RSA ANNOUNCES INFORMATION RISK MANAGEMENT SOLUTION FOR THE FINANCIAL SERVICES INDUSTRY Information-centric solution designed to empower financial services institutions to mitigate information risk arising from critical business initiatives BEDFORD, Mass. – October 3, 2007 – RSA, The Security Division of EMC (NYSE: EMC), today unveiled its solution for Information Risk Management for financial services organizations worldwide. Information Risk Management is defined as a strong process that follows the information within a financial institution -- revealing where the risks lie to present a holistic view of risk related to information across the enterprise. By implementing an Information Risk Management solution using RSA and EMC technologies, new services, best practices and strategic partner ecosystem, financial institutions can more aggressively address business challenges and explore new markets, partnerships, business models and innovations with greater confidence. Information Risk Management Information carries both value and risk, and can be exposed to threats throughout its lifecycle. Information Risk Management is engineered to provide effective means of recognizing, assessing and mitigating the risks that information is exposed to throughout its lifecycle – no matter where it moves, who accesses it or how it is used. “Taking an integrated approach to information risk management for the enterprise means moving beyond the inconsistent and reactive manner in which many financial institutions address risk,” said Rod Nelsestuen, senior analyst, Financial Strategies and IT Investments, TowerGroup. “Reputation and brand image are put at risk when security fails and information is lost, stolen, or misused. Practicing a holistic approach to security and information risk assures that business information contributes to achieving marketplace and business goals, maintaining a customer and business focus, and building market confidence. In short, information security policy, practices, and technologies that provide a defense for information also can support the business's offensive strategy.” Traditional approaches – which focus on network and perimeter security to reduce risk to critical business information – can open the door to other forms of information risk that have the potential to undermine key business initiatives. Information Risk Management offers a comprehensive and business-aligned approach that is designed to enable financial services organizations to place controls where they are needed across the entire information lifecycle, helping to ensure that information is always an asset and never a liability. -more- The RSA Solution As part of EMC, RSA recognizes that IT security is an information management issue. RSA recommends that financial institutions implement a holistic solution that allows companies to look at all the risk associated with information, at every point in its lifecycle. This solution comprises market-leading security technologies, new services and an ecosystem of strategic partners. “As today’s world – and the business potential it offers – becomes more digital and sophisticated, so do the risks involved, especially when it comes to the financial sector. These institutions are realizing that, in order to truly survive and flourish, they must stop looking at risk in a vacuum and start treating it in a consolidated and holistic manner across the organization and the customer base,” said Art Coviello, Executive Vice President, EMC Corporation and President, RSA. “This is exactly where our expertise and solutions can help. As the chosen security partner of almost 9,000 financial institution customers, RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges.” Market-leading Security Technologies As a trusted advisor, RSA offers proven products designed to allow financial services firms to implement a solutions-based approach to Information Risk Management. Alongside EMC’s bestin-class solutions for storing information more intelligently, RSA helps organizations to manage compliance and security information, and to secure remote access, web application access, enterprise access and customer access to account information. An Information Risk Management strategy that leverages RSA and EMC solutions helps financial institutions to address the following key initiatives more effectively: 1. Secure business continuity 2. Help meet regulatory and governance challenges 3. Expand into new markets 4. Improve customer confidence 5. Reduce costs of doing business New Services The company’s Professional Services Organization plays a key role in RSA solutions, helping financial institutions to fully realize the benefits of an information risk management approach with two newly-expanded services. The Information Security Program Development service helps enterprises organize their multiple security risk remediation initiatives into a project-level roadmap that helps meet requirements for regulatory compliance. This service is designed for mid-to-large customers who may already have an understanding of their security gaps and risks --an integral component is the completion of an information security gap assessment or a review and consolidation of the results of prior assessments to assist in developing an 1824 month security risk remediation roadmap to help address regulatory compliance or other business requirements. This service prioritizes gap remediation activities, maps these activities to specific project-level security control initiatives, and packages this into a security program that combines industry standards and RSA’s own best practices framework for security program development. The Information Risk Assessment Service is a broad-based security posture assessment for information security that is designed to provide a systematic overview of an organization’s information security capabilities and a roadmap for risk remediation. This service is based on a proven best practices methodology that encompasses assessment of governance, policy, data protection, authentication, access, and other business and technical infrastructure security controls. Strategic Partner Ecosystem To promote customers getting the most value from their information infrastructure, EMC and RSA have created one of the industry’s strongest groups of business partners. This ecosystem of relationships with global technology leaders, innovators, systems integrators and service providers help ensure customers that RSA solutions will interoperate in their environments. “By leveraging RSA’s proven methodology, experience in the financial industry, and ecosystem of market-leading partners, financial institutions can help ensure that their information risks are properly identified and classified, their policies and procedures are adequate to support their business objectives, their strategies are aligned with industry best practices, and their technology choices and implementations are effective to protect critical business information,” added Jim Melvin, vice president, Marketing & Security Solutions at RSA. About RSA RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com. ### RSA is either a registered trademark or trademark of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. All other products and/or services mentioned are trademarks of their respective companies. This release contains “forward-looking statements” as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) risks associated with acquisitions and investments, including the challenges and costs of integration, restructuring and achieving anticipated synergies; (iv) risks associated with trading of VMware stock; (v) competitive factors, including but not limited to pricing pressures and new product and solution introductions; (vi) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (vii) component and product quality and availability; (viii) the transition to new products, the uncertainty of customer acceptance of new product and solution offerings and rapid technological and market change; (ix) insufficient, excess or obsolete inventory; (x) war or acts of terrorism; (xi) the ability to attract and retain highly qualified employees; (xii) fluctuating currency exchange rates; and (xiii) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA Security Inc., with the U.S. Securities and Exchange Commission. RSA and EMC disclaims any obligation to update any such forward-looking statements after the date of this release. Press contact: For further information please contact: Mr. Christoph Lohrey Telefon +43-1-599 52-619 Telefax +43-1-599 52-900 Email: lohrey_christoph@emc.com