability. Once
again, ISO-17799 defines availability as ensuring that authorized users have
access to information and associated assets when required. This means
that when a user needs a file or system, the file or system is there to be
accessed. This seems simple enough, but there are so many factors working
against your system availability. You have hardware failures, natural disas-
ters, malicious users, and outside attackers all fighting to remove the
availability from your systems. Some common mechanisms to fight against
this downtime include fault-tolerant systems, load balancing, and system
failover.
Fault-tolerant systems incorporate technology that allows the system
to stay available even when a hardware fault has occurred. One of the
most common examples of this is RAID. According to the folks over at
linux.org, the acronym RAID means redundant array of inexpensive disks.
I have heard much debate as to what those letters actually stand for, but
for our purposes, let us just use that definition. RAID allows the system
to maintain the data on the system even in the event of a hard drive
crash. Some of the simplest mechanisms to accomplish this include disk
mirroring and disk duplexing. With disk mirroring, the system would have
two hard drives attached to the same interface or controller. All data would
be written to both drives simultaneously. With disk duplexing, the two
hard drives are attached to two different controllers. Duplexing allows for
one of the controllers to fail without the system losing any availability of
the data. However, the RAID configuration can get significantly more
complex than disk mirroring or disk duplexing. One of the more common
advanced RAID solutions is RAID level 5. With level 5, RAID data is striped
across a series of disks, usually three or more, so that when any one drive
is lost, no information is destroyed. The disadvantage with using any of
the systems mentioned above is that you lose some of the storage space
from the devices. For example, a RAID 5 system with five 80-gigabyte
hard drives would only have 320 gigabytes of actual storage. For more
information on RAID, see Table 2.1.
The technologies just mentioned provide system tolerance but do not
provide improved performance under heavy utilization conditions. To
improve system performance with heavy utilization, we need load bal-
ancing. Load balancing allows the information requests to be spread across

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 24 Friday, September 10, 2004 5:46 PM

TABLE 2.1 RAID Chart

RAID Level Activity Name

0 Data striped over several drives. No Striping

redundancy or parity is involved. If one
volume fails, the entire volume is unusable.
It is used for performance only.
1 Mirroring of drives. Data is written to two Mirroring
drives at once. If one drive fails, the other
drive has the exact same data available.
2 Data striping over all drives at the bit level. Hamming code
Parity data is created with a hamming code, parity
which identifies any errors. This level
specifies the use of up to 39 disks: 32 for
storage and 7 for error recovery data. This
is not used in production today.
3 Data striping over all drives and parity data Byte-level parity
held on one drive. If a drive fails, it can be
reconstructed from parity drive.
4 Same as level 3, except data is striped at the Block-level parity
block level instead of the byte level.
5 Data is written in disk sector units to all Interleave parity
drives. Parity is written to all drives also,
which ensures that there is not a single
point of failure.
6 Similar to level 5 but with added fault Second parity
tolerance, which is a second set of parity data (or double
data written to all drives. parity)
10 Data is simultaneously mirrored and striped Striping and
across several drives and can support mirroring
multiple drive failures.

a large number of servers or other devices. Usually a front-end component

is necessary to direct requests to all of the back-end servers. This also
provides tolerance, due to the fact that the front-end processor can just
redirect the requests to the remaining servers or devices.
A technology that would lie between load balancing and RAID in terms
of most availability would be system failover. With a failover environment,
when the primary processing device has a hardware failure, a secondary
device begins processing. This is a common technology to use with
firewalls. In most organizations, to avoid having the firewall be a single
point of failure on the network, the organization implements two firewalls

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 25 Friday, September 10, 2004 5:46 PM

that communicate with each other. In the event that the primary firewall
cannot communicate with the secondary firewall, the secondary firewall takes
over and begins processing the data.
As discussed, the job of the information security manager is difficult.
There are many tasks that must be done to adequately protect the resources
of an organization, and one slip along any of them can lead to a system
breach. This is why the task of defending information systems is rather
difficult. In the next section we look at other ways that your systems can
be attacked.

2.2.1 Errors and Omissions

While error and omissions do not get the headlines of international hackers
and the latest work propagating through the e-mail system, it is still the
number-one threat to our systems. Because we cannot deny access to all
of the user community, it becomes difficult to protect our systems from
the people who need to use it day in and day out. Errors and omissions
attack the integrity component of the CIA triad. To help fight these mistakes,
we can use some of the following security concepts.
The first security concept that will help fight error and omissions is
“least privilege.” If we give our users only the most minimal set of
permissions they need to perform their job functions, then we reduce the
amount of information that can be accidentally contaminated. Using least
privilege can create additional overhead on the support staff members
who are tasked with applying the access controls to the user community.
However, it will be worth the additional changes to keep the integrity of
our information systems.
Another principle that can help is performing adequate and frequent
backups of the information on the systems. When the user causes loss of
the integrity of the information resident on the system, it may be easiest
to restore the information from a tape backup made the night before.
Tape backups are one of the essential tools of the information security
manager and can often be the only recourse against a successful attack.

2.2.2 Fraud and Theft

If your end users are not accidentally destroying data but are maliciously
destroying the information, then you may have a completely different type
of attack. For most employees it is difficult to imagine a fellow employee
coming into work every day under a ruse, but it does happen. As previously
stated, employees are responsible for more successful intrusions than

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 26 Friday, September 10, 2004 5:46 PM

outsiders. It becomes very difficult to find the source of internal attacks

without alerting the attacker that you suspect him of wrong-doing. The
best line of defense against fraud and theft by your internal employees
is to have well-defined policies. Policies can make it easier for the
information security manager to collect data on the suspected wrong-doer
to prove what bad acts the employee has performed.
If you have well-defined policies in your organization, the information
security manager can use forensic techniques to gather evidence that will
help provide proof of who performed the attack. While the entire breadth
of forensics is beyond the scope of this book, we do spend a little time
here discussing forensics from a high level.
Computer forensics allows a trained person to recover evidence from
computer systems. The first rule of computer forensics is: “do no harm.”
This means that if you are not sure what to do, do not do anything to
the system. The first goal of computer forensics is to leave the system in
as pristine condition as possible. This may run counter-intuitive to the
technology professional whose instincts want to look at the system to
determine exactly what is going on and how it happened. Every time the
technical professional moves the mouse or touches the keyboard to enter
a command, the system is changing. This makes the evidence gathered
from the system more suspect. After all, how would one determine what
was done by the suspected employee and what was done by the profes-
sional investigating the activity?
There are many places that evidence of the activity may be left.
Firewalls, server logs, and the client workstation are all places that should
be investigated to determine if any evidence remains. When it comes to
the client workstation, the first step in computer forensics is very non-
technical. In this first step the security or support staff should be contacted
to see what details they know about the system. One of the biggest
potential problems would be if the client is using a hard drive encryption
utility. The reason for this is that the second step is to “pull the plug.” If
you pull the plug on a system that has an encrypted hard drive, you may
never be able to determine what information is on that system. We talk
more about encryption in a later chapter of this book.
Assuming that you are able to confirm that there is no hard drive
encryption on the suspect system, the next step is as mentioned above —
pull the plug. Now, if the system is a laptop, pulling the plug will not
shut down the system; it will just run off of a battery. In the case of the
laptop, you need to pull the plug and remove the battery as well. In any
case, once the system is powered off, the hard drive in the system should
be turned over to a qualified professional. Please note that there are
actually many more steps in the forensic process that are just beyond on
the scope of this book.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 27 Friday, September 10, 2004 5:46 PM

Once the qualified professional has the suspect system, or at least the
hard drive, he or she will then make a bit-stream backup of the hard
drive. A bit-stream backup is different from a regular tape backup in that
it makes an exact copy of the hard drive. A bit-stream backup does not
just copy the files and the file system; it copies everything. The blank
space, the slack space, file fragments, and everything else get copied to
a second hard drive. The reason for this is that all the data recovery
processes will be done on the second hard drive, leaving the original
hard drive in its pristine state and it will not be modified. All data recovery
processes performed on the system will also be performed on the backup
copy of the hard drive.
Once the copy is made, a comparison of the hard drives will be done
using an integrity technology called an MD5 hash (see Figure 2.3). The
definition of an MD5 hash, as taken from the MD5 Web page, is as follows:

[The MD5 algorithm] takes as input a message of arbitrary length

and produces as output a 128-bit “fingerprint” or “message
digest” of the input. It is conjectured that it is computationally
infeasible to produce two messages having the same message
digest, or to produce any message having a given prespecified
target message digest.

In essence, MD5 is a way to verify data integrity, and is much

more reliable than checksum and many other commonly used
methods.

Once the MD5 hashes are made from each hard drive, the correspond-
ing values can then be compared. If these values are the same, then the
two drives are identical; if the MD5 values are different, then the bit-
stream backup failed and the drives are different. MD5 hashes are quite
commonly used to verify the integrity of a file. The values can be used
to ensure that a file was not modified during download and can also be
used as a component of a digital signature.
After the hard drives have been compared and found to be identical,
the forensic professional would then begin looking at the hard drive for
evidence that the attack was launched from that machine. The forensics
professional will try to recover deleted files, will look for file fragments
in slack space, and will also look through the data files on the suspect
system to see if any evidence is present. If any evidence is found on the
system, the forensic professional will document the evidence and turn it
into a final written report.
Because we have been looking at the damage that internal employees
can carry out against our information systems, let us look at the other
community that can also cause destruction to our data — the outsiders.

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

 AU1957_book.fm Page 28 Friday, September 10, 2004 5:46 PM
FIGURE 2.3 Web Site with MD5 Values

Copyright 2005 by CRC Press, LLC. All Rights Reserved.

