Measure, Share, Compare.

• ClearPoint Metrics offers FREE On-Demand Security Performance Assessments :
  information security governace, risk and compliance leader offers free subscriptions to popular metric apps
  

  Burlington, MA - July 12, 2010 - ClearPoint Metrics Inc, the leader in unified security performance and compliance management, today announced a free one year subscription to its most popular Metric Apps. ClearPoint’s Metric Apps deliver on-demand fact-based IT security performance and compliance assessments that are fast, easy, secure, and cost effective.

  Under the program, companies can access ClearPoint’s Metric Apps for McAfee e-Policy Orchestrator or Symantec Endpoint Protection free of charge for one year. The package includes access for up to five users per company. The ClearPoint service comes with online wizards to help companies get a jump start on assessments of the state and effectiveness of their Endpoint Management program.

  "We want to make it easy for members of the security community to experience the power of our Metrics as-a-Service offering" said Jim Acquaviva, CEO of ClearPoint Metrics. "Customers can leverage our asset-based assessment capability to quickly determine the state and effectiveness of their Endpoint Management programs, then put controls in place to track continuous improvement using Continuous Control Monitoring Alerts and Policy Settings."

  To learn more about ClearPoint’s free subscription offer, visit www.clearpointmetrics.com.

  About ClearPoint

  ClearPoint Metrics is changing the way organizations drive improvement in IT and information security initiatives through the use of fact-based metrics and scorecards. ClearPoint Metrics solutions provide comprehensive and unified visibility into the state, business impact, and effectiveness of IT governance, risk, and compliance initiatives.

• ClearPoint Releases New Data Adapters for Ten Popular Security Applications :
  company continues to expand its market leading data access capabilities
  

  Burlington, MA - July 9, 2010 - ClearPoint Metrics, the leader in security performance and compliance management continues its strategic investment in expanding support of critical security and business applications with the delivery of a set of new data adapters. These new adapters, delivered with the ClearPoint Metrics Unified Security Performance and Compliance Manager™, are the result of customer driven requests to expand their metrics based performance assessment initiatives to investments they have made in strategic applications and data sources. ClearPoint’s data adapters are the foundation of its customers' success with metrics, fueling their ability to deliver reliable trustworthy performance indicators and risk assessments.

  "ClearPoint continues to expand its reach as a leader in ITGRC performance management and metrics," said Jim Acquaviva, CEO of ClearPoint Metrics. "Our solutions transform data generated by security and enterprise applications into useful performance indicators, enabling organizations to confidently assess the effectiveness of their IT and information security controls. Our regular quarterly release of new data adapters addresses both customer driven requests and the needs of our Metrics Apps. Access to new data sources enable our customers to continuously expand the breadth of their metrics efforts and deliver more value through their investment in our products."

  ClearPoint released new and updated adapters for:

  • Frontrange HEAT
  • Hitachi ID Systems Password Manager (P-Synch)
  • Lumension PatchLink
  • McAffe ePO v4.5
    • VirusScan
    • AntiSpyware
    • HIPS
    • SiteAdvisor
    • EndPoint Encryption
  • Microsoft SCCM
  • Microsoft SCOM
  • Rapid7 NeXpose
  • Splunk App for Cisco Security
  • Splunk App for Windows
  • Websense

  ClearPoint's data adapters deliver secure data access that feeds metrics deployed to the ClearPoint Metrics Management Platform with the required data on-demand, eliminating the need for implementing and maintaining complex data warehouse solutions. The Platform provides complete user control over access credentials, schedules, data set definitions, and metric design. ClearPoint’s portfolio of adapters enables users to fuse data from scores of critical security and business applications and transform it into useful decision making information, including: threat managers, anti-virus, incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, vulnerability managers, patch managers, firewalls, change control systems, and ticketing systems.

