RiskWatch for Credit Unions™ will assist you in conducting a full risk assessment to meet the NCUA, Part 748 Standard. A complete standards library includes all security risk assessment elements for Credit Unions, including GLBA (Gramm Leach Bliley Act) Standards, as well as the Red Flags Identity Theft Requirement. Affordable and easy to use, RiskWatch makes it easy to meet regulator\'s requirements for risk assessment with both web-based and server-based online questionnaires that automatically write management reports with working papers, graphics, and complete audit trails. RiskWatch Software is recommended by regulators because it assists the management and Board of the credit union to demonstrate compliance with existing requirements and prepares the risk assessment required annually by NCUA. Whether the Credit Union wants to conduct it\'s own assessment, or have RiskWatch assist in gathering information, hosting surveys, or analyzing and printing reports, RiskWatch for Credit Unions™ makes it easy. The product analyzes and managers technical service providers and the risk involved in outsourcing as well.

1. RISKWATCH SOFTWARE STREAMLINES RISK ASSESSMENTS FOR GLBA, RED FLAG, NCUA PART 748, BSA and FFIEC REQUIREMENTS RiskWatch for Credit Unions

2. RiskWatch for Credit Unions CUNA & NCUA approved Software for Risk Assessments to meet NCUA 748 & FFIEC Guidelines

9. Red Flag - Identity Theft

11. NEW FFIEC Guidance, July 27, 2006 Applies to Credit Unions

15. RiskWatch Clients

19. Data Aggregation & Analysis Financial Data Software Automatically Analyses Over 3 Million Linking Relationships Risk = Asset  Loss  Threat  Vulnerability Loss Delays & Denials Fines Disclosure Modification Direct Loss Asset Applications Database Financial Data Hardware System Software Threat Disclosure Hackers Fraud Viruses Network Attack Loss of Data Embezzlement Vulnerability Acceptable Use Disaster Recovery Authentication Network Controls No Security Plan Accountability Privacy Access Control Fines Disclosure Modification Fraud Loss of Data Acceptable Use Authentication Privacy Access Control

23. From the Gartner Group Report “ RiskWatch, Inc., is positioned as the leading "rescuer" of a massive private and public market constrained by fear of loss in terms of dollars and human life. Its unique form of rescue is in its before-the-fact nature. The RiskWatch tools credibly guide the users through a process to qualify its security situation concerning threats, assets, potential loss, vulnerabilities, and safeguards. The client has the opportunity to establish its own image and foundation of security through RiskWatch's regulatory and quality compliance and accreditation tools and functions . Through its quantitative methods and automated functions, RiskWatch arms the analysts and decision-makers with a solid risk management analysis based on the ALE balanced with the ROI. Once the client establishes the security policies—the plan is deployed and its life cycle managed within the framework of RiskWatch. RiskWatch brings financially realized value to the client and the management vehicle and standards to follow”.

26. ELEMENTS OF A METRICS-BASED RISK ASSESSMENT APPROACH ASSETS THREATS VULNERABILITIES LOSSES SAFEGUARDS

27. RISKWATCH ® Risk Assessment Process Automated Survey Management Process Management Data Aggregation & Analysis Content (Rules & Data) Risk Analysis Customization Reporting Respondents Analyst(s)

28. Progress at a Glance – Tracks the Case

29. Data Aggregation & Analysis Financial Data Software Automatically Analyses Over 3 Million Linking Relationships Risk = Asset  Loss  Threat  Vulnerability Loss Delays & Denials Fines Disclosure Modification Direct Loss Asset Applications Database Financial Data Hardware System Software Threat Disclosure Hackers Fraud Viruses Network Attack Loss of Data Embezzlement Vulnerability Acceptable Use Disaster Recovery Authentication Network Controls No Security Plan Accountability Privacy Access Control Fines Disclosure Modification Fraud Loss of Data Acceptable Use Authentication Privacy Access Control

30. Valuing Assets – RiskWatch Auto- Populates Asset Values

32. THREAT FREQUENCIES ARE PROVIDED AND CAN ALSO BE TAILORED WITH CUSTOMER DATA SUCH AS PENETRATION TEST DATA

33. Web-Based Surveys Facilitate Respondent Answers Automated Survey Management

34. YOU CAN SELECT QUESTIONS THAT MAP EXACTLY TO THE FFIEC, ISO-17799, GLBA or SB 1386 STANDARD

35. Each question uses actual security regulations as control standards and is linked to appropriate Functional Areas

36. Respondents Can Answer Questions over the Web with full ASP functionality

39. INCLUDES ALL IT-REQUIRED SAFEGUARD CATEGORIES

40. EACH POTENTIAL SAFEGUARD INCLUDES DEFAULT VALUES FOR COST, MAINTENANCE AND LIFE CYCLE

41. Reports Results From Dozens Of Employees Are Instantly Aggregated And Analyzed.

43. MITIGATION STRATEGIES 1. Accept Risk 2. Transfer Risk 2. Mitigate Risk 3. Better Risk Reactions 5. Dealing with Residual Risk

44. The Case Summary Report Is Pre-Written for Management

45. EASY TO UNDERSTAND GRAPHS ILLUSTRATE OVERALL COMPLIANCE VS. NON-COMPLIANCE

46. Vulnerability Distribution Report Shows the Weak Compliance/ Security Areas

47. Vulnerability Distribution Report Shows the Weak Compliance/ Security Areas

48. Track Compliance by Individual

49. Vulnerability reports include complete audit trails and powerful analysis tools

50. Looking at Loss Expectancy by Type of Loss

52. SAFEGUARD REPORT -- RECOMMENDED CONTROLS BY RETURN ON INVESTMENT

53. Demonstrates Reduction in Loss Expectancy by Applying Overlapping Layers of Protection from Implementing Top Recommended Controls

55. www.riskwatch.com