Other documents randomly have
different content
Ethel Mrs WA 2-5022 607 Hench Florence 608 — 609 Wilson D H
610 Lawson Norma M 924-7954 611 Wilkins Clare WA 1-0568
STREET CONTINUED 87 Vacant 99 Rudd Michl S K phy 924-1191
111 Imperial Oil Ltd 924-9111 Royal Bank of Canada 924-2188
Imperial Esso Touring Service 924-9111 147 — Jjj 301 Mead
Johnson of Canada 'Ltd pharmacists 921-4184 Dalton Edward Co
food products 921-4184 Mead Johnson Laboratories 921-4184 335
Montgomery A H & Co Ltd ins agency WA 3-8403 337 Nesbitt W
Rankine barr WA 5-1236 Nesbitt Wallace Estate of WA 5-1236 343-
350 Atlas Supply Co of Canada Ltd tires and batteris WA 3-2486 438
Seitz Joseph L private off WA 5-6245 STREET CONTINUED 129 Deer
Park United Church WA 3-1807 ♦ Foxbar rd ends 135 Vacant ♦
Avenue rd crosses 151 Bank of Nova Scotia 923-4659 153 Bank of
Montreal (br) 924-8477 McCracken W A Ltd advtg 924-0721 Heenan
P J Ltd mfrs agency 924-1854 Diocese of the Arctic Anglican Church
WA 5-4297 Huron Finance Ltd 924 4101 Lavoline Cleanser Ltd floor
cleaners 924-9083 Consumer Credit Ltd 924-4101 Richmond E I
architect WA 5-1T58 Wynn Clinic of Chiropractic 923-6247
 ST CLAIR AV W -614South Side Continued 165 McCulloch A
Ernest phy WA 3-2927 McTavish Daniel WA 3-5246 Horsman Ann
Martin Betty Martin Jean Brown Helen C WA 3-9352 175 First
Unitarian Congregation 924-9654 183 Caledon Land Co Ltd office
bldg 924-2424 Callahan Wm P oculist 924-2424 Wood Margaret
pediatrician WA 1-1902 McIntyre J Alex surg WA 2-1466 Johnston W
G phys 922-5106 Lodder Martin 924-3158 185 Crouch J Thos
orthodontist WA 1-5070 Dale Jack orthodontist 922-9487 Woodside
Donald G orthodontist WA 1- 3227 Blakely E M WA 4-2908 187
Vacant 195 Hearn Wm J WA 1-3238 + Poplar Plains rd ends 213
Goodchild Sandford F phys WA 2- 2128 215 Bryce Angus WA 2-2886
Bryce Janet nursing home 217 Davis G E Donald psychiatrist WA 1-
3231 McBroom Wilbert T phys and surg WA 3-5666 Vacant 219-
221*Ngai Shi'h-Kuang phys WA 3-8262 Mullett John H dentist WA 3-
6043 Vacant Liu Sim Foy internal medicine WA 3-6201 221A
Kertscher Otto WA 5-9888 223*Welsman Jack S WA 3-5333 223A
Griffith Ernest B WA 2-6466 225 Opperman Robert Tyler Stella Mrs
921-3395 227 Haver Marie Mrs WA 3-3787 Zayack Wm 229 Klein
Max Ryan Pnilip A phy WA 2-0721 Wilkie Adam M phy 921-5613
231*Brown M Mrs WA 2-8058 233 Nishikawa Fredk S phy 924-7435
Stancer Magda dentist 922-0848 235 — 239 Bray Mary Mrs 923-
3756 Lewis J J WA 2-2801 Nugent B M 241 Vacant 243*Galt Margt
Mrs WA 1-7719 245 Kelton House Nursing Home 481-8126
249*Stewart Alberta WA 3-2275 + Warren rd crosses 265 Russell Hill
Apts 104 Levita Harold dentist WA 1-9332 (For rest of building see
265 Russell Hill rd) 273 Primrose Club Ltd WA 5-1436 + Russell Hill
rd crosses St Clair Reservoir Park ♦ Spadina rd crosses 341
APARTMENTS— A Thipps George C WA 1-2074 B*Beard M Naomi
Mrs WA 2-5282 C Edmonds R H Mrs D Johnston Frank H E Easto
Mildred 924-5552 343 APARTMENTS— A Banky Jack J B Lamont H R
C Brady Margaret 923-4428 D Shannon Mary Mrs Shannon Robert E
Van Praagh Mary WA 1-0518 345 APARTMENTS— A Vacant B Vacant
C Vacant D McCall V E 921-0089 E Pritchard John C WA 1-3903 F
Peate Edwd G Gearin Camilla WA 3-5211 H Thurston Dell 924-1930 I
Govan Margt WA 2-6546 J Rorison Margt 924-3428 J McMullen Mary
K Ubelacker L Mrs WA 2-2384 L Schuler G A M Mose Kenrick E 922-
1813 N Ward Virginia B Ward Beatrice P Mrs 0 Pineault Adrienne Mrs
925-1780 347 APARTMENTS— 1 McNeight Maud Mrs WA 1-1877 2
Sockett R J 3 Adamson E Mrs WA 2-6990 349 APARTMENTS— 1
Laing A Mrs WA 1-4831 2 Thompson Sandy 3 Marshall Annie E WA
3-2854 ♦ Walmer rd crosses 355 Ursuline School WA 2-8097 Sir
Winston Churchill Park + Wells Hill av ends ♦ Hilton av ends 497
APARTMENTS— A Murphy Marguerite 534-9308 Fitzgerald Celia B
Freeman Helen Mrs LE 3-9021 Johnson Ethel NT LE 3-9021 Calvert
Anne Mrs Lunam Annie C Gilmour Isabelle 533-5001 Manley Mary
Mrs Hudson Gertrude Brault Lucie D Mawhinney F Wilberteen LE 3-
4553 Roseburgh Nora E LE 1-4981 Firth Mary Suggott Grace E
Maltman Kathleen Mrs LE 3-6251 Proctor Florence Mrs Sullivan G A
Mrs Frawley Regina F Lymn Wilhelmina Mrs LeCornu Olive Carr
Dorothy LE 3-0703 Parker Helen LE 5-1719 G Calder Beatrice LE 6-
0997 H Huber Etta 533-4812 Hodges C Foy Marie I Lawson Edith LE
5-5882 Cully Mary J Cook Sallie M 533-6924 Keene Agnes J Vary
Florence 533-6155 Dick M Mrs McCaffrey Ina Mrs Scott Florence P K
Kerr Margaret R 533-1384 Hannah Gail Morin B Mrs L MacPhail Elizth
LE 6-6014 South Side Continued M Abbey Edna R LE 3-3081 Downes
Elizth Fiske E N Hughes Lillian J Macintosh Eleanor LE 3-9012 Venus
Margt MacKay Catherine 0 Contwav Gertrude McDonald Norma 533-
6475 Wark A Terry Meehan Helen R Kinnear Clara Mrs LE 6-7550 5
Morrison Norah G LE 6-6073 McMahon L Mrs Hammond Marjorie T
Robertson Margt LE 6-2937 Kerr Marjorie Mrs O'Donnell Noreen 0
Mrs MacDonald Margt E 533-6063 AA McMahon Arthur caretaker
533-5878 499 Artistic Barber Shop + Bathurst st crosses 593
Tamblyn G Ltd drugs LE 5-4922 505 Birrell's Vaughan Rd Ltd men's
wear 533- 8771 507 Sabrina's ladies' wear LE 3-6442 509 Mathieson
Beauty Salon LE 6-9444 509A Woman's Bakery Ltd LE 3-5272 511
Vacant 511A Vacant 513 Bright's Wines Ltd (br) LE 4-7557 513A 1
Negenman Harry LE 3-6734 2 Hannah Wm 3 Nolan Mildred Mrs LE
5-7521 4 Farrow Arthur LE 2-9926 515 Laura Secord Candy Shops
Ltd 515A 5 Vacant 6 Williamson Betty 535-7293 McLean Doreen 517
Cottage Restaurant LE 5-2715 Christakis John 519 Cumberland
Gladys Mrs LE 3-8849 521 Embassy Cleaners & Shirt Launderers
534- 7988 521A Snottka Juliana Mrs 531 Kresge S S Co Ltd variety
store LE 3-1541 533 Toronto-Dominion Bank LE 2-3307 Edwards
Frank W dentist LE 5-7188 5 33 A Bricklayers Local Union 40 Ont
535- 6057 International Labourers Union Local 983 534-1401 ♦
Vaughan rd crosses 535 Canadian Imperial Bank of Commerce The
LE 7-2674 537 Vaughan Restaurant LE 6-8894 539 Triangle Drugs LE
2-3339 539A Vacant 541 Weis Footwear LE 6-7617 1 Grant Graham
532-6408 Barr Peter 2 Elmes Edwd 536-2374 541A White's Sporting
Goods LE 3-2244 543 Fleetway Restaurant LE 1-9181 543A St Clair-
Vaughan Hair Stylists LE 4-3622 545 Prudential TV & Radio LE 7-
3109 545A*Herman Helmut 547 Cinderella Hairdressing LE 4-0138
Banki Music Studio music teacher 537-5182 549 Singer Sewing
Machine Co LE 3-1186 549V2 1 MacArthur S Irene LE 6-3930 2
Wiggins Joseph A LE 4-7310 3 Meehan Kathleen C Mrs 534-9766 4
Montgomery Karl 533-9709 551 Rogers D M Watchmaker LE 4-3605
551V2 May Jack Beauty Salon LE 5-0584 Peter's Barber Shop Dan's
Shoe Shine 553 St Clair Wash-O-Matic automatic laundry Thomas
Evelyn 555 Comet Radio Co LE 5-7269 :;
 Page 615 ST CLARENS AV A1n MIGHT DIRK TORIES
LIMITED Specialists in . . . DIRECT MAIL ADVERTISING U 1 92
SPADINA AVENUE, Tl ORONTO 2B, ONT. - EM. 4-1481 and MAILING
LIST COMPILATION South Side Continued 1125 Frenkiel's confy and
tob LE 1-0180 1127 Iole Hair Styling 535-9151 1127A Mellen Annie
537-3815 1129 Domenic's Barber Shop 1129A Russo Domenic 1131
Italo-Canadian Music Centre school of music 535-1961 1131A
Monticone Aldo 1133-35 Radion TV Ltd LE 3-4528 1137 Vacant 1139
Hooper's Flower Shop LE 5-3156 1139A — 1141-43 Jerrett Funeral
Chapel Co Ltd LE 2-4442 1145 Mathewson Kenneth S serv stn LE 3-
8756 ♦ Westmount av crosses 1151 Newman & Newman Real Estate
Ltd 537-3411 1151A 1 Mason Arthur 2 Campbell Philip LE 3-5824
1153 Goldy's Hardware LE 4-5286 1155 Bramham Apts