  About ClearPoint Metrics:

  ClearPoint is the IT and Information Security Performance Measurement Company. We're innovating scalable, high performance data collection, aggregation, analytics, and visualization technology for measuring the effectiveness of IT infrastructures. ClearPoint makes it possible to easily access, aggregate, and fuse together data from any application, server, or network device transforming it into useful information that leads to quality communications and confident decision making. Data from scanners, anti-virus, intrusion detection, LDAP directories, configuration managers, firewalls, service tickets … if an application produces it, ClearPoint can create useful performance metrics from it.

  Our innovative products take the cost and friction out of obtaining the hard facts and data required for actionable performance assessments. We make it possible for business managers to interact with information in the context of their environment and use it to drive improvement. ClearPoint Metrics is changing the way organizations drive improvement in IT and information security governance, risk, and compliance initiatives through the use of metrics and scorecards.

• ClearPoint PCI Compliance Webinar Wednesday May 5, 2010 :
  
  
  

  Register today for our free webcast to learn how ClearPoint’s PCI Compliance-as-a-Service offering can help you dramatically reduce your compliance risk & exposure and cut your cost of gathering reliable compliance evidence.

  Learn how you can:

  • Proactively monitor your PCI data security controls and policies with auditable fact-based metrics.
  • Automate evidence gathering, control monitoring and compliance reporting with coverage of all 12 PCI general requirements and sub controls.
  • Access our library of security performance & compliance metrics and scorecards that are ready to connect to your security and enterprise applications.
  • Experience the ease of use, speed of delivery, and dramatic savings you will gain through ClearPoint’s secure on-demand service in the Cloud.

  
  Don't miss this event. Register today!! 

  Sign up today for your free trial at:  https:pci.clearpointmetrics.com

• ClearPoint Metrics Joins Cloud Security Alliance :
  information security governance, risk and compliance leader offers expertise to measuring security in the cloud
  
  Burlington, MA. — April 7, 2010 — ClearPoint Metrics Inc, the leader in unified security performance and compliance management, today announced it has joined the Cloud Security Alliance (CSA) to help establish and promote best practices for measuring the effectiveness of security controls for cloud computing.
  
  As a Corporate Member, ClearPoint will support the Cloud Security Alliance’s initiatives, and leverage the company’s security performance and compliance expertise to promote industry-wide standards for measuring the effectiveness of security in the cloud. ClearPoint is a provider of solutions in the public cloud and is enthusiastic about working with the CSA to develop and promote the use of actionable metrics for assessing the state, quality and effectiveness of cloud computing security initiatives.
  
  “We are delighted to be joining the Cloud Security Alliance,” said Jim Acquaviva, CEO of ClearPoint. “Cloud computing holds the promise of allowing IT to shift its focus from constant hardware and software updates and free them to concentrate on innovation and enabling the organization.  With these benefits comes a requirement to be vigilant over establishing the proper controls and monitoring their effectiveness.  We look forward to participating in advancing CSA’s efforts to promote best practices in measuring and monitoring security performance."
  
  “ClearPoint Metrics is a leader in the security and compliance management field and a welcome addition to the Cloud Security Alliance,” said Jim Reavis, co-founder of the Cloud Security Alliance. “The shift to cloud computing presents us with a unique opportunity, but also a serious responsibility: to establish set guidelines and protocols for cloud security. We are confident that the ClearPoint team will be an instrumental part of the process in charting the course for this exciting platform.”
  
  For more information about Cloud Security Alliance, visit www.cloudsecurityalliance.org.
  
  To learn more about ClearPoint’s cloud initiatives, visit www.clearpointmetrics.com.
  
  About ClearPoint
  ClearPoint Metrics is changing the way organizations drive improvement in IT and information security initiatives through the use of fact-based metrics and scorecards. ClearPoint Metrics solutions provide comprehensive and unified visibility into the state, business impact, and effectiveness of IT governance, risk, and compliance initiatives.
  
