RSA ANNOUNCES INFORMATION RISK MANAGEMENT
SOLUTION FOR THE FINANCIAL SERVICES INDUSTRY
Information-centric solution designed to empower financial services institutions to mitigate
information risk arising from critical business initiatives
BEDFORD, Mass. – October 3, 2007 – RSA, The Security Division of EMC (NYSE: EMC),
today unveiled its solution for Information Risk Management for financial services organizations
worldwide.
Information Risk Management is defined as a strong process that follows the information
within a financial institution -- revealing where the risks lie to present a holistic view of risk
related to information across the enterprise. By implementing an Information Risk Management
solution using RSA and EMC technologies, new services, best practices and strategic partner
ecosystem, financial institutions can more aggressively address business challenges and explore
new markets, partnerships, business models and innovations with greater confidence.
Information Risk Management
Information carries both value and risk, and can be exposed to threats throughout its lifecycle.
Information Risk Management is engineered to provide effective means of recognizing,
assessing and mitigating the risks that information is exposed to throughout its lifecycle – no
matter where it moves, who accesses it or how it is used.
“Taking an integrated approach to information risk management for the enterprise means
moving beyond the inconsistent and reactive manner in which many financial institutions address
risk,” said Rod Nelsestuen, senior analyst, Financial Strategies and IT Investments, TowerGroup.
“Reputation and brand image are put at risk when security fails and information is lost,
stolen, or misused. Practicing a holistic approach to security and information risk assures that
business information contributes to achieving marketplace and business goals, maintaining a
customer and business focus, and building market confidence. In short, information security
policy, practices, and technologies that provide a defense for information also can support the
business's offensive strategy.”
Traditional approaches – which focus on network and perimeter security to reduce risk to
critical business information – can open the door to other forms of information risk that have the
potential to undermine key business initiatives. Information Risk Management offers a
comprehensive and business-aligned approach that is designed to enable financial services
organizations to place controls where they are needed across the entire information lifecycle,
helping to ensure that information is always an asset and never a liability.
-more-
The RSA Solution
As part of EMC, RSA recognizes that IT security is an information management issue. RSA
recommends that financial institutions implement a holistic solution that allows companies to
look at all the risk associated with information, at every point in its lifecycle. This solution
comprises market-leading security technologies, new services and an ecosystem of strategic
partners.
“As today’s world – and the business potential it offers – becomes more digital and
sophisticated, so do the risks involved, especially when it comes to the financial sector. These
institutions are realizing that, in order to truly survive and flourish, they must stop looking at risk
in a vacuum and start treating it in a consolidated and holistic manner across the organization and
the customer base,” said Art Coviello, Executive Vice President, EMC Corporation and
President, RSA. “This is exactly where our expertise and solutions can help. As the chosen
security partner of almost 9,000 financial institution customers, RSA helps the world's leading
organizations succeed by solving their most complex and sensitive security challenges.”
Market-leading Security Technologies
As a trusted advisor, RSA offers proven products designed to allow financial services firms to
implement a solutions-based approach to Information Risk Management. Alongside EMC’s bestin-class solutions for storing information more intelligently, RSA helps organizations to manage
compliance and security information, and to secure remote access, web application access,
enterprise access and customer access to account information. An Information Risk
Management strategy that leverages RSA and EMC solutions helps financial institutions to
address the following key initiatives more effectively:
1. Secure business continuity
2. Help meet regulatory and governance challenges
3. Expand into new markets
4. Improve customer confidence
5. Reduce costs of doing business
New Services
The company’s Professional Services Organization plays a key role in RSA solutions, helping
financial institutions to fully realize the benefits of an information risk management approach
with two newly-expanded services.

The Information Security Program Development service helps enterprises organize
their multiple security risk remediation initiatives into a project-level roadmap that helps
meet requirements for regulatory compliance. This service is designed for mid-to-large
customers who may already have an understanding of their security gaps and risks --an
integral component is the completion of an information security gap assessment or a
review and consolidation of the results of prior assessments to assist in developing an 1824 month security risk remediation roadmap to help address regulatory compliance or
other business requirements. This service prioritizes gap remediation activities, maps
these activities to specific project-level security control initiatives, and packages this into

a security program that combines industry standards and RSA’s own best practices
framework for security program development.
The Information Risk Assessment Service is a broad-based security posture assessment
for information security that is designed to provide a systematic overview of an
organization’s information security capabilities and a roadmap for risk remediation. This
service is based on a proven best practices methodology that encompasses assessment of
governance, policy, data protection, authentication, access, and other business and
technical infrastructure security controls.
Strategic Partner Ecosystem
To promote customers getting the most value from their information infrastructure, EMC and
RSA have created one of the industry’s strongest groups of business partners. This ecosystem of
relationships with global technology leaders, innovators, systems integrators and service
providers help ensure customers that RSA solutions will interoperate in their environments.
“By leveraging RSA’s proven methodology, experience in the financial industry, and
ecosystem of market-leading partners, financial institutions can help ensure that their
information risks are properly identified and classified, their policies and procedures are
adequate to support their business objectives, their strategies are aligned with industry best
practices, and their technology choices and implementations are effective to protect critical
business information,” added Jim Melvin, vice president, Marketing & Security Solutions at
RSA.
About RSA
RSA, The Security Division of EMC, is the premier provider of security solutions for business
acceleration, helping the world's leading organizations succeed by solving their most complex
and sensitive security challenges. RSA's information-centric approach to security guards the
integrity and confidentiality of information throughout its lifecycle - no matter where it moves,
who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance & access control, encryption & key
management, compliance & security information management and fraud protection. These
solutions bring trust to millions of user identities, the transactions that they perform, and the data
that is generated. For more information, please visit www.RSA.com and www.EMC.com.
###
RSA is either a registered trademark or trademark of RSA Security Inc. in the United States and/or other countries. EMC is a
registered trademark of EMC Corporation. All other products and/or services mentioned are trademarks of their respective
companies.
This release contains “forward-looking statements” as defined under the Federal Securities Laws. Actual results could differ
materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to:
(i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii)
risks associated with acquisitions and investments, including the challenges and costs of integration, restructuring and achieving
anticipated synergies; (iv) risks associated with trading of VMware stock; (v) competitive factors, including but not limited to
pricing pressures and new product and solution introductions; (vi) the relative and varying rates of product price and component
cost declines and the volume and mixture of product and services revenues; (vii) component and product quality and availability;
(viii) the transition to new products, the uncertainty of customer acceptance of new product and solution offerings and rapid
technological and market change; (ix) insufficient, excess or obsolete inventory; (x) war or acts of terrorism; (xi) the ability to
attract and retain highly qualified employees; (xii) fluctuating currency exchange rates; and (xiii) other one-time events and other
important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA
Security Inc., with the U.S. Securities and Exchange Commission. RSA and EMC disclaims any obligation to update any such
forward-looking statements after the date of this release.
Press contact:
For further information please contact:
Mr. Christoph Lohrey
Telefon +43-1-599 52-619
Telefax +43-1-599 52-900
Email: lohrey_christoph@emc.com