APARTMENTS— 1 Verrall Ann Mrs LE 3-4453 2 Abe I a E 535-5104 3
Palmer Roderick F LE 3-4527 4 Cooper Rose 0 Mrs LE 2-4062 5
Whitton David LE 4-4071 6 Ottaway W Kingsley 533-5044 7 Smith
Nettie Mrs LE 4-4923 8 Wells Wm M 535-5273 9 Smith Catherine Mrs
10 Barclay Andrew LE 3-8169 11 East Harry LE 3-6350 1157
Parkdale Wines Ltd (br) LE 3-3341 1157A Westlake Alfred 533-4178
1157B Duplantier Antonina Mrs LE 3- 7408 1159 Ferlisi & Son groc &
meats LE 3-0666 Ferlisi Vincenzo 1159A 1 Woodburn John 534-6771
2 Loraso Giacomo 1161 Blue Ribbon Cleaners 537-2812 1 Spanu
Tony LE 5-1759 2 Whitmore Elmer LE 6-9744 1163 Frank's Barber
Shop Greco Cigar Store 531-9359 1163A 1 Grittani Joseph & Son
genl ins LE 4-7929 3 Tartecchio Guido LE 2-2750 1165 Pram Shop
prams LE 3-6522 1165A 1 Masson Fredk LE 2-2085 2 Jelic Mary Mrs
531-0927 1167 Textile Town textiles LE 3-9489 1169 Toronto-
Dominion Bank (br) LE 4- 6337 ♦ Dufferin st crosses 1171 York Trust
& Savings Corp LE 5- 2106 1175 Power Food Markets LE 3-2116
1175A Nino's Meat Market LE 3-2000 1177 Damiani Frank jeweller
536-3242 1179 Lacaprara Fish Store LE 2-5844 Clutchey Henry LE 2-
9175 1181-1183 Olympia Furniture LE 7-2577 1 Ruttan Rodney 2
Blom Fred 536-4586 3 Merulla Gaetano 4 Borg Paul 535-8371 1185
Sicilia Bakery LE 3-6321 1185 A 1 Ruttan Clifford LE 5-7371 2
Metcalfe Thos 1187 Superior Furniture Co LE 1-6669 1187A Zitani
Vincenzo LE 1-3912 1187B 1 Vacant 2 Mahoney Kathleen 'Mrs 1189
Colosseum Shoes LE 4-0956 1189A 1 Hickey Dorothy G LE 1-5327
Hickey Alma 2 Stockley Violet Mrs LE 5-2615 1191 Janet-Lee
Millinery LE 5-6741 1191 A 1 La Pointe Harry LE 1-2536 2 — 1193
Popular Textiles LE 4-0142 1193A 1 — 2 Brown Shirley A LE 4-1474
1195 Bamby Children's Wear LE 1-1565 1195A Bruno's Driving
School LE 7-5869 Iannucci Bruno Selbie Louise Mrs 1197 Vacant
Lewis Ada Mrs LE 3-8240 1199 Sartoria Continentale custom tailor
LE 4-5750 DiStefano Louis 1201 Medallion Restaurant LE 5-2497
1201A Sconza Mario real estate LE 7-2181 1203 Roma Meat Market
LE 6-5682 1203A Knight's Beauty Salon LE 3-5476 Podloski Eleanor
1205 Miccoli Magliera Knitting sweaters LE 7-3894 1207 'Perconti
Agency public accts LE 6- 3874 1209 Sam Remo Florist LE 2-0695
1209A — 1211 Sorrento Jewellers Ltd LE 1-8817 1211A Cacullo
Olindo phy 535-3141 1213 Nino's St Clair Italmusic Centre Ltd gifts
533-8888 Sinicropi Anthony 1215 Evans Chris Sweets confy and tob
LE 1-9170 Lancia Driving School 1217 Continental Theatre LE 3-4532
1219 Sam's Billiard Academy LE 1-9649 Nino's Driving School LE 5-
1231 1221 Sport Centre sporting goods and pet shop LE 3-2967
1221A Pennell Wm G LE 5-3986 1227 Adams Furniture Co Ltd LE 4-
2311 1229 Belli Bros Supermarket 534-3092 1229A’"Belli Giuseppe
’"'Belli Alberto 1231 "La San Marco" Restaurant LE 1-9557 1233
Open Air Fruit Market LE 5-6508 1233V2 Beloded John LE 5-7133
Heal Ada Mrs 1235 Luigi's Fashions men's and boys' wear 532-2349
1237 Milano Credit Jewellers LE 5-5482 ’"Aarons Dave LE 3-8283
1239 People's Hardware LE 5-7761 ♦ Elmwood av ends 1241-43
Bosco Bros Supermarket LE 5-4856 ’"Bosco Vincenzo *Bosco
Raymond South Side Continued 1243V2 Cooper's Variety Store LE 1-
9408 *Roncolato Mario LE 1-9408 *Lorenzetti Antonio 1245
Rinascente children's wear 'LE 5-6925 Salucci Colombo 1247
Adriatico Restaurant 'LE 1-9695 1249 St Clair Billiards LE 1-9634
1249A Nodi Francesco Nordi Aldo Bertoni Paulo 1251 St Clair Cycle &
Sports LE 5-1795 1251A’"George Mildred B LE 1-6109 1253 Jacob's
Men's Wear LE 4-5216 1253V2 Lady Fair Fashion Shoppe LE 3-5317
’"Haberman Harold LE 3-8997 1255 Mazzotta Travel Agency LE 4-
9341 Winkler Murray optometrist LE 3-123T 1257 Roda Wallpaper &
Paints Ltd LE 5-9528 1259 Claudio Frank Grocery LE 1-3985 Migotto
Claudio 1259A Simon's Men's Shop LE 3-4360 Waespi Jenny 533-
6643 1261 Toddler & Teen Shoppe dry goods LE 3-6032 *Sugarman
Saul LE 3-6032 1261A Gianni's Barber Shop Neri Giovanni 1263
Paula Hair Stylist hrdrsr LE 5-3724 1263A La Capinera children's
wear 532-3681 1265 San Antonio Restaurant 534-4500 1267 Varese
Shoes LE 7-2202 1267A Quality Oil & Service fuel oil Sotos
Emanuelle barr 537-4183 Mutual of Omaha ins 537-4804 Lieberman
A Wm dentist 535-27‘ll D'Ovidio Vincent phy & surg 536-5711 1269
Silvio's Bakery 532-8234 1271-1273 Italmoda clothing *Millefiori
Americo LE 2-8402 1277 St Clair Church of the Nazarene 1279
Westclair Furniture & Appliances Ltd LE 5-0422 Seeman J phy & surg
LE 1-2277 Filmore Textile Sales 531-8228 Letterio B J B barr 534-
3061 1281 Camardo Mario realtor LE 7-2511 1283 Don's Barber
Shop *Pindinello Don LE 2-8452 1283V2 Dino Shoe Repair LE 5-8866
Fruitti Dino 1285 Hammer Sami tlr LE 4-1031 (rear) Latto G Mrs
1285V2 Gianna & Elio Grocery LE 6-2460 *Nardi Elio 1287 Voden
Shoe Repair LE 3-9619 Voden Tom 1289 Varese Family Clothing 531-
9714 Lieberman Max 1291 St Clair Travel Agency LE 1-2445
*Angona Joseph LE 1-1841 Trombetta Joseph Sabini Mauro 1293
Pasquale Supermarket meat and gro LE 6-0712 *Ferrante Pasquale ♦
Greenlaw av ends 1295 Casa Dello Sports sporting goods 1297
Golden Glow Produce Co eggs LE 3-5028 ■"Hassall Thos LE 3-5028
1299 Diana Meats & Groceries LE 5-5222 1301 Weir's Furniture LE 3-
9150 1301 A — 1303 Ammendolia Carlo variety store Ammendolia
Amelio 1305 Arctic Refrigeration LE 1-8846 1307 Tessuti Venezia
textiles LE 1-4738 1309 Imperial Grocery LE 6-3328 *Deleo Vincent
LE 6-3328 1311 Tre Mari Bakery LE 5-9440 1315 Pescheria Italiano
Fish LE 3-5127 ’"Morreala Phillip 1317 Stillo Sartoria S tailor LE 5-
0835 Asaro Nicola 1319 Vacant 1321 Seabodkin Harry LE 1-1456
Etheridge Elsie Jane Coiffure Salon 535-3240 1323 Lily-Anne Bargain
Centre LE 3-1343 Cosenko M Mrs 1325 Allen Tile LE 5-1034 1327
Propper Cleaning & Pressing LE 1-6157 Schnitter Anthony 532-4602
1329 Stardust Beauty Lounge LE 2-3288 *Parniak Peter LE 1-7867
1331 Mossa Joe Auto Trim and Upholstery LE 5-4441 ’"Mossa Joseph
Scalini Upholstery furn 536-0456 ♦ St Clarens av ends '1331V2 La
Sem Bar & Patisserie rest & bake shop LE 3-6336 A Del Zotto & Zorzi
barrs 534-8803 1333 Cortina Ladies Wear 1333A Liberatore Anthony
535-9206 Bello Frank 1335 Society For Crippled Civilians second
hand clothing 531-9038 1335A Sturge Seymour LE 4-4306 1337
Vacant 1337A Morgan Eva 'Mrs 1339 Vacant 1339 A Housley Joan
Mrs 536-0059 1341 Rimmington Glass LE 5-1508 Tucker Lewis A
1343 Creber Son & Co monuments LE 3-1047 1345 Creber Hall 1347
Rogers D'Arcy serv stn LE 1-5841 ♦ Lansdowne av ends 1349 Peters
& Wiles Ltd real estate LE 5-2141 Toronto Italia Soccer League LE 5-
2323 1351 Brazil Coffee Bar 531-9378 1351A 'Brotherhood of
Carpenters Local 1190 LE 6-0269 Cement Mason's Local ll/C LE 3-
0604 Plasterers Local 117 1353 Rocky's Cleaners & Laundry Service
LE 1-1832 Europa Driving School 532-3122 1353A Rawleigh W T Co
Ltd household products 536-7178 South Side Continued 1355 M & G
Smoke & Variety Store LE 5-8174 (basement) Norm's Billiards 1357
Kilvington Bros Ltd monuments LE 4-7561 Kilvington Granite Co
monuments LE 4-7561 'Earlscourt Park Earlscourt Rink (artificial ice)
♦ Caledonia rd crosses 1601 Dairy Queen ice cream LE 4-0944 1613
Meschino P Banana Co RO 9-6346 ♦ CNR crossing 1623 Robico
Wholesale Food Ltd groceries 763-5736 1639 Vacant 1639-1641
Runnymede Radio & Electric RO 9-5060 1641 Dare Luigi 766-5805
1643 Cescon Grocery RO 2-2711 Cescon Amodeo 1645 Harry's
Snack Bar RO 6-4605 ’"'Minovitch Harry RO 6-4605 1647 Vacant