  About the Cloud Security Alliance
  The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, the Cloud Security Alliance Web site is www.cloudsecurityalliance.org.
• ClearPoint Unveils Markets first Metrics-Based PCI Compliance Management Service :
  continues efforts to put market leading security performance and compliance management on the cloud  
  

  March 2, 2010, RSA Conference 2010, San Francisco, CA - ClearPoint Metrics announced today the availability of its new metrics-based PCI assessment application delivered as “software-as-a-service” on the Amazon cloud. The service is available free of charge for the next 30 days at http://PCI.clearpointmetrics.com.

  ClearPoint’s PCI Compliance Management solution enables organizations to independently address all phases of PCI compliance, from pre-assessment through Report of Compliance and submission of Attestation of Compliance.  With ClearPoint’ s PCI Requirement Manager, Control Mapping and Evidence Manager  organizations document their controls and manage evidence required  for attestations and reporting. ClearPoint’s solution is unique in that it gathers and manages all forms of evidence: policy documents, links to log files and shared documents, surveys and textual commentary as well as fact based metrics, performance and risk indicators based on information collected from an organizations infrastructure.

  ClearPoint is differentiated from PCI point solutions as it automates assessment, attestation and reporting for all 12 PCI requirements and operates independent of any particular security product. The solutions supports gathering hard facts and data through direct access to all qualified vulnerability scanners as well as the full complement of security applications including, firewalls, intrusion detection,  antivirus, log management,  event managers, encryption managers, data security products and   much more. The solution also provides a complete asset management and profiling service that takes feeds from internal asset systems and enables organizations to classify, sort and group assets by compliance scopes and risk profiles.

  The service provides a complete library of scorecards, companion metrics, data connectors and control monitoring alerts that are mapped to the key PCI requirements.  Each set is ready to be connected to the relevant security applications and deployed in minutes. ClearPoint’s continuous control monitoring alerts keep team members apprised of an organization’s performance to goals and delivers alerts when conditions requiring action occur.

  “Our customers are seeking to extend their investments in performance metrics and risk indicators to the compliance arena. They are ready to move beyond opinion surveys and support their attestations with fact-based metrics that provide confirmative evidence that controls exist and are performing to policy” said Jim Acquaviva, CEO of ClearPoint Metrics. “Additionally, the market wants a uniform and trustworthy approach  to assessment of security controls  to meet  performance, risk and compliance and overall governance  needs.”

  ClearPoint’s PCI Service is available in monthly and annually renewable subscriptions. It is licensed on a per user basis with introductory 12 user subscriptions offered at $500 per month.

   

  ClearPoint is exhibiting at RSA Conference 2010. The conference is being held at the Moscone Center in San Francisco, USA from 1-5 March 2010.
  
  Please Visit us at Booth # 2717 and Experience ClearPoint’s “Security Metrics as-a-Service” and PCI offering operating in the Cloud at www.measuresharecompare.com.

    About ClearPoint MetricsClearPoint actively changes the way organizations manage, assess and audit their IT security infrastructures. ClearPoint solutions help organizations identify critical security controls, map controls to key policies and compliance requirements, continuously monitor their status, and actively audit and understand their security and compliance posture. We do this based on real facts and data -- not just opinion or surveys, but real information from your security applications and enterprise infrastructure. With our scheduled-based platform, you simply set your assessment intervals and let ClearPoint do the rest. You get unified visibility into your all security and compliance requirements from one application - on your time - that delivers an integrated view of your security and compliance posture in "a single pane of glass".

   

• ClearPoint to spotlight "Security Metrics-as-a-Service offering at RSA 2010 :
  delivers clear visibility into security governance, compliance and risk program performance
  

  Burlington, Mass., January 27, 2010 — ClearPoint is exhibiting at RSA Conference 2010. The conference is being held at the Moscone Center in San Francisco, USA from 1-5 March 2010.
  
  Please Visit us at Booth # 2717 and Experience ClearPoint’s “Security Metrics as-a-Service” operating in the Cloud at www.measuresharecompare.com.
  
  RSA Conference is the most comprehensive forum in information security offering enterprise and technical professionals one-stop learning. Learn about the latest trends and technologies, get access to new best practices, and gain insight into the practical and pragmatic perspectives on the most critical technical and business issues facing you today.
  
