Press Release

Brabeion Announces Enhanced PCI Assessment Solution that Implements in Hours and Cuts Compliance Costs by 50 Percent

Brabeion for PCI™ available as National Retail Federation NRFtech 2008 Conference commences

RESTON, VA — August 11, 2008 — Brabeion Software, a leader in IT Governance, Risk and Compliance (IT GRC) Management, today announced the availability of Brabeion for PCI™, providing out-of-the-box support for PCI compliance programs that can cut costs and time to compliance by up to 50%, at a time when organizations struggle with inefficient manual processes and a dramatic rise in PCI compliance costs. Brabeion is first to market with unique PCI-specific best practice content that now includes over 300 survey questions for processes and roles as well as over 6000 technology configuration controls and procedures and survey questions. Brabeion for PCITM provides customers with the ability to overcome the complexities in mapping their business and technology environment to PCI audit requirements to ensure audit readiness. Brabeion for PCI is available as a software-as-a-service hosted offering, as well as through a traditional licensing model.

Brabeion's announcement coincides with National Retail Federation's NRFtech 2008: the retail industry's most influential event for senior IT executives, being held this week in Denver, CO, of which Brabeion is a sponsor.

"Over 1000 Level 1 and Level 2 companies are struggling with PCI and are coming to realize that the cost of PCI compliance is vastly underestimated. Achieving PCI compliance, avoiding fines and retaining the privilege to accept credit cards requires merchants and service providers to address approximately 180 individual PCI requirements in 12 categories. This is no small task - and the entire program can be compromised by insufficient people, process, or controls," said Julian Waits, president and Chief Executive Officer for Brabeion. "Brabeion is helping major enterprises achieve dramatic returns on their PCI compliance programs, and is pleased to be a sponsor of NRFtech 2008.

According to Gartner, "Level 1 and Level 2 U.S. merchants' spending on PCI compliance increased nearly fivefold during the past 18 months; 8% of retailers have been fined by the card brands for failing to comply with PCI, while 22% have been threatened with fines for their noncompliance. Gartner recommends, "Security audits should be conducted continuously or as frequently as possible, and not be limited to what's required by PCI."¹

Brabeion Software is the only company to provide a complete IT GRC management software solution and has gained public recognition as a leader over the past year by Fortune 500 companies and industry analysts. Brabeion for PCI allows customers to jump-start PCI compliance programs by conducting continuous, automated assessments internally or with 3rd parties and by providing the insight and information required to manage and mitigate risk. In addition, customers may easily add content from over 30 regulations including SOX, GLBA and HIPAA as required, in order to leverage investments made in support of PCI requirements across the organization, as their IT GRC programs mature.

Brabeion for PCI provides out of the box policies, procedures, standards and controls along with assessment surveys allowing customers to streamline the compliance process, automate assessments and lower test costs by up to 50%. Customers can distribute surveys to employees and 3rd parties via web or MS Excel, and measure compliance with comprehensive, accurate PCI dashboards and reports.

Brabeion's Knowledgebase consists of industry-leading, robust content to allow customers to implement programs within hours. Key components include:

• Policies: Brabeion's PCI — DSS v1.1 Reference module with policies based on PricewaterhouseCoopers standards covering the major PCI requirements:
  • Access Control
  • Information Security Policy
  • Monitoring/Testing Networks
  • Network Security
  • Protection of Cardholder Data
  • Vulnerability Management
  • Hosting Providers
• PCI Standards Council V1.1: Automated Self Assessment Questionnaire (SAQ)
• People: Role Assessment "checklist" for PCI audit prep with130 questions in 8 key roles:
• Application Developer
• 3rd Party Vendor Manager
• Firewall Administrator
• Network Administrator
• Encryption Key Custodian
• Security Policy Manager
• PCI Compliance Manager
• Change Control Manager
• Process: Assessments covering 182 questions in 12 key processes, based on PCI Security Audit procedures published by PCI Council.
• Firewall Configuration
• Default Configurations
• Data protection
• Data transmission
• Anti-Virus
• System Maintenance and Development
• Logical Access
• Physical Access
• Network Monitoring
• System Testing
• Security Policy
• PCI Business Unit Self-Assessment
• Technology: Assessments covering a library of over 6000 controls-based questions for over 90 technologies including Microsoft, Unix, Cisco, Blackberry, Oracle, and others.

Pricing and Availability

Brabeion for PCI is available immediately and is also available as software as a service through Brabeion On Demand™ with pricing as low as $7,000 per month. For more information contact sales@brabeion.com or go to www.brabeion.com/solutions/industrySolutions/retail

About Brabeion Software

Brabeion, the leading software provider in IT Governance, Risk and Compliance (IT GRC), helps organizations demonstrate governance, dramatically reduce risk and improve compliance while lowering costs. Brabeion's solution is the first IT GRC solution to trace the full lifecycle of risk and compliance impacts from business and legislative requirements through to policy, implementation procedures and controls with automated audits and assessments. It is powered by comprehensive information risk and audit content developed and maintained by our team of domain experts, through strategic alliances with organizations including PricewaterhouseCoopers LLP, IT Governance Institute and others. Brabeion Polaris puts you in control of your governance, risk and compliance profile at every level and stage of your business process.

Brabeion is a member of the Open Compliance and Ethics Group Technology Council, Information Security Forum (ISF), PCI Standards Council and the PCI Vendors' Alliance and Oracle's GRC Vendor Alliance. For more information, visit www.brabeion.com.

Press inquiries:
Yo Delmar, Brabeion Software, tel: 866 710 8118; email: yo.delmar@brabeion.com or Leslie Kesselring, Kesselring Communications, LLC tel: 503 358 1012; email leslie@kesselring.net

¹Gartner Report PCI Compliance Remains Challenging and Expensive by Avivah Litan, May 16, 2008