Morris Antoinette Mrs RO 2-6726 Varrin Vivian Mrs 766-3392 1649
Angelo's Shoe Repair *Salvaterra Angelo 1651 Limpiadi Shoe Store
769-9461 *0ngaro Juliano 1653 Gas Centre The heating RO 2-3365
1653A Hutchinson 'Marie Mrs RO 6-5742 1655 Gaffe's Pharmacy RO
9-4117 1655A Lehr Hezekiah ♦ Laughton av ends 1671 West York
Motors (Canada) Ltd used cars RO 2-8171 1681 West York Motors
(Can) Ltd body shop ♦ Spring Grove av ends 1693 Chute Allan 1693-
5 Miller A Roy Funeral Chapel Ltd RO 2-3585 1697 Annette Beauty
Salon RO 9-1550 1697A — 1699 Cooper's Bargain Centre RO 6-8921
1701 Friuli Super Market groc RO 9-4931 Marchese Aristide 1703
South Side Variety Store 769-7874 1703A’"Polakoff Aaron 1705
Harry's Hardware Ltd RO 2-4858 1705A — 1707 Stevens Jewellers
RO 7-9731 1707A Delardinelli Umberto 1709-1711-Loblaw
Groceterias Ltd 767-3968 1709 A Vacant B Vacant 1713 Melara &
Sons Fruit Market RO 9-9551 1713A Snow Leonard 1715 Clean-It-
Eria (br) 1 Puisans E Mrs 2 Tunks Virginia 'Mrs ♦ Hounslow Heath rd
ends 1743 Bank of Montreal RO 7-2165 1745 Lieberman Alex dentist
RO 7-823b 1747-1751 Amphi Motors Limited new & used cars 766-
2394 1755’"Payne Edith Mrs RO 2-9935 ’"Harris Ada Mrs 1761*Mokle
George 767-9948 Drisdell Peter 1771 West Gate Automobile new and
used cars RO 2-8385 ♦ Osier st ends 1779 St Clair-Osier B P Service
Station 769-3275 1785-87 West York Motors (Canada) Ltd garage
and auto dealers RO 2-8171 1791 West York City Service auto
garage RO 2-8171 ♦ Ford st ends 1795 Sohmidt & Schlotter Service
serv stn RO 2-1934 ♦ Old Weston rd crosses 1797 Duff Jim serv stn
RO 7-9544 1799 Hepburn John T Ltd steel fabrications LE 4-8871 ♦
Railway tracks cross 1941 Aero-Auto Engineering of Canada Ltd tool
mfrs RO 7-5678 ♦ Keele st crosses 2197 Canada Packers private
parking 2199 Canada Packers parking garage 2211 Canada Packers
Ltd research and development laboratories RO 6-4311 2255 Beef
Terminal Ltd meat pkrs RO 6-6421 Junction Holdings Ltd Holding Co
RO 6-6421 Sterling Packers Ltd RO 6-6151 Town Packers Ltd RO 3-
2286 Puddy Wm Beef Ltd RO 3-1186 ♦ Cobalt av ends 2293 C P R
Grill RO 9-0185 2295 Bala Cleaners RO 9-8632 2297 CPR Barber
Shop RO 9-0002 Boehme Johannes RO 7-8501 2299 United Packing
House Food & Allied Workers union office RO 2-1464 2301 Harvest
Open Kitchen RO 9-0100 2303 Venus Restaurant RO 6-0081 ♦
Railway crosses 2317 Murphy Oil Co Ltd gas oil & fuel oil 769-0041
2325 Speedy Muffler King Ltd auto mufflers RO 6-4184
2339’:'Campbell Donald M RO 2-5671 2341’"McPhee Gertrude Mrs
RO 2-3805 2345’"0soski Albert RO 2-5863 2349 Vacant 2353 ^'M
oss Geo RO 9-8285 2357>"Cunneyworth Robert RO 7-6968 2361
Bradley F G Co Ltd custom meats 767-7561 2363*Mark David 763-
3735 2365*Townsend Chas T RO 6-1506 2369*Fidler Maxwell RO 9-
3624 2371*Lyon Albert 2375 Getson Walter 767-3610 International
Harvester parking lot 2387 Collier Arthur RO 7-5745 2389 ’"'Hi II
Edwin F RO 9-6546 2389A’"Izzard Allan G RO 9-6060 2391 —
2393*Bold Geo 2399’"Samulski Joe RO 7-0437 2401’"Rusk Truman
RO 7-4840 2415 Alaska Fuel Ltd fuel oil RO 6-3040 South Side
Continued 2427’"Engel Joseph RO 2-9703 2431 Global Brake Service
Ltd RO 2-1471 2433’"Donofrio Luis 766-6788 2l435’"Prior Albert RO
2-3964 2437*Trauzzi Carl 766-1081 2445 Reynolds Bros Ltd cartage
RO 2-5691 2'449’"'Greenslade Geo C RO 9-1210 2451 E 1 1 iott
Raymond RO 9-3786 2453 Harrison Bros home improvements RO 9-
7511 *Jetschin Bernhard RO 9-5134 Burns Jessie Mrs 2455 West
Toronto Bedding & Upholstering RO 7-9598 ■"Platek John RO 7-
9598 2461 Harrison Bros pattern mkr RO 9-7511 ♦ Runnymede rd
crosses ♦ City Limits 4«(York Township) 2531-2533-2535 CPR Bunk
Room Bldgs ST CLAIR GARDENS 10 North from St Clair av w to
Ascot av, first west of Dufferin, Ward 6. EAST SIDE . 5*Mauti Luigi
LE 2-0336 5A Cisti Tomasso ♦ Norton av ends 17 Fillier Sami LE 3-
4911 ^■"Castiglione John 532-6123 21’"Farelli Ulderico LE 6-0580
Pompa Nick 23’"Williamson John S LE 3-2181 25’"Tersigni Vincent LE
5-2728 Tersigni Mike 27 Corbo Giovanni Dicapo Pasquale 534-2696
Insalaco Francesco 29’"Clyde Robt LE 5-0276 31’"Calderwood
Catherine Mrs LE 4-4797 33 Lamb Allan F LE 3-6549 35*Power John
J LE 4-3256 37’"Frisby Walter G LE 5-3783 39 — Tucci Frank 41
Chianta Thos LE 3-7816 Desiati Michael 43*Dinardo Vittorio LE 5-
9916 47 'Dinataoc Fillipo 537-1749 49’"Guarino Francesco LE 3-8687
Guarino Biagio 51’"Di B Iasi Gaetano LE 4-5356 Bizzocco Margt
53*Cooper Harry 0 LE 3-6241 55*Jones Evelyn A 57*Laker Ohas LE
6-5824 WEST SIDE . 2 1 Walter Garnet LE 1-5290 2 Parkes Howard
LE 4-9024 4 Square Deal Garage LE 3-7733 6’"Gould Almira D M Mrs
S^Bricknel I Joseph M LE 3-2055 10*Ciallella Mike LE 6-5851 Lavelle
Pasquale 12*Cappadoccia Mario LE 5-0474 16’"Spensieri Domenico
532-6392 Eddy Millie LE 1-1993 18’"Spencieri Nunzio LE 5-4851 2
O'" Brown Jas S LE 3-7056 Kolb Viola 24’"Hadgraft NTargery LE 3-
3106 26’"Fattore Antonio 533-7284 2 8 ’"Fare I la Nicola LE 3-5221
30’"Stancoto Nicola LE 4-9931 Amendola Eraldo 32’"M'ilan Genesio
LE 5-6305 32V2*Pizzimenti Eluira Mrs LE 7-109?. Dimarco John
34’"Grimaldi Tony 533-1054 Pernaccio Franco 36’"Borean Frank LE 1-
4884 46 Earlscourt Children's Home LE 5-5812 52’"Giglio John 531-
4831 Cancellara Antonio 54*Capo Antony LE 3-9167 56 Di Blasi
Vincenzo LE 6-7362 SS^AIaimo Carlo LE 6-1804 Rumeo Vito +ST
CLAIR PLACE (York Twp) 9 North and west from Dundas w, first west
of Scarlett rd. l*Stagg Clarence 2 Saxton Geo RO 2-7944 3 Fujino
Marion Mrs 762-5869 ST CLARENS AV To 166-167 3. To end 4. From
CNR tracks north to St Clair av w, crossing Dundas w at No 1703,
and Bloor at No 1251, fourth west of Dufferin, Ward 6. EAST SIDE .
l^Thomas Newton 3’"Haddock Anne Mrs S^Mould Alfred W jr LE 5-
4959 Mould Alfred W 7*"Larocque Lucien LE 6-7586 9’"0ugh Bertha
Mrs LE 4-2816 ll’"Stroz Theodore LE 5-6576 13’"Raycroft Wm LE 3-
0223 15’"James Frank LE 6-3322 ♦ Wynd'ham st ends 21 Watson
Ronald 23*Johnstone Melvin J LE 3-4352 25 Moore Vernon E
27*Carey Muriel Mrs LE 5-6082 Cleary Joseph 29’"Husiak John LE 1-
1785 31 — 33'^Harrison Wm LE 5-5080 35*1* Pi 1 1 i ng Altham LE
5-6327 37*Fisher Harold 532-0084 39*Pilling Earle 536-2986
41*Gerrard Sedrick Ahiers Edwd LE 5-4051 43’"MacKenzie Peter LE
5-4764 45’"Ferris Emma Mrs LE 5-6087 47 Shirley Groceries LE 2-
7400 *Borovac John LE 2-7400 ♦ Shirley st crosses 75 — 77*Arnold
Wm 79’"Barton Doris Mrs LE 3-6486 81*Wasko Steve LE 5-1307 ♦
Hickson st ends East Side Continued 83*Murray James LE 3-6931
SS^Bartkus Aleksas LE 4-1650 Kirkpatrick Robert 87’"Hrona Michl LE
4-3858 Pagliaro Frank 89 Godin Cleo 531-6094 De Grace George 95
St Clarens Apts A^Syrowy Paul B Sedore Daniel 532-5770
C*Haluschynski John LE 1-6915 D Whan Albert LE 2-7018 E Gillson
Herbert + Dundas st w crosses 141*Puhacz Michl LE 1-0958 143
’"McCartney Margt LE 6-9292 McMaster Doreen 1455" Bosco Michl
LE 4-0818 147 Kirby Jas P LE 2-4607 149’"Richards Albert Prince
Ivan 532-5522 lSl^Grandi Giovanni LE 5-5445 Pucci Angelo
153’"Russo Nick LE 5-1682 lSS^Morrone Rigo LE 3-7587
157’"Pelusso Frank 536-2083 Angelo Depeale 159*Perretta
Emanuele 533-6915 Manisnuk Basyl 161’"Zapletal Edwin 531-3888 ♦
College st crosses 171’"Myotovec Giovoner LE 5-1509 173*Harapach
Karl LE 5-1862 175*Maydonik Benny LE 6-7201 179*"Salvitis Walter
536-6022 Bishop Jack 181*Weiler Chas LE 4-1564 Weiler Ohester
185*McCabe Norman H LE 3-2703 187’"Puteris John LE 4-4113
