From e64b72dd29af109a0c2d916b1765822931b4d861 Mon Sep 17 00:00:00 2001 From: Nassim Tabchiche Date: Tue, 17 Dec 2024 01:17:10 +0100 Subject: [PATCH 1/5] Display name and ref_id columns in attack paths model table --- frontend/src/lib/utils/table.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts index c1eacb9cf..e1f76b0ae 100644 --- a/frontend/src/lib/utils/table.ts +++ b/frontend/src/lib/utils/table.ts @@ -597,8 +597,8 @@ export const listViewFields: ListViewFieldsConfig = { body: ['entity', 'category', 'current_criticality', 'applied_controls', 'residual_criticality'] }, 'attack-paths': { - head: ['risk_origin', 'target_objective', 'stakeholders', 'attackPath'], - body: ['risk_origin', 'target_objective', 'stakeholders', 'description'] + head: ['ref_id', 'name', 'risk_origin', 'target_objective', 'stakeholders', 'attackPath'], + body: ['ref_id', 'name', 'risk_origin', 'target_objective', 'stakeholders', 'description'] }, 'operational-scenarios': { head: ['description', 'threats', 'likelihood'], From ef13a420804edab2ee6cb1506da4db692c3605a2 Mon Sep 17 00:00:00 2001 From: Nassim Tabchiche Date: Mon, 16 Dec 2024 20:14:44 +0100 Subject: [PATCH 2/5] Round displayed stakeholder criticality --- backend/ebios_rm/models.py | 14 ++++++++++++++ backend/ebios_rm/serializers.py | 16 ++++++++++++---- .../Forms/ModelForm/StakeholderForm.svelte | 2 +- 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/backend/ebios_rm/models.py b/backend/ebios_rm/models.py index 7eb44315e..9fd9c0cd3 100644 --- a/backend/ebios_rm/models.py +++ b/backend/ebios_rm/models.py @@ -362,6 +362,20 @@ def residual_criticality(self): self.residual_trust, ) + def get_current_criticality_display(self) -> str: + return ( + f"{self.current_criticality:.2f}".rstrip("0").rstrip(".") + if "." in f"{self.current_criticality:.2f}" + else f"{self.current_criticality:.2f}" + ) + + def get_residual_criticality_display(self) -> str: + return ( + f"{self.residual_criticality:.2f}".rstrip("0").rstrip(".") + if "." in f"{self.residual_criticality:.2f}" + else f"{self.residual_criticality:.2f}" + ) + class AttackPath(NameDescriptionMixin, FolderMixin): ebios_rm_study = models.ForeignKey( diff --git a/backend/ebios_rm/serializers.py b/backend/ebios_rm/serializers.py index 7a9e597bd..041b5904f 100644 --- a/backend/ebios_rm/serializers.py +++ b/backend/ebios_rm/serializers.py @@ -104,8 +104,12 @@ class Meta: class StakeholderWriteSerializer(BaseModelSerializer): - current_criticality = serializers.IntegerField(read_only=True) - residual_criticality = serializers.IntegerField(read_only=True) + current_criticality = serializers.CharField( + source="get_current_criticality_display" + ) + residual_criticality = serializers.CharField( + source="get_residual_criticality_display" + ) class Meta: model = Stakeholder @@ -120,8 +124,12 @@ class StakeholderReadSerializer(BaseModelSerializer): applied_controls = FieldsRelatedField(many=True) category = serializers.CharField(source="get_category_display") - current_criticality = serializers.IntegerField() - residual_criticality = serializers.IntegerField() + current_criticality = serializers.CharField( + source="get_current_criticality_display" + ) + residual_criticality = serializers.CharField( + source="get_residual_criticality_display" + ) class Meta: model = Stakeholder diff --git a/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte b/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte index 288cf1479..6b1a576f3 100644 --- a/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte +++ b/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte @@ -55,7 +55,7 @@ trust: number ) => { if (maturity === 0 || trust === 0) return 0; - return (dependency * penetration) / (maturity * trust); + return ((dependency * penetration) / (maturity * trust)).toFixed(2).replace(/\.?0+$/, ''); }; $: currentCriticality = getCriticality( From 583ba766e88db30261fb84fd3931211987979ed7 Mon Sep 17 00:00:00 2001 From: melinoix Date: Tue, 17 Dec 2024 15:23:54 +0100 Subject: [PATCH 3/5] translated asset objectives (#1203) --- frontend/messages/fr.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json index 6211b45f9..6311995ff 100644 --- a/frontend/messages/fr.json +++ b/frontend/messages/fr.json @@ -906,5 +906,16 @@ "extraControlsHelper": "Que ferez-vous pour atténuer ce risque", "existingContextHelper": "Description des mesures existantes (ce champ sera bientôt obsolète)", "resetPasswordHere": "Vous pouvez réinitialiser votre mot de passe ici.", - "resetPassword": "Réinitialiser le mot de passe" + "resetPassword": "Réinitialiser le mot de passe", + "securityObjectives": "Objectifs de sécurité", + "disasterRecoveryObjectives": "Objectifs de reprise après sinistre", + "hours": "Heures", + "minutes": "Minutes", + "seconds": "Secondes", + "rto": "RTO", + "rtoHelpText": "Objectif de temps de récupération", + "rpo": "RPO", + "rpoHelpText": "Objectif du point de récupération", + "mtd": "MTD", + "mtdHelpText": "Temps d'arrêt maximal tolérable" } From 17e67fd2d802a4a0424dc395210fa8c22dcd4cf6 Mon Sep 17 00:00:00 2001 From: eric-intuitem <71850047+eric-intuitem@users.noreply.github.com> Date: Tue, 17 Dec 2024 16:56:12 +0100 Subject: [PATCH 4/5] Add explicit strategic scenarios --- documentation/architecture/data-model.