  For more information and to register, click here.
  
  About ClearPoint
  
  ClearPoint actively changes the way organizations manage, assess and audit their IT security infrastructures. ClearPoint solutions help you identify your critical security controls, map controls to key policies and compliance requirements, continuously monitor their status, and actively audit and understand your security and compliance posture. We do this based on real facts and data -- not just opinion or surveys, but real information from your security applications and enterprise infrastructure. With our scheduled-based platform, you simply set your assessment intervals and let ClearPoint do the rest. You get unified visibility into your all security and compliance requirements from one application - on your time - that delivers an integrated view of your security and compliance posture in "a single pane of glass".

• ClearPoint’s Security Metrics-as-a-Service made available in the Cloud to customers and prospects :
  on-demand service enables organizations to cost effectively automate fact based assessments of information security governance, compliance, and risk initiatives and institute continuous control monitoring and auditing processes
  

  December 28, 2009, Burlington, MA. ClearPoint, the Unified Security Performance and Compliance Management on-demand Service, is immediately available on the Amazon Cloud to all existing licensed customers and prospects. The ClearPoint security metrics-as-service is the next step in fulfilling ClearPoint’s mission of making it easy and cost effective to deliver a unified view of your security and compliance posture — in a "Single Pane of Glass" — providing trusted, fact based assessments of security risk and compliance posture that enable organizations to reliably and actively monitor vital security controls.
  
  At the heart of the offering is an on-demand service that leverages ClearPoint’s active XML- based catalog of scorecards, metrics, and data connectors. The catalog is grouped into Metric Apps organized by products, security governance initiatives, and compliance frameworks. Users establish an account on the service, select any number of Metric Apps, and are guided by the Assessment Manager through the process of creating assessments and inviting participants.  The Assessment Manager makes it easy to schedule data collection and metrics calculation, publish scorecards, and send alerts that monitor the state of key controls and compliance with policies.ClearPoint includes an Asset Manager which allows assessments to be scoped by asset classes (organization structure, locations, risk, compliance scopes such as PCI) making them focused, relevant and actionable. The Asset Manager provides the ability to build asset groups that are populated by feeds from an organization’s authoritative asset management sources.  Asset groups are easily enriched with information on risk classifications, organization structure, locations, compliance frameworks and much more-- adding dimension that maps assessments to an organization’s context, structure, strategies, and imperatives. 

  Underlying ClearPoint’s value as service is the ability to share measurement and communication methodologies through its patent-pending Metric XML, and to build fact-based assessments from data generated within an organization. The solution transforms data generated from IT and security infrastructures into actionable performance indicators that enable users to confidently assess the state, quality and effectiveness of security controls and compliance requirements. The solution eliminates the need for large data warehouses, proprietary dashboards, disparate consoles, or specialized technical or developer tools. Organizations can easily catalog and document controls, map and cross-reference them to compliance requirements, and exchange measurement and communication techniques with peers to establish benchmarking communities.

  Our metric model combines inputs from security, system, network, and enterprise applications with an organization’s policies, targets, goals, and baselines to create meaningful performance indicators based on asset, risk, and organizational context. The solution enables users to combine policy thresholds with information on critical assets to slice, dice, sort, and filter, making it possible to visualize the state of information security and compliance controls aligned with organization structure and goals in visually rich scorecards, all under proper security and access control. 

  The service is available free of charge for 15 days, and licensed on a monthly basis thereafter based on the number of users. Access to the Catalog for reference is free, use of Catalog content is bundled into the monthly subscription fees. Usage fees start at $250 per month for five (5) users.