Grajauskas John 189*Bodzasi Steven LE 6-1872 191*Semerin Nick
LE 4-3398 193’"Mole Pietro LE 1-8897 Chiera Stefano 195*Ricciardi
Frank LE 3-4862 Ricciardi Angelo Berlani Sylvio LE 3-4862
197:"Sitarski Walter LE 3-8939 199’"Martire Salvatore LE 3-4547
201*White Wm J LE 3-4811 203*"Mueller Hubert LE 7-1177
205*Wyshynski Alice Mrs LE 2-9932 207 Feireia Mary LE 4-1063
209’"Amacher Charles LE 6-7291 215 Dmuchowski Frank 537-5141
217’"Ruscetta John LE 3-9725 219’"Mosnyk John LE 5-5931
221*Shier Lily A LE 5-5774 223 Stephens Wm IE 6-0592 McPherson
J Norman Murphy Vera 2'25’"Shishkoff Paul LE 2-3261 227*Kaake
Geo LE 6-0385 229 MacDonald Daniel 535-2973 231*Ikawy Harry LE
1-0739 233*Krywous William LE 5-4719 235’"Rzeznicki Karl LE 4-
0447 237 Gladkoff Nicolae LE 4-8927 MacGuire John 239 Urbanek
Roman LE 5-4336 Semmens Douglas 241’"Bryla Sabina Mrs LE 3-
2749 243*"Rawluk Thos LE 2-7266 245’"Zemsta John LE 2-4923
247’"Smith Sami LE 1-7082 249*Rodak Miccyslaw LE 5-4194 Morin
Nola 251*"Kvasnicka Paul LE 5-7008 253’"Ellard Marie LE 5-5243 *"
El lard Maureen 255’"Kociol John LE 5-6365 257*Krupka Anthony LE
4-5449 Good Bruce LE 4-5449 259^0'Donohue Irene M LE 5-1002
Talarski Napoleon 261’"Moskal Stanley LE 1-2034 McQuigan Edna
Cucek Tony 273*Shaw Wm L LE 5-6140 275’"Goddard John A LE 5-
6846 279*Gourlay Lilly Mrs gro LE 6-7048 281*Sedej Mathew LE 2-
4123 ’"Sedej Simon 283*Braun Frank 532-5926 Dobo Alex 287
Vacant 289 Beeston George 533-1009 Brown Walter LE 3-1670
291’"Goodband Lloyd LE 6-7619 293*Krzyzaniak Edwd LE 4-7145
Burdzy Ferdinand 29i5’"Dlugosz John LE 6-2000 297 Barber Elaine
533-1269 Livingston 'Mavis 299*Kuczynski Zdzistaw LE 6-5236 Antler
Wilbert 301*Simpson Arthur LE 6-7712 ■"Simpson Violet E
■"Simpson Rosie M 303 Cockburn Ronald LE 4-5608 305 Booton Jos
L LE 6-9940 307 Owen Francis L LE 3-6114 309 Roche Cyril LE 2-
4876 311*"Diano Cosmo iLE 1-7553 Fragomeni Girolomo
3135"Krupchyn W 315:"Denino Tiberio LE 4-2120 Hribar -M irlko
317*Callanan Joseph J LE 6-9884 319’"Adamcyk John LE 2-0886
321’"Simkonis John LE 2-0706 Warnes Ralph Warnes Edith Mrs
323’"Currie James D LE 2-5185 325’"Bridgeford Fredk LE 6-7678
327’"Brusco Mario LE 5-8767 329’"Wolinski Jos LE 6-4003 Nowak
Victor 331’"McMath Robt LE 4-2447 Sheridan Margt LE 1-7845
333’"Settino Vittorio LE 5-8452 335’"Inamoto Kazuo LE 3-3398
337*Dessort Anten LE 2-0615 Dynir Fredk 339 Lemke Leonhard LE
6-2468 349’"Kachka Walter LE 5-8123 351 ’"Bryan Clara Mrs LE 1-
0988 353 Van Dyke Henry 535-0490 353A — 355’"Byrnes Adolph
357*Krywy Peter LE 6-0448 357V2*Hogan Nellie Mrs LE 1-0987
359’"Sosnowski Anthony LE 5-6736 Magermans Francis LE 3-6736
361’"Graham Wm LE 6-6832
 ST CLARENS AV -616East Side Continued 363 Musgrave
Horace R LE 1-4706 Bolli Beatrice 365*Bock Monadel Mrs LE 2-6736
367 Sernulis Walter Boyko Wm LE 6-3926 369*Brown Reginald LE 1-
0708 371*Karlovsky Peter LE 3-7311 373*MacDonald Richd M
375*Bereziuk Daniel LE 3-5159 377*Boyd Marie Mrs LE 5-6704
379*Flavelle Chas LE 4-1015 381 Kuprevicius Valas LE 7-3909 Mitky
Hans 391 1 Griffiths David 2 Vansickler Arthur 3 Pedashev Andrew
393 1 Koput Stanley 533-8142 2 M*ankowski Kazmir 535-5072 3
Mirandov Nicholas LE 7-1518 395*Melone Ernesto LE 6-3941
397*Baird Arthur LE 2-5902 Spates Stanley 399 Moschitto Frank LE
7-4890 40 1 ^Ci rel la Filippo LE 1-7000 403*Fushtey John LE 2-
8168 405*Jaworski Jaroslawa Mrs LE 2-0106 407*Skunchyk James
LE 5-5628 Knox Glenna 536-6788 413*Sajda Anthony LE 6-6064
415*Grnak Michl LE 1-5326 Spruhs Norman 536-5915
417*Kachmarchuk Taras LE 6-5126 419 Ward Gerard LE 7-4819
419A*Kachuk Stanley LE 2-8027 Stewart Wm 421*Lewis Regd J LE
6-6775 423’:'Cordner Edwd LE 1-0955 425*Drew Gordon A LE 1-
0814 427*Fragomeni Vincent LE 1-7338 429*Ardizzone Chris LE 5-
9013 431 Guthrie Marie Mrs LE 1-0891 433 Cnristian Cyril LE 1-6204
435::'Lowery A Edwd LE 4-6850 Lowery A E Wm Smith Carol 437
Googh Marilyn LE 4-6018 *Lansucki Andryes 439*George Kenneth
536-8728 Coute Dorothy 441*Vanderjagt Frank LE 2-7730 443*Reid
Gordon LE 6-8377 English Alex 4 4 7 H o 1 1 y Nicholas LE 3-8605
449*McLeod Margaret Mrs LE 1-0773 Wilkie Harry LE 6-4184
451*Jansa Joseph LE 1-6876 453*Kearns Audrey LE 1-0792 Hayes
Elva Mrs 455*Lazarenko Dymtre LE 1-5289 Smirnios Christo 533-
7242 Bloor st w crosses 461B-461C Ross Apts APARTMENTS— 461B
H Jones Joseph LE 4-6007 I Wilson David 536-5081 J Gillespie Alex
LE 1-9747 K Jones John W LE 4-9841 461C A Wilson Edwd LE 4-
3445 B McNab Thos LE 4-2287 C Legrow Wm N LE 3-8731 D Cook
Wm LE 6-8525 E Totten Robt LE 2-8127 F Bennings Jos W LE 6-0155
G Walker James LE 3-7092 STREET CONTINUED 463 Mandia
Josephine Mrs LE 4-1822 463A Brown Arthur LE 2-1790 465*Zutich
Milan LE 4-3190 467*001 Linda LE 1-3354 477*Thomas Dafana Mrs
LE 3-1960 479*Lane Ralph E LE 6-4525 481 Degrace Hector LE 5-
2569 483*Tersigni Paul LE 7-4244 485 — 487*Lesiuk Nick LE 6-0655
489 Edwards Emily 491 Doncaster John R 532-5918 493*Polisena Jo
LE 4-8113 *Rea Armand 493 V2 Coburn Allard G LE 6-9054
495*Yanskos George LE 6-5361 497*Derkacz Dmytro LE 6-5372
Baluk Peter 499*Zedo Leopold LE 1-2872 501 Brunner Victor *Atteka
Andrejs LE 1-4873 503*Karpiel Joseph LE 5-8139 505*Bis Nellie Mrs
LE 2-5017 *0sipchuk Natalie Mrs 507*Hare Herman LE 2-0931
509*Deimantavicius Kostas LE 6-3614 509V2*Bodner John LE 2-
2901 Fryer Mary 511*Cambouris Chris LE 1-8783 Cambouris Emonoil
513*North Hazel LE 6-2465 515 Wasson Percy H LE 6-1028
517*Chlystyk Alex LE 1-8248 Tyczkowski Stella Mrs 519*Luchetta
Franco 536-5284 521*Wiszniewski Felix LE 4-1480 Szyjanowicz
Genowefa ♦ Paton rd crosses 523*Conboy Bruce W LE 4-6913 523Vz
Black Lena Mrs LE 4-9761 527*Wright Dorothy LE 1-4245 Parker J
529*McClenaghan Wm H LE 1-4130 Brown Wm 531*Saunt John H
LE 1-4348 533*Wallner Joseph LE 3-0174 535*Debono Joseph LE 4-
9465 Cole Ralph 537*Eifert John LE 3-5814 Czotya Alex
539*Sampson Cecil 536-8342 541*Gaynor Bert F LE 1-4212 543
Ferreira Tony De Jesus Antonio LE 7-1158 543A*Lradoman Z 535-
6256 545*Debuono Francesco LE 3-6253 547*Suchy Daniel LE 1-
5436 549*Summaria Gabriele 537-5586 F i I ice Salvatore 551*Elliott
Edna LE 1-7084 Anderson Wm H 553 Stuart Malcolm *Devuono
Angelo LE 3-6846 555*Allcott Geoffrey W LE 4-6052 557 de Seguin
Robt D H 559*Smith Patrick E LE 1-8256 5ol*Salerno Oresto LE 3-
9692 563*Zuccharelli Luigi LE 5-9613 *Zuccharelli Mario 565*
Browning Harry furrier LE 1-7562 Browning Arthur W 567*Hurd
Arthur P LE 3-9353 569 York Lawrence 569A — ♦ Wallace a v
crosses 571*Gross Herman LE 1-4515 McAmerin Walter LE 2-5776
573*Gibbs Albert J LE 1-1893 575*Werner Heinz LE 3-4225
577*Campbell Elizth Mrs LE 6-8182 Campbell Margt 579*Forbes
Martha Mrs LE 1-3659 East Side Continued 581* Latter Earle A R LE
5-9177 583*Conlin Laurence LE 4-2155 585*Cooper Mary Mrs LE 2-
5041 587* Davis Becky Mrs LE 2-7673 589*McLachlan Ella MYs LE 2-
6594 591*Langdon Gladys Mrs LE 1-5491 593*McIntosh David LE 1-
6226 595*Benacquista Pasquale LE 5-7439 597 — 599*Packham
Alice Mrs LE 1-3650 601*Michalowski Tadeusz LE 1-5931
603*Fadden Wm LE 1-6670 605*Macchione Joseph LE 1-6595
607*Pulsone Antonio LE 5-8333 609*Preziuso Mike 534-4009 Manna
Ralph 611*Figliomini Arturo 613*Darlow Olive Mrs LE 1-8909
615*Barranca Armando LE 4-5409 617*Diginrgio Camilo LE 5-0423
Digiorgio Danny 619*Noble Ina LE 4-4873 Maxm Lamp Ltd whol
hardware and elect supp LE 4-4873 621*Paterson Lome LE 1-1742
623*Ieraci Cosimo LE 5-6725 623A Dafolves Maria 625*Battelanna
