Press Release

Brabeion Software Kicks off 2008 with Major Customer Momentum and New Release of IT GRC Software

Reports 300% Revenue Growth in 2007

RESTON, VA — March 3, 2008 — Brabeion Software, a leading provider of IT Governance, Risk and Compliance (IT GRC) management software, announced today that it heads into 2008 with significant customer momentum – representing high-profile Fortune 1000 companies in a broad range of industries – and reports 300% revenue growth in 2007. In addition, Brabeion announced today a new release of its award-winning IT GRC software with enhanced governance, policy reporting and usability features as well as new branding that reflects the market shift toward a risk-based approach and consolidates the growing product line into the Brabeion Polaris IT GRC Management Suite.

First to market with a comprehensive IT GRC suite, Brabeion's mature third-generation software has gained public recognition over the past year by industry analysts for its comprehensive policy, procedure and controls lifecycle management software; extensive library of controls content mapped to standards, major regulations and industry control frameworks; and deep visibility into compliance and risk postures with automated controls collection, testing and analysis. In 2007, Brabeion also announced a strategic relationship with Microsoft. In the first deliverable of this agreement, Microsoft has licensed Brabeion's best practice configuration controls content and distributes it "out-of-the-box" with Microsoft System Center Configuration Manager 2007, giving customers continuous controls monitoring and the ability to pinpoint where and how they are in or out of compliance. Brabeion continues to aggressively extend its knowledgebase through partnerships and over the past year has added content from the Information Technology Infrastructure Library (ITIL). Brabeion sits on the Open Ethics and Compliance Group Technology Council and is a member of the Information Security Forum (ISF), Oracle's GRC Vendors Alliance and the PCI Vendor Council. The company was recently named a 2008 Hot Company by Network Products Guide and winner of the 2008 Global Excellence in Risk Management Award by Info Security Products Guide.

Fortune 1000 companies who deployed Brabeion in 2007 and are experiencing dramatic returns on investment include:

• Financial Services: F10 Global Bank, F250 Insurance Firm, F350 Financial and Leasing Firm, $3.6 billion Canadian Insurance and Retirement Firm
• Retail: F350 $8 billion Retailer, F400 $6.5 billion Consumer Products Company, F160 $14 billion Communications Provider
• Energy: F5 Oil, Gas and Retail Company, $3.8 billion Regional Natural Gas Infrastructure Utility

Introducing the Brabeion Polaris IT GRC Management Suite

The Brabeion Polaris IT GRC Management Suite is comprised of three core applications that are united through a common technology platform: Polaris Pathfinder for policy lifecycle management and controls mapping; Polaris Navigator for automated general controls collection and testing including manual assessments for surveys; and Polaris Knowledgebase for risk and compliance content.

Building on Brabeion's next-generation software release in October of 2007 - which furthered the company's risk and compliance vision with industry firsts such as the first unified dashboard view of risks across people, processes and technology and the first controls-based compliance risk scoring calculator - Brabeion adds important new features available immediately in version 7.1 of the Brabeion Polaris IT GRC Management Suite:

• Custom Reference Modules: Custom reference modules provide flexibility and extend support for corporate governance and business related control objectives, mapped to policies, procedures, standards and controls – addressing the need for today's IT GRC programs to go beyond regulatory requirements and control frameworks (such as ISO and COBIT) to also manage internal governance best practices that direct decision making and accountability, giving better visibility into operational integrity.
• Expanded Data Management: Enhanced usability to allow for managing policies and standards including a user-defined glossary, cross referencing, enhanced HTML editing and spell checking – enabling organizations to develop rich, user-friendly policies, standards and controls.
• Policy Acceptance Notification: Active notification and reporting when policies have been accepted by internal users – enabling more effective internal training and awareness of security and other IT policies. Examples include reporting on the percentage of people who have or have not accepted a particular policy. According to The State of Information Security Survey 2008 by BankInfoSecurity, 62% of respondents grade themselves "average," "poor” or "failing" when it comes to the effectiveness of their security training and awareness activities for employees. The risk: more than just audit failures, poor education opens the doors to identity theft, fraud and imperils customer confidence.

IT GRC a Hot Market in 2008

The IT GRC market is predicted to be one of the fastest growing security market categories in 2008. By unifying the security, risk and compliance silos, an IT GRC approach provides a holistic view of the IT environment in alignment with business goals. "An IT GRC approach offers dramatic improvements in optimizing risk and ensuring accountability - while reducing audit failures and costly redundancies through automation efficiencies," said Julian Waits, president and CEO for Brabeion Software. "Brabeion is committed to continuing to drive the industry vision for IT GRC and delivering innovative, meaningful products and services for our customers."

According to Gartner, "IT GRCM products provide functions that address needs expressed by 75% of the Gartner client base. Gartner estimates that software license revenue for vendors that meet our criteria for inclusion in the IT GRCM MarketScope was $73 million for 2007, and we project a growth rate of 70% for 2008."¹

¹ "Gartner Marketscope for IT Governance, Risk and Compliance Management, 2008," February 11, 2008 by Paul Proctor, Mark Nicolett and French Caldwell

About Brabeion Software

Brabeion, the leading software provider in IT Governance, Risk and Compliance (IT GRC), helps organizations demonstrate governance, dramatically reduce risk and improve compliance while lowering costs by mapping audit requirements across people, process and technology. Brabeion's Polaris Suite is the first IT GRC solution to trace the full lifecycle of risk and compliance impacts from business and legislative requirements through to policy, implementation procedures and controls with automated audits and assessments. It is powered by comprehensive information risk and audit content developed and maintained by our team of domain experts, in collaboration with strategic partners including PricewaterhouseCoopers LLP, IT Governance Institute and others. Brabeion Polaris puts you in control of your governance, risk and compliance profile at every level and stage of your business process.

Brabeion is a member of the Open Compliance and Ethics Group Technology Council, Information Security Forum (ISF), PCI Vendors' Alliance and Oracle's GRC Vendor Alliance. For more information, visit www.brabeion.com.

Press inquiries:
Melanie Elliott, Brabeion Software, tel: +01 703 752 9300; email: melanie.elliott@brabeion.com or Leslie Kesselring, Kesselring Communications, LLC tel: +01 503 358 1012; email leslie@kesselring.net