  About ClearPoint Metrics

  We are changing the way organizations drive improvement in IT and information security initiatives through the use of fact-based metrics and scorecards.We take the cost and friction out of getting the hard facts and data that assure actionable security performance assessments and reliable compliance reviews.  Decision makers at every level of the organization get exactly the information they need to take meaningful action to achieve their goals.We have done the hard work of developing plug-and-play metrics and scorecards. With ClearPoint security analysts, network administrators, compliance staff, and line of business managers can start measuring what matters most today.  It’s simple to tailor scorecards to business needs and goals, and add capabilities incrementally as needed. ClearPoint is easy to download, install and evaluate. It's never been easier to deliver the hard facts and data needed to objectively assess the quality of an organization's IT and security initiatives, and assure compliance with regulatory requirements.

• ClearPoint continues to expand its market leading data access capabilities :
  new seim, encryption, intrusion detection, it search, and log management  product support added to the portfolio
  

  Burlington, MA – November 20, 2009 – ClearPoint Metrics, the leader in security performance and compliance management continues its strategic investment in expanding support of critical security and business applications with the delivery of a set of new data adapters. These new adapters, delivered with the ClearPoint Metrics Unified Security Performance and Compliance Manager™, are the result of customer driven requests to expand their metrics based  performance assessment initiatives to investments they have made in strategic applications and data sources. ClearPoint’s data adapters are the foundation of its customers' success with metrics, fueling their ability to deliver reliable trustworthy performance indicators and risk assessments.
   
  “ClearPoint continues to expand its reach as a leader in performance management and metrics,” said Jim Acquaviva, CEO of ClearPoint Metrics. "our customers rely on us to transform data generated by their security and enterprise applications into useful performance indicators, enabling them to assess the effectiveness of their IT and information security controls. Our regular quarterly release of new data adapters addresses both customer driven requests and the needs of our Metrics Application Packages. Access to new data sources enable our customers to continuously expand the breadth of their metrics efforts and deliver more value through their investment in our products."

   

  ClearPoint released new and updated adapters for:

  ·  RSA enVison (Enterprise Security Manager)
  ·  PGP Universal Server and Endpoint
  ·  Symantec Endpoint Protection
  ·  Splunk 4
  ·  McAfee ePO 4
  ·  Qualys QualysGuard
  ·  ManageEngine Firewall Analyzer
  ·  CA Access Control
  ·  CA Identity Manager

  ClearPoint’s data adapters deliver secure data access that feeds metrics deployed to the ClearPoint Metrics Management Platform with the required data on-demand, eliminating the need for implementing and maintaining complex data warehouse solutions. The Platform provides complete user control over access credentials, schedules, data set definitions, and metric design. ClearPoint’s portfolio of adapters enables users to fuse data from scores of critical security and business applications and transform it into useful decision making information, including: threat managers, anti-virus, incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, vulnerability managers, patch managers, firewalls, change control systems, and ticketing systems.
  
  About ClearPoint Metrics:
  
  ClearPoint is the IT and Information Security Performance Measurement Company. We're innovating scalable, high performance data collection, aggregation, analytics, and visualization technology for measuring the effectiveness of IT infrastructures. ClearPoint makes it possible to easily access, aggregate, and fuse together data from any application, server, or network device transforming it into useful information that leads to quality communications and confident decision making. Data from scanners, anti-virus, intrusion detection, LDAP directories, configuration managers, firewalls, service tickets … if an application produces it, ClearPoint can create useful performance metrics from it.

  Our innovative products take the cost and friction out of obtaining the hard facts and data required for actionable performance assessments. We make it possible for business managers to interact with information in the context of their environment and use it to drive improvement. ClearPoint Metrics is changing the way organizations drive improvement in IT and information security governance, risk, and compliance initiatives through the use of metrics and scorecards.

• ClearPoint Introduces a new series of Metrics Apps for under $5,000 :
  solutions enable rapid and cost effective implementation of continuous control monitoring over access management, malware remediation and vulnerability mitigation
  

  Solutions enable rapid and cost effective implementation of continuous control monitoring over access management, malware remediation and vulnerability mitigation
  
  ClearPoint Metrics today announced the first in a new series of Metric Applications specifically designed to tightly integrate and optimize reporting, assessment and control monitoring for market leading security products. The initial series of Metric Apps deliver metrics, scorecards and automated connections optimized for a specific information security product. The offerings include connections to service ticket applications for remediation tracking, and the ability to rapidly jump start data collection efforts with CSV uploads and manual data entry forms. The Metric Apps are delivered built on the ClearPoint Metrics Management Platform, enabling rapid customization and cost effective metric and scorecard deployment and life cycle management.
  
