Press Release

Brabeion Software Joins PCI Security Vendor Alliance and Helps Major Retailers Meet PCI Data Security Standard Deadlines

Reston, VA - September 26, 2007 - Brabeion Software, a leader in IT Risk and Compliance Management, today announced that it has joined the Payment Card Industry Security Vendor Alliance (PCI SVA). As a member, Brabeion will partner with member companies of the payment card industry to educate the business community on the requirements and associated business value of the Payment Card Industry Data Security Standard (PCI DSS). Brabeion also announced today the availability of its PCI whitepaper that defines how to design, measure and monitor IT controls for a PCI compliance management system. Brabeion's solution is already helping major retailers meet PCI requirements by improving and automating compliance reporting while reducing risks and costs. These customers include Chevron and DirecTV as well as a Fortune 500 global beverage company, a Fortune 100 cosmetics company and a Fortune 500 transportation company.

Recent industry studies have shown that nearly half of PCI DSS regulated companies are not yet in compliance - and that regular testing is the main failure point for audited companies. Brabeion is driving a new class of IT Governance, Risk & Compliance (IT GRC) tools which bring a more strategic and sustainable approach to compliance programs.

"The Brabeion software platform can quickly add value by automating an integrated policy program, its accompanying procedures and auditable IT controls so that organizations can repeatedly test for and successfully meet PCI DSS requirements. For organizations complying with multiple regulations, Brabeion offers a scalable and cost-effective approach for unifying governance, risk and compliance management," said Steve Schlarman, chief compliance strategist for Brabeion Software.

PCI DSS is an important set of policies and procedures aimed at securing transactions and credit cardholders' personal information, formed by Visa, MasterCard, American Express and Discover. In response to an increasing number of credit card and identity theft incidents, the PCI DSS effort was accelerated last December and large tier one retailers - those that process more than 6 million credit card transactions per year - are now bound to comply with a September 30, 2007 deadline. Many other retailers will need to comply by the end of 2007, and failure to meet the terms can result in large fines and possibly even prohibition from credit card programs.

Brabeion also offers a comprehensive knowledgebase of proven content - thousands of audit-ready policies, procedures, IT controls and standards mapped to PCI requirements for clear definition and evaluation. Additionally, Brabeion allows enterprises to extend PCI efforts into other areas of compliance with the ability to map to other regulations and frameworks to avoid duplication and re-use assessments and tests.

To request a copy of the Brabeion PCI whitepaper please visit: www.brabeion.com/files/Brabeion_ITRACMS_Sept2007.pdf.

About PCI SVA

PCI SVA (http://www.pcialliance.org) assists members of the payment card industry, composed of merchants, banks and point-of-sale vendors, in educating the business community on the requirements and business value of the Payment Card Industry (PCI) Data Security Standard, a global benchmark intended to improve security throughout the entire payment card transaction process.

About Brabeion Software

Brabeion helps organizations achieve and sustain compliance and optimally manage risks through full policy, procedure and controls lifecycle management powered by comprehensive information risk and audit content developed and maintained by our team of domain experts, in collaboration with strategic partners including PricewaterhouseCoopers LLP, IT Governance Institute, Microsoft Corp, Oracle Corp and others. Brabeion's IT Risk and Compliance Management platform dramatically reduces risk and improves compliance while lowering assessment costs by leveraging the reuse of tests across all audit requirements through integration with assessment technology and manual surveys. Brabeion is a member of the Information Security Forum (ISF), the PCI Security Standard Council and the PCI Security Vendor Council (PCI SVC). Brabeion solutions are successfully deployed across a wide range of vertical markets including Financial Services, Retail, Energy, Healthcare, and Government. Customers include Chevron, CIT Group, DirecTV and Guardian Life Insurance.

For more information, visit www.brabeion.com.

Press inquiries: Melanie Elliott, Brabeion Software, tel: +01 703 752 9300; email: melanie.elliott@brabeion.com or Leslie Kesselring, Kesselring Communications, LLC tel: +01 503 656 2847; email leslie@kesselring.net

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.