Johnny LE 6-1900 625A Hickey Murdock LE 3-0664 627*Efremidis
Alex LE 5-3290 629*Dabrowski John V LE 4-1920 Connors Kay Mrs
631 Saccoia Nick 533-0644 633*Saverino Rocco LE 1-8586
635*MacDonald Margt Mrs LE 1-2645 637*Gough Wm LE 1-7214
639 Williamson Edward A LE 3-6920 639A Jardine Geo E LE 7-4638
641*Cimco Tony 643* K is Stan LE 2-7515 645 Wortley G M 531-
5580 647*Hiscock Hubert LE 1-4353 647A — ♦ Lappin av crosses
709*Chung Lillian Mrs LE 3-1519 711*Clapham Norman LE 1-6640
713 Catizone James LE 7-5618 713V2 Fedyshyn William LE 4-9413
715*Harris Edith Mrs LE 1-4417 717 McNally Everett 533-2580
719*Kokorudz John LE 6-1456 721*Haddow Wm LE 1-3930 Tait
Winnifred Mrs 723*Reda Luigi 725 Filomi Alfredo Mirabelli Alfredo
727 Wirag Josef LE 2-5197 Psaffenhumer Joe 729*Vizzaccaro Frank
LE 4-2747 731*Dellobuono Anna LE 6-1751 733*D' Amato Jack LE
1-5325 735*Mann Wm LE 5-2283 737 Premsipa Joe 7 39*Irwin
David LE 6-1884 741*Mostacci Sandrino LE 7-3937 743*Bowdler Jas
LE 4-2436 745 MacKeen Mary Mrs LE 2-1338 Woods Alex
747*Samms Ronald C LE 3-2232 Scott Chas LE 2-1297
749*Guadagno Ruggiero LE 4-2789 751*Dagostino Joseph LE 5-
1485 Mostacci Gino 753*Spineto Mike LE 3-8487 755 Piccini S &
Sons gro LE 1-0568 *Piccini Onarina Mrs LE 1-0568 757 Schirripa
Cosmo Sandino Raitino 759*Schirripa Jerome LE 2-1888 ♦ Dupont
crosses ♦ CPR Crossing 801 Metro Central Garage LE 6-9211 801A
Vacant 807 Selzer Philip store fixtures 819 Vacant 825*0sborne
Edwd LE 1-1967 827*Hunter Sami LE 2-5529 ♦ Brandon av crosses
831-833 Minto Apts APARTMENTS— B Abel Robt 2 Prince John LE 4-
0355 3 Byrne Margt A Mrs LE 6-5082 4 Morning Jack 5 Wallace
Frederick LE 1-6903 6 Vacant 7 Van Tassel Mildred LE 3-3269 8
Breau John LE 3-4711 9 Chape 1 1 i Margaret LE 4-4909 10
Parkinson Douglas LE 7-3225 11 Vacant 871*McFedries Wm LE 4-
3042 873*Fikus Steve LE 3-4134 Glaze Trevor F 875*Behan James J
LE 1-1597 877*Hisey Earl G LE 5-1994 879*Dailey George LE 6-7396
881*Balicki Olga Mrs LE 5-5082 883*Kitagawa Tsueya LE 6-2296 885
Olliver Roland J LE 3-5156 887 Wells Ralph LE 4-1551 889*Bonatsos
Louis LE 6-0721 891*Howie Robt LE 5-7117 893 Fortner Thos F LE
3-2488 895*Fortner John M 897*Dunk Bernard LE 3-2297
899*Williams Earle V 901*Bradley Mildred E Mrs LE 2-1511 903 —
905 Titchard Bernard LE 4-1844 Canning Holly 907*Russo Alberto LE
3-1764 909*Gallacher Patk J LE 3-8351 911 Lo-Curt Distributing Co
Ltd soap and bleaches LE 4-9346 ♦ Davenport rd crosses
949*Carboni Augusta Mrs LE 5-4268 Carboni Joseph LE 4-5184
953*Cassella Wm LE 6-6892 955*Morettin Oreste LE 5-5955 Migotto
Mario 957 Monopoli Nick LE 5-9417 959*Convertini Pasquale 535-
9417 961*Mior Antonio LE 4-3343 963*Storto Pasquale LE 6-5767
967*Lizzi Sergio LE 5-5845 969*Rupa Egenio LE 6-6138 Cecato
Anthony 971*Iaboni Alfredo LE 2-0465 Bartoletti Angelo
973*Sinopoli Vito LE 7-3779 Denardo Antonio 537-8735 975*Irvine
Jas A LE 3-2891 977*Redman Percy G LE 2-2225 Hunter Robt
979*Dehnicke Winfried LE 5-6724 981*Stan Ona Mrs LE 3-5496
983*Seper Mike LE 4-2872 Sheffield Rosanna 985 Mayes Sam J 531-
7615 987*Vecchiarelli Domenic LE 1-1741 Casbarro Domenic
989*Dinunzio Antonio LE 5-6342 Carlinni Anthony Digiacomo
Umberto 995*Rodger Wm LE 5-5508 997*Hardie Walter LE 6-8134
East Side Continued 999 Martin Chas G LE 5-6308 1001*McLaughlin
Lawrence LE 4-4807 1003*Zapp Jos LE 5-0704 1005*Djatschenko
Fred LE 5-2844 Filipozzi Luigi 1007*McInnis Angus LE 6-8022
1009*Dadswell Jos LE 3-0010 1009A*Irvine Ernest J LE 3-0642
1011*Lonergan John N LE 5-6063 1011A O'Brien Alex
1013*Summers Madeline Mrs LE 4-5183 Summers Geo
1013A*Heinla Mait LE 3-5185 1015*Ewing Robt LE 5-6593
1017*Richmond Hyman LE 3-5136 1025*Lennox Robt C LE 3-2579
1029*Cerroni Angelo LE 2-1865 Compoli Gino 1031*Sanecki Stanley
LE 3-6233 Dugik Beneto 1C35*Cavalcante Lu'gi LE 3-9618 Filippelli
Luigi 1037*Hanhilahti Ahti LE 4-1059 Nomura Sylvia 1039 Paolinelli
Luigi LE 4-8971 1041*Hoy Sonny LE 7-4391 Ghibault Gilberte 535-
8255 1043 Yake Hugh LE 6-1857 Cousins Robt 1045*Alberino
Liegghio LE 2-6306 Copita Elio 1047*Brown Sadie Mrs LE 3-4059
1049*Morrello Frank 531-7387 Contan Emilio 1051 Vacant 1053
Cozza Ricardo LE 1-3849 Cassin Traquillo 1055*Conner Alfred N LE
3-5107 Henley Sarah 1057*Repetto Sami LE 1-2082 1059 Vacant
1061*Arduini Sisto 534-0772 1063*Cappuccitti Giuseppe LE 6-4570
*Gigli Michael *Cappuccitti Antonio 1065*Burley Victor LE 5-3624
1067 Vacant 1075*Matthews Clara Mrs LE 5-6104 1077*Ahlin Frank
LE 4-6055 1079*Mollicone Ernesto LE 2-1801 Mayer Aaron
1083*McCall Wm LE 4-5800 1085*0rrico Bruno 533-7195
1087*Stornelli Fernando LE 3-9108 Zaccolo Mario 1089* Ferraro
Gino 1091*Pucar Dvillio LE 5-8241 1093*Batten Walter LE 6-0973
Batten Victor 1095*Esposito Ernesto LE 2-5178 1097*Ash!eigh Allan
LE 3-4356 1099*T'homas Edith Mrs LE 3-4449 1101*Vicar!o Silvano
LE 5-5316 1103*Salisbury Earl G LE 4-3188 1105*Meinke Fritz LE 6-
1522 1107*Tyndorf Michael LE 4-7230 1113*Zaino Armand LE 5-
5706 *Zaino Tony Di Paulo Lino 1115*Mamcini Angelo LE 5-0635
1117*0kazaki Otokichi LE 5-8263 WEST SIDE . 2 Petcoff John 535-
9901 4 Harrison Wm 537-5209 6*Morris Henry R LE 3-2521 8*
Jeffrey Helen Mrs LE 3-4675 (rear) Bloor Washer Service LE 5-9300
Jeffrey Geo K 10 Jeffrey Murray 12 Happy Home Mfg Co washing
machine repairs LE 1-2353 14* Duck Cecil A LE 1-2047 16 Frenette
Edgar 535-5236 18*Sharette Louis LE 2-1818 20 Wha'en Ralph 532-
7282 22*Rusland Robt J LE 1-1096 24 Jones Carl 531-5434
26*Drapala Anthony 534-6940 Keating Morris 28 Weekley Art LE 1-
8654 30 Booth Margt 537-3360 32 Otto Gerhard 535-0251 34
Marohett Carmel Mrs LE 6-4998 36 Brennan Henry J LE 2-5437
38*Steger Heinz G LE 7-3909 40 Ryan Jas 536-8784 42 Way Helen
Mrs LE 4-3809 44 Boutilier Geo 535-1390 ♦ Shirley st crosses
46*Schmitt Alois LE 5-0620 48*Reid Robt LE 3-4165 50*Martin S
Harry LE 1-2831 52 Edwards Edna Mrs 52A Telford Marshall LE 4-
9800 56*Longley Geo A 58*Schilelli Joe LE 5-9537 60*Vi I lani Nicky
LE 7-1740 Precutti Nicky 62*Anderson Jas LE 6-5003 64* Piper John
LE 3-7853 66*Jaceczko M Sampson Jeff 68*Daniels Laurel Mrs LE 3-
1320 70*Wilkinson Margt Mrs LE 5-3296 72*Gratton Wm E LE 5-
3463 74 — 76*Mickus Mary Mrs LE 3-8179 78 Peters Frank 533-
6627 Young Joseph 80*Galvin Ernest LE 5-7321 82*Marjukovich
Thomas 532-6151 84*Maietta Augustino LE 3-2593 86*Godard
Omer J LE 5-4346 88*Baldassarre Frank 534-3650 90*Judd Alfred LE
4-9709 92*Brown Cecil E LE 2-8926 94*Tanzola Geo LE 5-7990
96*Conti Frank LE 2-4357 Lupo Frank 98 *Griff i th James H LE 5-
6333 100* Ware Kenneth LE 6-2794 102*Glassford Frank H LE 1-
3806 104 Johnson James 106 Cadden Percy 110 2 Bagole Howard
531-4388 4 Hale Fred C Davis Bruce 112 A MacDonald Osborne LE
5-5320 B Lubuk Lesley 3 Cuddy Aileen LE 2-5571 5 Pakel Victor LE
5-5972 7 Thorndyke Robt 9 Cairns Wm LE 5-4589 ♦ Dundas st w
crosses 114*Iagallo John LE 4-4191 1 1 6*Kawun John LE 4-5406
118*May Joseph LE 4-6894 J 20 So bon Henry LE 5-4489 1
22*Conforti Gasper 535-6822 Conforti Leonardo 1 24*Kluczkowski
Steve LE 3-4010 MacDonald Eve 126*Domin Andrew LE 4-5058
Pogson Dora 128*Bradley Archd LE 1-8785 Porter Ethel Mrs
130*Boyle Bridget E Mrs LE 1-8726 West Side Continued 132
Sredzinsi Teddy LE 2-6156 134*Wszendbyl Steve LE 6-1765 Navratil
Anthony 136*Raszewski Leo LE 5-2386 Markovich Martin 140
Commercial Printing Co job printers LE 1-2976 Ford Signs sign
painters 536-0062 150 Poole Clarence LE 5-7011 ♦ College st crosses
172*Schmidlechner Joseph LE 5-8381 174*Turnbull Chas E Kosziwka