  This initial series of Metrics Applications includes:

  • Identity and Access Management Metric App for Microsoft AD™
  • Threat and Virus Management Metric App for McAfee ePO™
  • Threat and Virus Management Metric App for Symantec Endpoint Protection ™
  • Vulnerability and Patch Management Metric App for nCircle™ (with WSUS™)
  • Vulnerability and Patch Management Metric App for Qualys™ (with WSUS™)

  
  The new packages provide fact based automated metrics that map directly to each product’s unique control objectives and capabilities. The metrics are visually presented in scorecards illustrating the current state and trend of critical security controls and risk mitigation efforts. This enables organizations to institute "continuous control monitoring and audit process" based on real facts and data rather than opinion and surveys. The new ClearPoint Metric Apps are available for reference in ClearPoint Metrics Catalog™ of security metrics and scorecards at http://catalog.clearpointmetrics.com. Access to the catalog is free of charge, and feedback is encouraged.
  
  ClearPoint Metrics Catalog makes available for reference the company’s vast research into security metrics and the inventory of know-how needed to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of IT and information security investment initiatives. The Catalog makes it easy to examine the details behind ClearPoint’s scorecards, metrics and data adapters.
  
  "These new Metric Apps are an important next step in fulfilling on our stated mission to bring metrics to the masses by making it easier and cost effective for organizations to use fact-based metrics to support their governance, compliance and risk assessment efforts. Our market is increasing requiring automated security control auditing and control monitoring to both control audit costs and decrease risk of non-compliance. " says Jim Acquaviva CEO of ClearPoint Metrics. "the ClearPoint solution unifies compliance monitoring, corporate performance management (CPM) for security and risk into a single product that addresses both the business intelligence (BI) and C level security intelligence needed to make more effective decisions."
  
  ClearPoint’s packaged metrics and scorecards are fundamentally different from all other solutions as they are completely data-aware and ready-to-attach to an organization’s security and enterprise applications as delivered. Additionally, each Metric and Scorecard is fully customizable with ClearPoint’s Metrics Design Studio™. All content is based on extensive field research by ClearPoint metrics experts and in collaboration with industry leading organizations, users, and domain experts. Metrics and Scorecards are mapped and cross referenced to both legislative and industry best practice frameworks such as ISO, delivering the know-how needed to provide constant auditing and control monitoring required for IT security governance, risk, and compliance initiatives.
  
  The ClearPoint Metric Application Packages are built on ClearPoint’s methodology for designing relevant, actionable, and trustworthy security metrics aligned to an organization’s objectives and reporting structure. The company’s exclusive ‘Metric Roll Up"’ capability enables organizations to fuse together data from a wide variety of security and enterprise applications, generate metrics, and then ‘slice & dice’, group, and sort the metrics into scorecards and dashboards appropriate for the audience or stakeholder. The end result is that users collaborate around visually rich scorecards that provide high level indicators with the ability to drill in to fine grain details and root causes, enabling executives and managers to make decisions with information that is consistent and trustworthy.
  
  About ClearPoint Metrics
  
  ClearPoint Metrics is changing the way organizations drive improvement in IT and information security initiatives through the use of metrics and scorecards.ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of their IT governance, risk, and compliance initiatives.
  
  Our solutions make it possible to easily access, aggregate, and fuse together data from any application, server, or network device, transforming raw data into useful security performance metric information for higher quality communications and more confident decision making.
  
  Our innovations take the cost and friction out of obtaining the hard facts and data required for actionable IT and security performance assessments and solid compliance reviews. ClearPoint makes it possible for business managers to interact with security performance information in the context of their objectives and use it to take meaningful action.