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/documentation/architecture/data-model.md b/documentation/architecture/data-model.md index cdce6f2be..dce95dae0 100644 --- a/documentation/architecture/data-model.md +++ b/documentation/architecture/data-model.md @@ -1348,7 +1348,8 @@ erDiagram EBIOS_RM_STUDY }o--o{ COMPLIANCE_ASSESSMENT: leverages EBIOS_RM_STUDY }o--|| RISK_MATRIX : leverages EBIOS_RM_STUDY |o--o{ RISK_ASSESSMENT : generates - ATTACK_PATH }o--|| RO_TO : derives + STRATEGIC_SCENARIO }o--|| RO_TO : derives_from + ATTACK_PATH }o--|| STRATEGIC_SCENARIO : derives RO_TO }o--o{ FEARED_EVENT : corresponds_to OPERATIONAL_SCENARIO |o--|| ATTACK_PATH : derives OPERATIONAL_SCENARIO }o--o{ THREAT : leverages @@ -1405,6 +1406,12 @@ erDiagram string justification } + STRATEGIC_SCENARIO { + string ref_id + string name + string description + } + ATTACK_PATH { string ref_id string name From 71e5be831ff4ff345333184b179ce22c7f240bca Mon Sep 17 00:00:00 2001 From: Abderrahmane Smimite Date: Tue, 17 Dec 2024 20:56:03 +0100 Subject: [PATCH 5/5] Example for a 6x6 matrix --- .../libraries/risk-matrix-6x6-detailed.yaml | 204 ++++++++++++++++++ tools/matrix/risk-matrix-6x6-detailed.xlsx | Bin 0 -> 14284 bytes 2 files changed, 204 insertions(+) create mode 100644 backend/library/libraries/risk-matrix-6x6-detailed.yaml create mode 100644 tools/matrix/risk-matrix-6x6-detailed.xlsx diff --git a/backend/library/libraries/risk-matrix-6x6-detailed.yaml b/backend/library/libraries/risk-matrix-6x6-detailed.yaml new file mode 100644 index 000000000..96a2de189 --- /dev/null +++ b/backend/library/libraries/risk-matrix-6x6-detailed.yaml @@ -0,0 +1,204 @@ +urn: urn:intuitem:risk:library:risk-matrix-6x6-detailed +locale: fr +ref_id: risk-matrix-6x6-detailed +name: 6x6 detailed +description: 6x6 detailed example +copyright: domaine public +version: 1 +provider: intuitem +packager: intuitem +objects: + risk_matrix: + - urn: urn:intuitem:risk:matrix:6x6-detailed + ref_id: risk-matrix-6x6-detailed + name: 6x6 detailed + description: 6x6 detailed example + probability: + - id: 0 + abbreviation: EX + name: Exceptionnel + description: Une fois tous les 5 ans ou 1 tous les 10.000 (< 1%) + translations: + en: + name: Exceptional + description: Once every 5 years or every 10,000 days (< 1%) + hexcolor: '#00B050' + - id: 1 + abbreviation: RA + name: Rare + description: Une fois par an ou 1 tous les 1.000 (< 5%) + translations: + en: + name: Rare + description: Once per year or every 1,000 days (< 5%) + hexcolor: '#FFFF00' + - id: 2 + abbreviation: UL + name: "Peu fr\xE9quent" + description: Une fois par trimestre ou 1 tous les 100 (< 10%) + translations: + en: + name: Uncommon + description: Once per quarter or every 100 days (< 10%) + hexcolor: '#FFC000' + - id: 3 + abbreviation: LI + name: "Fr\xE9quent" + description: Une fois par mois ou 1 tous les 50 (< 20%) + translations: + en: + name: Common + description: Once per month or every 50 days (< 20%) + hexcolor: '#FF0000' + - id: 4 + abbreviation: VF + name: "Tr\xE8s fr\xE9quent" + description: Une fois par semaine ou 1 tous les 10 (<90%) + translations: + en: + name: Very frequent + description: Once per week or every 10 days (< 90%) + hexcolor: '#FF0000' + - id: 5 + abbreviation: RE + name: "R\xE9current" + description: Une fois par jour 1 tous les 2 (> 90%) + translations: + en: + name: Recurrent + description: Once per day or every 2 days (> 90%) + hexcolor: '#FF0000' + impact: + - id: 0 + abbreviation: LO + name: 'Faible ' + description: "<10k\u20AC " + translations: + en: + name: 'Low ' + description: "<10k\u20AC " + hexcolor: '#00B050' + - id: 1 + abbreviation: MI + name: "Mod\xE9r\xE9 " + description: " entre 10 et 50k\u20AC " + translations: + en: + name: Moderate + description: " from 10 to 50k\u20AC " + hexcolor: '#FFFF00' + - id: 2 + abbreviation: SI + name: 'Significatif ' + description: " entre 50 et 100k\u20AC " + translations: + en: + name: 'Significant ' + description: " from 50 to 100k\u20AC " + hexcolor: '#FFC000' + - id: 3 + abbreviation: SE + name: "S\xE9rieux " + description: "entre 100 et 500 k\u20AC" + translations: + en: + name: Serious + description: "from 100 to 500 k\u20AC" + hexcolor: '#FF0000' + - id: 4 + abbreviation: CR + name: 'Critique ' + description: "entre 500 et 1 000 k\u20AC" + translations: + en: + name: 'Critical ' + description: "from 500 to 1 000 k\u20AC" + hexcolor: '#FF0000' + - id: 5 + abbreviation: CA + name: 'Catastrophique ' + description: "> 1 000 k\u20AC" + translations: + en: + name: 'Catastrophic ' + description: "> 1 000 k\u20AC" + hexcolor: '#FF0000' + risk: + - id: 0 + abbreviation: LO + name: Faible + description: "Risque n\xE9gligeable" + translations: + en: + name: Low + description: Negligible risk + hexcolor: '#00B050' + - id: 1 + abbreviation: MO + name: "Mod\xE9r\xE9" + description: "Risque relevant de l'activit\xE9 courante du