Brabeion Announces Enhanced PCI Assessment Solution That Implements in Hours and Cuts Compliance Costs by 50 Percent

Brabeion for PCI(TM) available as National Retail Federation NRFtech 2008 Conference commences RESTON, Va., Aug. 11

RESTON, Va., Aug. 11 (AllPayNews) -- Brabeion Software, a leader in IT
Governance, Risk and Compliance (IT GRC) Management, today announced the
availability of Brabeion for PCI(TM), providing out-of-the-box support for PCI
compliance programs that can cut costs and time to compliance by up to 50%, at
a time when organizations struggle with inefficient manual processes and a
dramatic rise in PCI compliance costs. Brabeion is first to market with unique
PCI-specific best practice content that now includes over 300 survey questions
for processes and roles as well as over 6000 technology configuration controls
and procedures and survey questions. Brabeion for PCI(TM) provides customers
with the ability to overcome the complexities in mapping their business and
technology environment to PCI audit requirements to ensure audit readiness.
Brabeion for PCI is available as a software-as-a-service hosted offering, as
well as through a traditional licensing model.

Brabeion's announcement coincides with National Retail Federation's
NRFtech 2008: the retail industry's most influential event for senior IT
executives, being held this week in Denver, CO, of which Brabeion is a

"Over 1000 Level 1 and Level 2 companies are struggling with PCI and are
coming to realize that the cost of PCI compliance is vastly underestimated.
Achieving PCI compliance, avoiding fines and retaining the privilege to accept
credit cards requires merchants and service providers to address approximately
180 individual PCI requirements in 12 categories. This is no small task -- and
the entire program can be compromised by insufficient people, process, or
controls," said Julian Waits, president and Chief Executive Officer for
Brabeion. "Brabeion is helping major enterprises achieve dramatic returns on
their PCI compliance programs, and is pleased to be a sponsor of NRFtech 2008.

According to Gartner, "Level 1 and Level 2 U.S. merchants' spending on PCI
compliance increased nearly fivefold during the past 18 months; 8% of
retailers have been fined by the card brands for failing to comply with PCI,
while 22% have been threatened with fines for their noncompliance. Gartner
recommends, "Security audits should be conducted continuously or as frequently
as possible, and not be limited to what's required by PCI."(1)

Brabeion Software is the only company to provide a complete IT GRC
management software solution and has gained public recognition as a leader
over the past year by Fortune 500 companies and industry analysts. Brabeion
for PCI allows customers to jump-start PCI compliance programs by conducting
continuous, automated assessments internally or with 3rd parties and by
providing the insight and information required to manage and mitigate risk.
In addition, customers may easily add content from over 30 regulations
including SOX, GLBA and HIPAA as required, in order to leverage investments
made in support of PCI requirements across the organization, as their IT GRC
programs mature.

Brabeion for PCI provides out of the box policies, procedures, standards
and controls along with assessment surveys allowing customers to streamline
the compliance process, automate assessments and lower test costs by up to
50%. Customers can distribute surveys to employees and 3rd parties via web or
MS Excel, and measure compliance with comprehensive, accurate PCI dashboards
and reports.

Brabeion's Knowledgebase consists of industry-leading, robust content to
allow customers to implement programs within hours. Key components include:

-- Policies: Brabeion's PCI -- DSS v1.1 Reference module with policies
based on PricewaterhouseCoopers standards covering the major PCI
o Access Control
o Information Security Policy
o Monitoring/Testing Networks
o Network Security
o Protection of Cardholder Data
o Vulnerability Management
o Hosting Providers

-- PCI Standards Council V1.1: Automated Self Assessment Questionnaire

-- People: Role Assessment "checklist" for PCI audit prep with 130
questions in 8 key roles:
o Application Developer
o 3rd Party Vendor Manager
o Firewall Administrator
o Network Administrator
o Encryption Key Custodian
o Security Policy Manager
o PCI Compliance Manager
o Change Control Manager

-- Process: Assessments covering 182 questions in 12 key processes, based
on PCI Security Audit procedures published by PCI Council:
o Firewall Configuration
o Default Configurations
o Data protection
o Data transmission
o Anti-Virus
o System Maintenance and Development
o Logical Access
o Physical Access
o Network Monitoring
o System Testing
o Security Policy
o PCI Business Unit Self-Assessment

-- Technology: Assessments covering a library of over 6000 controls-based
questions for over 90 technologies including Microsoft, Unix, Cisco,
Blackberry, Oracle, and others.

Pricing and Availability

Brabeion for PCI is available immediately and is also available as
software as a service through Brabeion On Demand(TM) with pricing as low as
$7,000 per month. For more information contact or go to

About Brabeion Software

Brabeion, the leading software provider in IT Governance, Risk and
Compliance (IT GRC), helps organizations demonstrate governance, dramatically
reduce risk and improve compliance while lowering costs. Brabeion's solution
is the first IT GRC solution to trace the full lifecycle of risk and
compliance impacts from business and legislative requirements through to
policy, implementation procedures and controls with automated audits and
assessments. It is powered by comprehensive information risk and audit content
developed and maintained by our team of domain experts, through strategic
alliances with organizations including PricewaterhouseCoopers LLP, IT
Governance Institute and others. Brabeion Polaris puts you in control of your
governance, risk and compliance profile at every level and stage of your
business process.

Brabeion is a member of the Open Compliance and Ethics Group Technology
Council, Information Security Forum (ISF), PCI Standards Council and the PCI
Vendors' Alliance and Oracle's GRC Vendor Alliance. For more information,

All product and company names herein may be trademarks of their respective

For more information, press only:

Yo Delmar, Brabeion Software, tel: +01 703 752 9300; email:

Leslie Kesselring, Kesselring Communications, LLC tel: +01 503 656 2847;

(1) "Gartner Report PCI Compliance Remains Challenging and Expensive" by

Avivah Litan, May 16, 2008

SOURCE Brabeion Software