   

• ClearPoint announces Metric Applications Packages for PCI DSS, NERC Healthcare Compliance and FISMA :
  the clearpoint "unified security performance and compliance manager" the first complete solution for continuous audit and security control monitoring
  

  Burlington, MA – September 14, 2009 – ClearPoint Metrics today announced a major expansion to its product offering with the delivery of four new Compliance oriented Metrics Application Packages (MAPS) and the integration of the ClearPoint Security Performance Manager ™ and its compliance offering into a single solution – The ClearPoint Unified Security Performance and Compliance Manager. The new ClearPoint Compliance MAPS are available for reference in ClearPoint Metrics Catalog™ of security metrics and scorecards at http://catalog.clearpointmetrics.com. Access to the catalog is free of charge, and feedback is encouraged.

  The new Compliance Packages provide fact based automated metrics that map directly to each of the compliance framework prescribed controls. The metrics are visually presented in scorecards that depict the current state and trend of compliance efforts. This enables organizations to institute "continuous control monitoring and audit process" based on real facts and data rather than opinion and surveys. The recently released packages are:

  o PCI DSS Compliance Management

  o SOX Compliance Management

  o North American Electric Reliability (NERC) Compliance Management

  o Healthcare Compliance Management

  o Federal Information Security Management Act (FISMA)

  ClearPoint Metrics Catalog makes available for reference the company’s vast research into security metrics and the inventory of know-how needed to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of IT and information security investment initiatives. The Catalog makes it easy to examine the details behind ClearPoint’s scorecards, metrics and data adapters. The Catalog includes a series of free downloadable samples of the scorecards and metrics in each Metric Application Package.

  "It is becoming increasing important that organizations automate their security control audit and monitoring functions to both control costs and decrease risk of non-compliance. " says Jim Acquaviva CEO of ClearPoint Metrics. "the ClearPoint solution unifies compliance monitoring, corporate performance management (CPM) for security and risk into a single product that addresses both the business intelligence (BI) and C level security intelligence needed to make more effective decisions."

  Fundamentally different from all other solutions, ClearPoint’s packaged metrics and scorecards are completely data-aware and ready-to-attach to an organization’s security and enterprise applications as delivered. Additionally, each Metric and Scorecard is fully customizable with ClearPoint’s Metrics Design Studio™. All content is based on extensive field research by ClearPoint metrics experts and in collaboration with industry leading organizations, users, and domain experts. Metrics and Scorecards are mapped and cross referenced to both legislative and industry best practice frameworks such as ISO, delivering the know-how needed to provide constant auditing and control monitoring required for IT security governance, risk, and compliance initiatives.

  "To improve the effectiveness of CPM and BI investments, consider the following:

  · Establish a BI and CPM competency center that brings together business and IT personnel to determine reporting issues and how to align technologies to address any concerns.

  · Understand how CPM can benefit the organization, and work in close collaboration to enable CPM platforms that are consistent with the IT portfolio.

  · Define and deploy an enterprisewide metrics framework. Organizations need to have a consistent set of clearly defined performance metrics, aligned to corporate strategy and recognizable by all stakeholders. "

  ATV: 2009 Gartner FEI Technology Study Research Collection, 31 August 2009 by John E.Van Decker Research VP

  The ClearPoint Metric Application Packages are built on ClearPoint’s methodology for designing relevant, actionable, and trustworthy security metrics that are aligned to an organization’s objectives and reporting structure. The company’s exclusive ‘Metric Roll Up"’ capability enables organizations to fuse together data from a wide variety of security and enterprise applications, generate metrics, and then ‘slice & dice’, group, and sort the metrics into scorecards and dashboards appropriate for the audience or stakeholder. The end result is that users collaborate around visually rich scorecards that provide high level indicators with the ability to drill in to fine grain details and root causes, enabling executives and managers to make decisions with information that is consistent and trustworthy.

  About ClearPoint Metrics

  ClearPoint Metrics is changing the way organizations drive improvement in IT and information security initiatives through the use of metrics and scorecards.