m\xE9tier (dispositifs\ + \ de\nma\xEEtrise inscrits dans les proc\xE9dures et outils)" + translations: + en: + name: Moderate + description: Risk related to routine business activity (control measures + defined in procedures and tools) + hexcolor: '#FFFF00' + - id: 2 + abbreviation: SI + name: Significatif + description: "Risque demandant un niveau de ma\xEEtrise satisfaisant et un suivi\ + \ par le m\xE9tier" + translations: + en: + name: Significant + description: Risk requiring satisfactory control and monitoring by the business + hexcolor: '#FFC000' + - id: 3 + abbreviation: MA + name: Majeur + description: "Risque prioritaire dont le niveau de ma\xEEtrise doit \xEAtre\ + \ suivi par la Direction m\xE9tier en relation avec le RSSI" + translations: + en: + name: Major + description: Priority risk where control levels must be monitored by business + management in coordination with the CISO. + hexcolor: '#FF0000' + grid: + - - 0 + - 0 + - 0 + - 0 + - 1 + - 3 + - - 0 + - 0 + - 1 + - 1 + - 2 + - 3 + - - 0 + - 1 + - 1 + - 2 + - 2 + - 3 + - - 0 + - 1 + - 2 + - 2 + - 2 + - 3 + - - 0 + - 1 + - 2 + - 2 + - 3 + - 3 + - - 1 + - 2 + - 2 + - 3 + - 3 + - 3 diff --git a/tools/matrix/risk-matrix-6x6-detailed.xlsx b/tools/matrix/risk-matrix-6x6-detailed.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..4b0551b0a1bb686ea636a9e5008ddf334305ccff GIT binary patch literal 14284 zcmeIZWpEtHwk_OZW@cGT7Be%mEM{miSqv64GlRvl$YN$@mMpfIEM}HI&7AYz%<-M~ z|BJY%I-;s8vexSCti5yZ%v`A`0|t%`fCNAT0DupGZ>c4#wjcmN5(EH%27m_D7O}H+ z0@^z1e{#16I_lE9*;o_jfrC=z06^cL|L^g?xCQzWM{Ro;k;U$k9+Bc2RgDakR5AR- zh(<9>uEBIXi7~y0jj5i!C?QKrrG=miY>mjXoA2DV(l*^}LV0q05lXEdehmcgFGjc*bN}m_nbvr}G!gqE*>n`m5+Z+&qGKS3rZuVmtY(fIhY z0|33pJF{uyiKx(=pUMS@?VMc-CnESxK9ti?1@h7M9vHV3%cd!Qfy5LD>*LGLhn)l# zu$j6p=KGPL&ZUhyMwhqNPZhEuT$3Ws*YA$__67z}{0}!p)9V0&zPsuAyBET}yQ#hd z(AtrK{*Uv2-SdC3PyX$%m&eP=fH5HlpZULi7;EQQp&^;EW)M4&GkF1FN_#QjNQ*6K zdASo8a>{KW^vJAq&2~?_F|EmW%SZNfK}{Be@y|4!ZB^@$d1-2bLP>BCk2;p@@guP= zJu16liK5xfUA*BBFW<@wq$hv##delZ>-Xnt*0JE!NOHi|x|T*NCD%#XB?w-}RUBvS zpOA#+aRkfbzi)eJW9N{ov>5fU8!jZJjV%(Lh}FE0T@wCv#g?a*TS(Sj z`XmSH#Lt??_g46yE+bM8bzKSu06@b407&moxLGr}+BsMm+1XkB5!K37ZS3+nkzc)M zUZDD1E%ihM<|We>Qo2IUK5}^79W1~(Xqq!