Steve LE 1-2623 176*Gonke Joseph LE 5-6250 Linden Michl Wunder
Adolf 178*Wheatcroft Clifford J LE 5-8661 Wheatcroft Allan 186
Bonar Presbyterian Church LE 3-2697 194*Cachia Carmella Mrs LE
6-6149 198 Gourley Norman LE 3-2301 Stapleton Margt 533-6210
Collins Orville 200*Banski Stanislaw LE 1-2125 Goobie Mair Mrs
Woolrich James 202 Collejia Mary LE 3-6267 Lalonde Fred Wygas
Frank 204*Kuktoris John LE 6-4064 Doyle Richard 203 * N izinski Jos
LE 5-3273 210*Boguslawski Helen Mrs LE 3-1543 212*Laszczuk Alex
LE 1-2837 214 Kukulka Helen 535-9329 Huff Hugh Board William
218*Newman Sami LE 3-6313 Polomenace Rodger 220 Despres
Eddie LE 3-0152 Cleophas Leger 222*Rigon Maria Mrs LE 1-6328
224 — 22B*Kostanowicz Stanley LE 3-4975 Ewing John 230*Kozai
Tomisaburo LE 4-3293 *Kozai Susumu 232*Gallagher Allan M LE 6-
9213 Gallagher Allan jr 234*Zajac Josef LE 5-2896 236*Thibault
Jean 535-9098 238 Hosier Robt LE 4-1765 Studholme Norman LE 1-
3649 240*Hamilton Albert W LE 1-6374 242 Forhan Frank LE 1-6473
2 44* Spring Edwd W LE 1-5597 Gerhardinger Oscar 246*Pirrico
John LE 2-0378 248 Thompson Robt 51-7298 Gabriel Herbt
250*Baronas Paul 533-4422 Ziegler Grant 252*Gutauskas Walter LE
1-5609 MacNeil Betty 254*Sahan Nick LE 6-8790 256*Soltys Roman
LE 6-5980 258*McMullen Homer W LE 3-6722 Leger Joseph H
260*Kulish Nelson LE 2-0542 Pietsh Hans 262*De Berardis Pierino
LE 3-8227 Carinelli Antonio 264*Romanec Nick LE 2-3084 Burke
Kent 266*Kuliesis Petras LE 1-8711 Laurus Felix 268 Shintani Wm LE
4/L615 Shintani Deoke 270*Kleczeck Mike LE 5-3301 Campbell Alex
LE 2-3679 272*Kowalchuk Stephen LE 5-9268 Galaski Stanley
274*Keryluk Olga Mrs LE 6-3934 276 Malone James E LE 2-4332
Senf Friedrich 278* Martin Jerry 280 Silver 'Douglas LE 5-9251
VanBille Agnes 282*Lysyj Michael LE 3-5260 Williams Leroy
284*Bishop Gladys M LE 1-7723 286*Milner David W E LE 1-2262
288*Nepotiuk Dmytro LE 2-7804 Moroz Hrinko 290*Augustyniak
Stanislaw LE 5-5491 292*Krysak Wm LE 6-1777 294 Johnston Ross
LE 2-0592 Aarup Eric LE 7-5057 Blackburn Ada 534-6058 296*Watral
Mykola LE 4-2529 298*Kolach Petro LE 4-8324 300 Nickel Jas LE 3-
2551 Fuller John R Biladeau Edward 302*Babin Wm LE 5-0124
Moores William 304*Jennings Evelyn LE 3-6774 306*Burrows Frank
LE 3-1766 Smith Joan Mrs 308*Batiuch Wladimir LE 2-9138 Nanasy
Cornelia 310 Rivers John LE 3-5353 Brown Chas McPherson Margt 3
1 2 ^Griffiths Mary Mrs LE 1-7404 Kennedy Oswald 314*Stadnyk
Emil LE 3-3228 316*Navrocki Angus 533-0303 318*Landoffi Carlo LE
7-5345 Landoffi Frank 320*Russcetta Cocenzio LE 4-0336
322*Kulchycki Peter LE 3-6957 Newmarh Ronald 324*Santagata
Celestino 532-4110 Santulli Thos 326*Wilson Chas LE 1-4914
328*Thompson Esther LE 3-4333 ■"Thompson Margt *Thompson
Evelyn 330*Gawlo Wasyl LE 3-6887 332*Broderick Kathleen LE 5-
5788 Nephin Larry 532-8216 334*Lipka John LE 3-2689
336*Hlavacek Geo LE 4-1755 338*Bartley Jos LE 4-2213 Garbutt
David 340*Marusaik Anna Kosabaso Daniel 342*Krahulec Martin
344*Bostjancic Frank LE 3-1222 Vinski Marko 346*Rassos Chris LE
5-8088 348*Poskus Anthony LE 1-2129 Valancius Kostas 350*Turner
Ethel M Mrs LE 1-4203 352 Karg Oscar 535-1511 354 Kelly William
LE 6-3637 356*Carey Margt LE 5-4930 Bowman Wilson
358*Hennessy Elizabeth LE 1-4552 *Hennessy Mary C 360 King
Harn'd LE 2-8512 Farley John 362*Silins Harry LE 4-3146 Chepyha
Harry 364*Tilford Frank LE 4-5121 366*Novak John Lacey Teresa
Mrs LE 5-7093 West Side Continued 368*Beach Sami LE 5-2568
372*Batiste Manuel LE 2-6385 *Decosta Eusedio 374*Sas Bill LE 5-
7267 Hiegl Ivan Lamb Thomas 378*Burgess Ernest LE 1-2053 Smith
Alice Mrs 380*Haines Russell LE 1-4856 J82*Ferlito Nicolas LE 4-
0240 30i*Piwowar Mike LE 3-1612 386*Siscopulou Elsie Mrs LE 3-
9760 Papachristos Louis 388*Cregan Wm LE 5-4327 Kaye Earl 390
*S I i pak Walter LE 2-8957 392*Weick Arnold LE 3-3752 Bench Ida
394*Stoeckel Paul LE 6-5309 396*Lukow Natalie LE 4-6654 *Lukow
Mary 398*Hart Pearl MYs LE 2-0395 400 — 402 Vacant 404*Bilcik
Louie LE 5-0197 406*Dankowycz Andrew 534-6168 Wilkie David
533-3948 408*Zuccarelli Fred LE 6-1357 Lombardi Vittorio LaFiura
Vincenzo 410*Owtschinikow John LE 5-5181 412*Caparrella Carlo
535-1448 Carnavela Angelo 414*Boyd Raymond LE 4-6066 Jennings
Geo LE 4-6066 416 Brunette Max LE 3-3645 418*Bradley Gordon LE
1-2346 420*Merulla Salvatore LE 6-3598 428 Anne of London beauty
salon LE 2-7626 French Robt G LE 2-7626 428A Goodhand's Barber
Shop LE 6-7619 430 Vacant 432 Glen Moore Apts LE 5-3207 1 Daly
Jane 535-6287 1A Woodward Anne 2 Rose Douglas 2A Taylor
Gordon 3 Avery William LE 4-5675 Avery Harold 3A Garner Joseph 4
Lappin Sylvia LE 3-4989 5 Vacant ♦ Bloor st w crosses 478*Murray
John LE 1-5653 480*Day Kenneth LE 3-6057 482*Huck Sam Laird
Ethel Mrs LE 2-2992 484*Grinnel Philip 533-1906 Porco Benito
486*Hanesiak Leonard LE 6-2522 488*Haslam Marjorie LE 1-5504
490*McMurray John LE 2-0887 492*Hatzifotis John LE 3-0672
494*Lisowski George LE 1-7187 496*McFadyen Alex LE 6-0907
498*Jarosz Ignacy LE 5-5659 Jenkins Robert 500*Amann Otto LE 3-
4791 502 — *Biase Nicola LE 4-9126 504*Williamson Frank J LE 3-
0426 Hanley Cora Mrs 506*Dedos Chris 533-4841 508*Haldenby S
Arthur LE 1-7433 510*Veck Thos LE 1-6411 5 1 2 * Love 1 1 Fred H
LE 1-3684 514 Hall Gordon LE 1-2012 514V2*Aristodemo Mario LE
1-4543 516*Mackie Mary Mrs LE 1-6624 518*Ellis Wm LE 1-4536
520*Nowak Kazimir LE 7-1443 522 MacMaster Roy R 531-2091 ♦
Paton rd crosses 524-526 Byelorussian Orthodox Church and
Community Hall 530*Campus Jo LE 4-8297 532*Sture Lauri LE 2-
8128 534*Serafino Angelo LE 1-2693 536 O'Hare Hugh 537-3381
538*Bronson Marvin LE 1-7005 540 Fukumoto Toyemon LE 4-2835
54 2* Lewis Hilda LE 1-3158 544*Grandi Nicolino Mrs LE 3-9902
546*Col I i ns Helen Mrs LE 3-3859 Dunhaven Nursing Home LE 3-
3859 548*Sward Jas LE 1-8730 550*Baumstark Roland LE 1-1528
552*Dinatale Giovanni LE 7-4296 554*Knight Annie Mrs 531-2594
556*Hynds Helen Mrs LE 1-2698 558*Bostridge Edwd A LE 6-1394
562*Keating Arthur T LE 1-2856 564*Maccina Joe 532-5478
566*Bellwood Margt Mrs LE 1-3204 568*Miles Florence Mrs 531-
5542 570*Bromwich Donald C LE 3-6603 Capital . Electric LE 3-6603
572*Scorgie Andrew G LE 2-1968 Martin Gordon E 574 Goldsworthy
Robert LE 1-4794 ♦ Wallace av crosses 578*Guglietta Umberto LE 1-
6367 D'Agostino Rico 580*Muszynski Julia Mrs LE 4-6906 Baley Olive
Mrs 5 8 2 * H i 1 1 Wm 0 5d4*Esposito Nicola 534-6035
586*Hamilton John LE 6-7123 588*Dilucio Carmen LE 6-6251
Liuvigio Carlo 590*Loberto Dominic LE 7-4537 D'ecicco Alfred
592*Lehto Taisto LE 3-4827 594*Pioro Marian LE 6-7320 598 Smart
Wm J LE 1-4742 600*Muia Constantino LE 6-8026 Reale Vincent
602*Delelles Augusto LE 4-2639 604 — 606*Kelly Cecil H LE 2-1392
608*Blackmore Percy LE 6-7010 610*Fridge Isabella Mrs LE 4-1826
612*Cacciotti Joseph 533-6020 614*Tovey Arthur J LE 5-6826 616
Bartlett Wm & Son Ltd awning canvas specialties LE 4-2318 Miles
Fredk W LE 4-2310 618*Monestyrskyj Theodore LE 2-3663
618A*Cimolai Nello LE 5-7226 620*Menduni Lucia LE 4-5370
622*Stanford Ada Mrs LE 1-7955 Porter Wilfred 624 Vacant *Boulard
Armand LE 1-6968 626*Domotor Stephen LE 3-9336 628*Iafrate
Victtorio LE 4-9890 630*Monacelli Joe LE 4-0991 632*Iannucci
Romeo LE 1-5654 Laverendin Vincenzo 634*Luxton Myrtle 531-7806
Burgess Margt Mrs 531-7806 636 Vacant 638*Dibellis Virgilio LE 4-
0893 Missouri Benedeto 640*Fasolo Peter LE 1-6326 and
 Page 617 ST DENNIS DR West Side Continued 642*