(PX~O z0}&*p@Sq0bk&s=+&uQpXC$m=78nq3e7CqyHC8Ozt#v^O053!GdN6ZLv0rHpsr$(+w}XY?Wc6jr*=A3#MQPygpyZ$TfNC?QQO}fckJcVQxo*G za$ipFwFCDV4eTcT39fBcS!ywnWF=c*sjpH*antVeKzH)`F6TCwr|Kro{`2hxz z*Hqawiq$owX&j~?eof{ z(-j;NU~ophu<>B(0w?w4zYr^oEdBZ0IbIU!e#x-AIbS=4{6@O%FC3{@pg3|fW5MYd z_MmCvgKd1j(lf%)xl$_2>hNU_A_U*GZfwue4}zbFJjpmNb#9K^^SnC2EpLqQp6lp_ z^H4-oOQ9SDB_$1B1#;c&g59p-U6veUV0fk(-dAy$HJ>nxJawKTruI>J8$N0i^fnh* z)pW@)s-Ro%?u+`|5D2);QnC403$PF~cc4I!4oa?4U2e0=)byRch)^QlzF^^>oN3K2 z$cm-lU#+Qhq_8-BnJ;)+Ji@55&~9DmKL3ud&V`=ba+6~` zS_cLcYPeJzdPPhx>Kb+!AL0O8U{o1oS^aE)XS`7DH#;WJCy-TGU94Qr&%JqO-tJ`) z)Vm<-u4zP%g}=|BDCk%dUJa1D-9fqc{AGRYcZqL5JzhR$U(v<7<+g+Slg^QMJ)OKH zrJbwnppt*_e&CycT-9+7^*8USNf9>FkooN`%T9aA)7DFbeHM(n-orPRXV7C>huqJ% z_PK_a54N9Ob5Cqq+&sqUS)=!^4!(*#-r0k{nEBqqd@^R>VJ+}_B={${mM$qW{KMfT z-d!6P01fi)*8d8Ie|PTx6Bt3>^VavM`M>*Uiyyb_V}uVp3+f1%ZvPzrsyM>!NgdSQ zumZ(cjT$0nZCoPY{*<10%3f8FGL=updc`zm`owj;ML_EOlbWgqAG~EbW1=2b?@mGe zjySZQrR5G0BT}-ef}VkWa?wg&!K77?q=Zx1Agwnb@sl<_E08}&CS_ny$Pw3=HsCu_ zimF{OH~jE}oy|I{Zd6Q%H{R3*4%~1UTtZIt#~Oc&XFW_! zPzd+zT%Cl?-a#-;QU1^P>SV<-&EP7}EMrE@jaEIe^C;tRgP-`h3t6-o$Q^5G;A6ag zJyz4Qjtks6sJ;Dy`zOm0#X(b=dAFL#_fqV4llXT)a5M)3og5kdyfFO{88Q=eWAYf$ zgU>jY-lnbzrBS9oY>5&KPpp{=R9aEbNK&u-s9YQKSy#b#MokDy1LrIZ+UG0YKiRp+ z!L36ZkY3wM4Mq{q+igia;T{z5LGQ*UJ<`yw5pN_JlrX&5zP>6R*2{>h2(pKUt{DG( zqLYGRfxw{7Kab9!_@mLmqbHghR?z+6>s$La-k?Zhj?yc{X{Zhhz#ZTuy|jPll2U| zTV)%PfYEQ`DPqhtd-(?Zw8=s>vNHzagZad`3=(3@I`D%|7yiWw%EBRDszaePgDmME z&Haa+X7CPD&^@0_BVR2mIvn>r#Uw~0+XU3L?4Cm=bMQcB!o}^+(EEsw`-EBLqW7Jk z3EyVR?wKTGBL-G3G%FAIUgmQ!YK?L;)@z*DhI*E$#rhkfo{H}D19cV9WG7jNCRT$!gg$m%rox)bufjNRbjKjXDaMsES($}Pf zW&K_(_@z)$S|pu9=@<16f+s$Y6p)u+ILMQc_u*~=C^PCeM1NS$yK%g|B_`?G1~4KA zR{DSO?ZLgIg(|V2_lH*gIzuCF;rMjiGH%-jgZc#N#!6(xA`<$wmyxig+N$^AsF?E% zzlp@#wK!CLWf`M$%IW3SjSs$>NPc@l)$V6~F6AMQ<%Lw=lZxC9D{~Wz+o8ChmK2jploCc$2%F4tD4_ zpizG4P68Sp*S58K3M7eTT9cyarBYv*qYln{;g&MWFePOV_-7m9yyUP;&4Quh_j`H# z?E!%3M=){|AHmBsh`u$B( zg)p8q4y|eqDJ-b8H?4dR2tkJ-YDB$QEbn9cp_1e#j?1kbt?=32_Rq%q^TZn|1luDB zFII`_0H6&GojM$;D9bjObE445h%JKUYgaK`eYxXrQ!~!9s_UDDCq*E%@8tP_U98g> z@p_E1NpX5vnn=w*#Li6&PokH5xLmQ4zyOPzRKA}CnvK$zN)a=`4DpGnaVR=ALcb7y zTdWx!<)_KSoj{7o6^iFX+E6RQpVjz%EVW+Ww$Tj*0DuzzKl=gZKQqJx?U-doEa!-kc-p z$3l3y>HY&kqA;vFNqL%B*H4XN48?sKKN8E;5YVr|gZWoGeK`23+S%{`GO<&s{Topw8r|&dwkj<{>u53#;gldFoEhdC0lRTI=+a{Wp;d&8m^Kb8byGYqcaiuppD@BID0>)nb?FOuQkJkTmQxs!>vafD6PzR?!6x^s~?u>=ejM%5byrDcSM{+P1B z@Ds}?RRVs04LiE;rr6OL-<90c{Wdv&P*I%QG?m7My@|p;^D>DKN56V=lGYN-B~aZ2 zs~H>%bCQsMF)NSP)i1t>6*?l^B569n1=su$!<-UcP5Bj>oMTI|eQ@)|fAkH))wLVp z>%5qd_l;ZJLXcxL`KiO_{1N!H(8nK%!alw}@5#o$yN`0s6Nhbf_%BJ3 zL^;W_nnWDYX1M(hM%o@Bkw?v|P9BGuUd^{BGO&u!bky#vtv*s!phLRI;HmQuH%=|Q z9XfhH%Ixd}PCM2nXO`9;&QdDPo@R?#GuB=bOc@3he4d}&xQP_>8SZL#8vCu=xw((e zFsTLT5M~Jwm}L<$3z3C_i@R>nHHvRgCjE}B z$S=ZCKs$9QvvyC3n_77)dqaFr0;Gm5aMpDggH8N3@$q2y}AlGNY;_2g8xC|{vadTpf?