*Munroe Arthur R LE 5-6931 644*Goldsworthy Elizt'h Mrs LE 1-8055
646* Ross Lily Mrs LE 5-6050 648*Foster Jennie Mrs LE 6-6182
650*Garnett Alma Mrs LE 1-8611 *Neun Lillian Mrs 652*Scarna
Gaetano LE 5-0904 654*Valenti Joe LE 3-5522 Cassano Domenico
656 Brown's Supermarket gro and meats LE 1-5250 *Sereda Osyp ♦
Lappin av crosses 658 Gooderham Gordon 533-3814 658A Vacant
660*Meleca Carlo LE 5-7057 660A*Albanese Mick LE 5-0018
662*Decuo Alfredo 534-7117 664 * Val I is Lester LE 5-0337
666*Partridge Robt LE 5-5231 668 Deighan John LE 5-6243
670*Romano Micola LE 5-2768 672*Digiovanni Antonio LE 6-7186
674 McQuarrie Fredk 676 Wagner Mary Mrs LE 5-3852 678*McCoach
Wm A LE 4-8173 680>:‘Moore Alfred A LE 4-0306 682*Pattie Jas LE
6-6228 684*Jenkins Aaron LE 6-0740 686-692 Vacant 696 Vacant
698*Sargent Walter LE 1-4792 DeJonge Beverley M’rs LE 1-5149
700*Cole Sami LE 3-1097 702*Madsen Hermann LE 4-7298
702*Porco Ernesto 531-6223 704 Vacant *Nardi Paris 706*0ldenburg
Helmut LE 2-2905 ♦ Dupont st crosses 710 Gray Forgings &
Stampings Ltd LE 1-5731 ♦ CPR crossing ♦ Brandon av crosses ♦
Davenport rd crosses 932’:'Del isale Giovanni LE 2-3186 Tasinazzo
Fernando 934*Gilmour Mary LE 3-4240 946*Reid Jocelyn
950*Lupton Joseph LE 2-5184 952*Hamill Martha LE 1-4404 Barnes
Fred 95 4* Rossi me I Maria Mrs LE 5-0408 956*Campodorto
Alessandro LE 3-3096 958*Toffoli Albino LE 3-0764 960 Krushen
Michl LE 1-2380 9 6 2 V i t i Antonio LE 1-0710 964*Gualtieri Franco
LE 4-9669 966*Stewart Alice Mrs LE 6-9656 96 8* Mart in Alice Mrs
LE 6-7725 970*Rodo Michl D LE 3-6906 972*Golding Thos C LE 5-
9311 974*Hollett Malcolm LE 4-3151 97 6* Davies Benj LE 4-5182
978*Harper Jonathan LE 4-4433 986*Kovatch Joseph LE 4-2030
988*Vagnoni Cristino 535-9086 Cunic Joseph 990*Alonzi Benny LE
5-9186 Fattore Orlando 992*Macchiusi Loreto LE 2-6560 Di Giuseppi
Vittorio 996*Doyle Frank LE 6-0952 998 l*Jardine Robt 2*Carducci
Edwd LE 4-4961 3 Vicker Bradford Cain John Foisy Marc 1000 1
Sirmay John 2 Spittell James 3 Christie James 1004*Carducci Joseph
Carducci Alfonso 1006 Granicolo Sante LE 3-9372 1008*Shiomi
Masayoshi 531-7070 1010*Cagnotti Salvatore LE 4-2918 Matoni
Carlo 1012*Zanello Dcmenic LE 1-6615 1014*Waraksa Mieczyslaw
LE 7-1605 1016 Orleanski Michl LE 7-4823 10-1 8* White Herbt J LE
3-6136 Mugent Margt B LE 7-1387 Cochrane Robt LE 7-3810
1020*Rossi Giovanni LE 4-1267 Rossi Guerrino 10'22*Cantle Louise
Mrs LE 1-2661 1024*D'Agostino Tony LE 5-5403 1032*Italo Batiston
LE 2-9231 Chiart Dino 1034*Lombardi Domenico LE 5-8339
1036*Villani Giuseppe LE 7-2080 1038*Saito Mataju LE 3-0437 Nishi
Moutsuo 1040*Rossi Guido LE 2-3426 1042*Turner Wm LE 4-1910
1042V2*Modotto Giuseppe 532-7367 Maramzana Valentino 1044 —
1046*Scrivens Rose 0 LE 3-5820 1048* Roberts Alwyn LE 3-7467
1050* Barnes John E LE 2-6531 1064 Wright Lawrence 1064A
Collins Annie Mrs LE 1-7521 1066*Demacio Frank LE 3-1816 1068 —
1070*Demacio Anthony LE 3-6772 1072*Carinci Danny LE 5-4323
Braini Wido 1074*Stulov Boris LE 5-6164 Kayser Walter
1078*Redigonda Angelo LE 2-3525 Trevisan Oreste 1080*Ungaratto
Armenia LE 6-7587 1082*Hooper Agnes Mrs LE 3-1992 1084*Taylor
Andrew LE 3-4287 1086*McLaughlin David LE 6-5652 Tansley Lily
1088* Kenney Geo W LE 3-2188 109 2* Cook Thos P LE 3-2187
1094 Vacant 1098 Pipitoni Paulo LE 4-2447 Pichini Olimpo
1100*Hartl Gustav 533-4348 1102*Galeazza Micola A LE 4-8285
1104*Zaluga John LE 3-0366 1106*Lombardi Constantino 533-0713
Tomasoni Batiste 1110 Scavolli Vito Scavolli Carmen 532-9490
1112*Gattoni Quintillio LE 1-0962 Bataglin Robert 1114*Tomasone
Antonio LE 3-4813 1116 Troughton George LE 3-9326 1118*Di
Stefano Lei lo LE 3-4519 Colletta Anna ST CLEMENTS AV 12 West
from 2532 Yonge to Bathurst, first south of Briar Hill av, Ward 9.
NORTH SIDE 14 Public Library (St Clements br) HU 3-5952
28*Smyth Muriel Mrs HU 3-6308 30*Bellard John HU 1-5997
34*Kozachenko Mykola HU 1-2876 *Kozachenko Grycko North Side
Continued 38*Fenning Fred J HU 8-8639 42*Douglas Ida B Mrs HU
8-4390 46*Boddy Stephen HU 1-1942 50*Crowther Thos HU 3-4808
♦ Duplex av crosses 70 St Clements Parish Hall HU 3-6664
106<‘Stevens Raymond H HU 8-7560 108:,Waizman Mary T HU 9-
6344 *Waizman Florence M 110 Smith Donald E HU 9-4286
112*Small Wm HU 5-4348 1 14*Sikura John HU 3-1231
116*Fenwick Beatrice Mrs HU 3-1203 1 18*Ware Norman HU 1-6324
120* Roberts Albt W HU 9-2747 122 Norman Harry Standing Mary B
Mrs HU 3-2900 Standing E Maude 1 2 8 >:< A 1 1 port Beatrice Mrs
HU 3-4827 132*Modeland Edith Mrs HU 7-2515 Burley Wm Webb
Emily Mrs 134*Rappaport Aaron HU 1-3885 138*Warwick Beatrice M
Mrs HU 3-5837 Sayers Richard T 140*Cole Octavia A HU 9-7466
146*Price Douglas HU 1-8879 150*Robinson Ina M Mrs HU 3-1594
154*Howard-Gunn Ronald HU 5-2086 156* Moss Alice Mrs HU 3-
1080 160*Howison Harold C HU 3-8658 164*MacKenzie Delmar E
HU 3-7526 168 Johnston Rcbt S HU 1-7909 170*Palmer Herbt S HU
3-3080 Lemmon Agnes 176*Quigley Michl J HU 8-1437 178*Merrett
Constance Mrs HU 9-5752 ♦ Ros^well av crosses 216 l*Morkis John
HU 5-3940 2 Wovil Bernice HU 5-9264 222*Fitkin Jas E HU 5-6173
224*Eisemann Ignaz 483-1336 226*Derry John A HU 1-5467
232*Ferguson Margt Mrs HU 3-3054 238* Bertram Joyce E HU 7-
1073 *Thompson Anne R ♦ Birdsall av commences 258*McInnes
Catherine HU 5-1556 260*Falussy Miklos HU 3-3490 262 Rotermund
Ludwig 485-8728 264* Howard Barry HU 3-4868 266*Kurtz M Rhea
Mrs HU 1-3233 268*Smith W Reginald HU 1-4310 270*Rosenfeld
Bruno HU 9-2308 272*Gallagher John E HU 3-7504 274*Benitz John
C HU 8-8731 276*Glenister John HU 8-6195 278*Peternlg Joe 488-
5475 280* Lube Gotfrid HU 3-8939 282*Travis Geo M HU 8-4637
284*Davis F Stewart HU 8-8117 286*Shi lejkis Geo 489-7917
288*Fee 'Muriel E HU 3-8466 290* Davies Albt C HU 8-1898 29 2*
Hooker Frank S HU 8-1872 294*Sharp Elizth Mrs HU 8-3570
296*Carter Percy A HU 8-1398 298*Nealon Sarah M HU 9-4959
*Nealon Mary Mrs *Ne^ion Mary A 300*Girard Keith HU 9-4688
302*Howard Paul S HU 9-9807 304*Lewis Donald 489-9457
306*Spurling Redvers R HU 9-6244 308*Wittenberg Gerald H 310
Langan J Joseph HU 1-0876 314*Ready John M HU 3-6846 313 —
322*Peters Gordon 324*Bossin Marcia Mrs HU 5-5550 326* Watkins
Gertrude Mrs HU 9-5286 328*Harshaw Harold L HU 5-5783 330
Palmer Austin 488-0039 332*Cock Mary Mrs HU 8-4083
334*Campbell Glenn W HU 8-4084 336*Petrowsky Michl HU 1-7160
Mehar Beant 338*Shier Bruce B HU 3-7963 340*0swald John M HU
9-7546 ♦ Avenue rd crosses 370*Nowell Herbt E HU 3-8067
Welcome to Our Bookstore - The Ultimate Destination for Book Lovers
Are you passionate about books and eager to explore new worlds of
knowledge? At our website, we offer a vast collection of books that
cater to every interest and age group. From classic literature to
specialized publications, self-help books, and children’s stories, we
have it all! Each book is a gateway to new adventures, helping you
expand your knowledge and nourish your soul
Experience Convenient and Enjoyable Book Shopping Our website is more
than just an online bookstore—it’s a bridge connecting readers to the
timeless values of culture and wisdom. With a sleek and user-friendly
interface and a smart search system, you can find your favorite books
quickly and easily. Enjoy special promotions, fast home delivery, and
a seamless shopping experience that saves you time and enhances your
love for reading.
Let us accompany you on the journey of exploring knowledge and
personal growth!

ebookball.com