~!A-rk+UM~!;t6eQ_>hn^HCZ%Em zaBJv%(TU9}TO2g3v`A7C1svD540Fii;z%g=cSt^2k-wbl$bqH`$qL*tR;GzNLXpPz zD~+2nT?5+7nFzWpx~}2i_eQjV0c8)ICh1-4_@hF4Xly7OFKLk%@QZRdcgO7MApd5A z)HEirDb1I<<}^Rj5|{ z>1W8W3OEL)RbnLICnGFX8M-X&#MJkC+Cz?eiloY(y2C_S$Y9t11XnI3m8CI;5eVnu z@dp>1&Pu^+s-+)jj<^k|k0_eNywMBdIHzcl(FSG>Rp8ZM3fLr@>PhQLRv22Cr|3Or!4wIC0H zl#0wPAmmpa*B7i2)lk9OnxD=PKq8zzZ_uR&Ga#NS5OLY$4B6a+jgzof!_UwOA0!KP zk@OuwCK^o-&e9EtKfWWtyt+u_uDg$PIcJJXN0Bska`pDMP+LX!drX^5QF!a&K`}4* zOax0>Eq3@_Dl;1eT$(GtkOv03RjIiK8-_R&jU-3(aA=Jv*dts)rO~x=;ZK?ZhA&kG z-+zo|X%_q|He}+WHWzbXQ8o2k6v!;YfaNcE^L#br(|{Hvpam_2&CDd|j7u+(NzKGw zH!V|45;LWvhSF&ECzs;xkGwf17#}6}xLrq|W1JGUia_jGhas>SVi=P)NAmkRkTkLml%Mb5UEdTEL{(lV%9-B$J zJCag~!Fm(+g37J5=peBBb25IQ7Sl3*KRu|zAKGz+g}Ca zja(U6=Fa$D_u2;sIbs~|63S9@;Yi4Kr54~$?+HnUBPT6tjy)78wxw4@ls8SHaTFvM zw9yW|9L~05PPf1?;!=rY6?Q;QJ>rxPh3aX{7$bKHvg5(Mwe3-iAsUS|v*5nKco?f8 zcy($)mO_u#^)$WICMpp4Ok#R7-N*Ub+y}FtjqfVYZDR`x_UI?i0 z1~ah4;;=k=tKbLgs>R{87$_`fF=u^oNi~+qIiAUForSez?J1{N@@Ca->wPX;y8CCu zCq=hD(|zCuOwc9LR=-7}1gcY_zh|AokwsudyUemh zC|o1@;t+B7yxq6(36e}6W!#22^>90G8U7U7j5NjW^#HzL`blkV3IN>O4_9-VC%ZbDho4K1B|Xpa3fRbroD$ z7usWrztY3ibDYC8I(Pji*BvGH6fZO%DJ0(Az3SiiC+&CB8mxw837}es!;#S;- zoY%{fEI5G4jHLOKAE5qlgN~RGVaar9hq#W~WS0NnR^WZtV+|9+z(QVw@y1?4j-iZD z9myP#QJ(NXSriW4XTExKeP!3{M@|uDvcp~F$hc+ewFa<&R|A+d=ti z3oQ#VyNpxo$4!?9)G{NidJSOnlgGq~bvyxhsbhxQU3;f!Me0~y5zg73VOHIhQpU1p zIka@Ef@92DLq^~%s$J_%!0OGnd7i$aDpo%`#EDU}l`oI*@q@_nDC%@PC#Eo~X*0}x z7z2$e{QCPTvZi4aSIzX&wVz&7>5#MZo!h5Wx%NT^-PyWO1vApI)E3pIG*6cNJ!(hA zY9U%NCPo&mZc0D4B`xCD+6Kv4O^a#k+Q`p2SJ;~VKpf3pE-*BvZd$G2A{Z-$hZ^7YFFI_qP4I*EB1L;v0Rk-PVCh?EsdoyZDaac$I;Ou?)kMOTR@95-i4RritP`|3B z9h1R{?yYa}2DX*8i8@546i>rZAibtkI3fKc9XhPB8_zZYe^~nF6*E3AEBwKNTZH=x z8UFUd^*cZQ#JvdW{R|5UQ*=*Q`MO0-pfJbshCNT*n|EE3A6@?(3`aCkkU0sFBArj_ z>%$;t5fqV^yKtzqAW0NbJU1chk?s6HEO zMI|I6;%;IOmHi4b4F08ar^+hTA{TmPbaf^tr?p9@9L&_tvq zJ77BB`!`=*)c!b$GvDvH?u0JWOsl!vp9mTYz!Mqr3$#m3Ke;Ik1trQR<(Q4lQ7R1T zq0eYIoE%tTw+FI&Lb}#k%zl2B^KkjnWIXiC=~&!blnk~7Z2It6{s5dR zi)m$=Dwz;pI1lT#&k^*PXvXXd(}FuYS62=QyA04=S$6gU*A^Ww{j6qF^`Qi|GTW)v zgkHTDr>?$?woVNI&hsioTC&)Sqw`fNcE#3m+@v*osG;JbQysM_urz0{Xg6~SyPW9B zdo#{!&(q$RJ9tVA1;z$ja_MH<5Gor>I8iPuWYX$=L1{vWqx=?bYiJNJ*r;{mHCu`* z35B$Ff^fq=0JSb{$m_Jc6p-rff@fdv`B9L_t{!Xq*yeVouGuuJ9Se(mahRI~k2C0M z(Z)Y|Mtin8h8H&dgWFS|w?&thbf+hD)12ep!=t)r94q+XbVh;Q{v^4&1p^T7+ zg=L_&2~S=6WVJn2MG@Ez{^zm>YR40IxGBi90RPspZ~N>|`yHSCI|tYXdD-c?y3MxJ z8`}0Tr<`9*#GxrpNY>waBF~5_tE|8h6Wx@XkdA%51J6OZU}exQWkP9}fR??70JlnQ zlkUf5u~O&{5M%}*X6@jSiEdHfu+@u|Fv`fy8n2L8i0pa+7fuLMoDYf~;n1&;{)RBP zwR*M#VRtINlZ!JDl2qec-gOq0JF~Hc%0O^|>|8 zuDim(^)9dPw42g($H{@trqD}qbbWVPL{F|nO4n(`NR&W$pG7DuQER;?l&#l#IX)gJ zE!@@#y1mre3?oEoi4&f!JXX!B{A36%*8Ov~Ev=vsj4YyylyKv|=Fkd`Rv zVGw7lMB;f{L_5JNRUBSJ*NX7YS@0Vc*{a#F!eZwK^%lCD_Hca|Vm!n#TVHFp!UM>m z;MFSvAz}Zt!JKfiB{M(7woI6FnjedNZWuAAgl*vv9hAIGj^GiaQI(kMHm1>_X7$0J z6Vmd#G%7?~cu!C@z9G1Cq(8fmoz5lAwLn!ygoG2f(-YEwwoTyE^mrQTN>x;~Yg3mv zW7_LVoh-QBG0>Gb%kwtRch6epup|A6bG~cE90X z>FyC!7xGu^M>?q_b9d*eEcvOSPGl3hl2sNH?&cHmc%UG8|EWFA)j)7EXbM635P}+) zmF$N$M;y^27ODRE!42UPdWhIy{~<)YhPuL#c}#BoPG`5Zf##3A;>CgX@8zaN-^Z|I zRG1zE=DTV_#1-_v>_=fhr~+D~MqDs{PKaspFxi<<=L9Ts3_0HNd(jcf?_54I{EP+9 zsnPs;;V8-#7N(=;V?>}Ei?_4ZSmiEw+r|_FQ@)&2JUJuYU}=`m#8RQTB&S_>HU3Cx zx^in&2s7TXbUY8AzT+Vwn#{Mtu0B{Nw{q$@Rtiwttpc!pvAahXVZeEo_VgEmD|>jc zZ>~WA=8QvyFNq{G*X_ylGh-?mP+80RYhd9W=}h z9e^e(P7W5fW`D+xM2$7u6?XIvhACHK`0`O-@?;jyMV-O^ST;dF6Y9(cY({vHj|3~S zWXd0?2V2%=$9k($&NGgsZk3erB@*%PO4-~yu6!mWfcLg(ebz$D(Buj{?fE&qlEE~n z4lc_N&xgt&3F^%~$wIQvEUMg_ zm;yKDR?2d`%#I`(eQVpqoQD)TLx^yy6d#XY0W4|gcQ{$9l-m0Ro~}b~qpm3mJeKT}eQFjP zL*qxOu5w?)i!0#0jxP*qE|Y1g#j8uj93@bf)2$6^v!H)%5LIbgx#KaqBjuoWhroW* zxqG`T^>(=EPPmZ&?uDapb>pc}Yj$LBVDQfB&8pbhOUBQ^%vhcP;xKiGm!UbFDO(Lpkk{Ayjh@n zveepXR-Uvpr`s7lH7p!2n;jpNpavJ})M_VL95m3d&{6b8F9{i*7H?#n{W|3b!>y`X zxusbNCe47FxQ;mQ<2uKW2*lKId5*WC+YVH;TYtpj;VX`AQ792l1^4eEKe_k$Oc*7}qzRZX02m{lEE z`6dP#)ryu}@#Yf7nx+w&M`|?T4Z`SDFcyC^0y|^wUPMhFntlNhB)@&XTPBGdeKPiaBo}Pd_FPDDQ>Vda1|h# z`U%H6p~Ua`NL^tQ?(nB7=HU1E?@t#-&ZjOrX9~R0q=}h~ojrb(^ zK%X5>qh`fkc3$jm5?Eri29H!zEu!X?QeFxcd~n$NVI`367xrzih^Vb3qMC30Jv-q` z+@hqzkK~`F=_w(OSlf$YTUu)psCs4$mkY7AP2zE$jp56}(`o~dqsmmrP`8SxBt=z* zL}iEaQOKFx^-9IT!GxF`+u4 zV}5KXkDVzYcOV&#AjABnT6U_dP`L>%E8~C>!_9>9TXY1;C+TgpZ<(b~hWkMmwMYx< z5}r)#rA4R`29i7KC>nmfEfC+MI%(#UPEGYn=Mp`%mX4%@7bO=zpiHLq&~&SRLd@<~ zs12}YuY$^JrNqyx@HN2sAq0nQ6rl2u~meVMl%=O{#PfF&Adf}Ny^F7 z<#{IB$fnx-G?oS>9-knYloEJ4hw!gmK>LLF#mDeWGp(wYX+}XFdvgt4y~I_;pBiq} zQ6NX;O;oXU`K$0#Bc38mE?*$Ro5@(6ps}J<$3hfZ`+_eN8o)CP582c<(hRaUF|jj9 zQBLCgiQ-Icju44CgK^Q#&lshkUk^R1Mqb==WaQJOAG2UsPMj5%{O>la+np~pR;}5G zDb85^1-j1?F6!{ul3Ug=pgtw}tJwNI45&@2U7C;maKzMV=%Z9>9Z2UAfWgz3L`G`; z3Oq@{KxY>r3%6 zJ)(|AxUi!qY!_|6v3(4{xj)#PYJ|}!tF$>P2a#`_bN$gLn7eh17eHQfBHjaFx&SDa$}>fukEL$?j%*##BM&ZTt&^r4KLV zF31o1eWbm8Je!CA-5G#NA-*CL}vZZRE(p&HQr?JPCl#x zwvW0dBP{hr`j}75^@em58!diJBT%g1KBJ7Pk3S8ZD-ss1=P*>NJrwiWcq^$~o~#}H zbFO-bi{#()ZqdvC+OzSuKGxaM$ff_milX!SE z9x$*h=GeLjTYoxT1^8+cI&vGTmowEzSZb&3_}$&`{4+vCGnco*^?cIE@3p4U+dSbY z*g$79z5V;%y*PAiE{3RNPb-6Hg^lxh9>_W`~#EF$`c%Pkfh4#yXVrk2=38&NTJy!75{^OK; znELj!YkZ%I+0ySS>8K5;7-1G|WF#nDxe$fc!=(}zRgb~b_TFQR%r!{G0+nC&8qQ3> zo^0@Gv&_4tD4L0N%n(pY%_V7PiVWg8gsV905auW$dbeMwQ~KMDSGE5+Xlir*u|-!@kK4*XqE z{ugxleYWv8dHL_)|CFu%1qA@AVgCgGKSZp*^ZYJi{EO)b{{L3ue@GgCXZc+M^%u(( z@;|ctDTw-=<@XiUzgT{~>nq literal 0 HcmV?d00001