  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of their IT governance, risk, and compliance initiatives. Our solutions make it possible to easily access, aggregate, and fuse together data from any application, server, or network device, transforming raw data into useful security performance metric information for higher quality communications and more confident decision making.

  Our innovations take the cost and friction out of obtaining the hard facts and data required for actionable IT and security performance assessments and solid compliance reviews. ClearPoint makes it possible for business managers to interact with security performance information in the context of their objectives and use it to take meaningful action.

• ClearPoint Metrics Introduces the Industry’s First Catalog of Fact-Based Security Metrics :
  clearpoint publishes industry leading know-how on what matters to measure™ and how to most effectively communicate security and compliance posture
  

  Burlington, MA – April 17, 2009 – ClearPoint Metrics today announced availability of the ClearPoint Metrics Catalog™ of security metrics and scorecards at http://catalog.clearpointmetrics.com. Access to the catalog is free of charge, and feedback is encouraged.

  The ClearPoint Metrics Catalog makes available for reference the company’s vast research into security metrics and the inventory of know-how needed to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of IT and information security investment initiatives. The Catalog is organized by security management discipline and corresponds to ClearPoint’s Metric Application Packages™:

  • Identity and Access Management
  • Threat and Virus Mitigation
  • Vulnerability and Patch Management
  • Data Security Management
  • Compliance and Risk Assessment

  The Catalog makes it easy to examine the details behind ClearPoint’s pre-built industry tested scorecards, metrics, and data adapters to leading security and enterprise applications. The Catalog also includes a series of free downloadable samples of the scorecards and metrics in each Metric Application Package. ClearPoint plans to add Application Security and Business Continuity Metric Application Packages to the catalog offering this year.

  “Developing information security metrics that align with the key business goals of the enterprise has always been important, but it is becoming increasingly critical in a time of constrained budgets and staff resources. Security managers need high-quality metrics that are business-aligned; report on things that are controllable, objective, and trendable; and can be collected without placing excessive demands on enterprise personnel. In addition, they must communicate these metrics to the appropriate stakeholders in an appropriate way.” – The Do's and Don'ts of Information Security Metrics, October 2008, by Jeffrey Wheatman, Research Director for Information Security and Privacy, Gartner Group.

  The catalog showcases ClearPoint’s unique methodology for designing relevant, actionable, and trustworthy security metrics that are aligned to an organization’s objectives and reporting structure. The company’s exclusive ‘Metric Mashup’ capability enables organizations to fuse together data from a wide variety of security and enterprise applications, generate metrics, and then ‘slice & dice’, group, and sort the metrics into scorecards and dashboards appropriate for the audience. The end result is that users collaborate around visually rich scorecards that provide the high level indicators with the ability to drill in to fine grain details and root causes, enabling them to make decisions with information that is consistent, trustworthy, and ultimately auditable and transparent.

  ClearPoint’s packaged metrics and scorecards are fundamentally different from all others as they are fully customizable with ClearPoint’s Metrics Design Studio™ and completely data-aware, delivering the real facts and data on vital IT security initiatives upon which organizations can rely to make informed decisions. All content is based upon extensive field research by ClearPoint metrics experts and in collaboration with industry leading organizations, users, and domain experts. Additionally, each is mapped to legislative and industry best practice frameworks such as ISO, PCI, and SOX, delivering the know-how needed to provide confirmative evidence for IT security governance, risk, and compliance initiatives. The Catalog makes it easy to learn, evaluate, and grow with the ClearPoint product line.

  "ClearPoint's Metrics Catalog provides a much needed reference guide to security metric practitioners and the security community at large," said Daniel E. Geer Jr., Sc.D., author of Economics & Strategies of Data Security. "It is the first coherent body of work that provides know-how to orchestrate a fact-based security metrics initiative and enables you to start from where you are, not where you want to be."

  About ClearPoint Metrics

  ClearPoint Metrics is changing the way organizations drive improvement in IT and information security initiatives through the use of metrics and scorecards.

  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of their IT governance, risk, and compliance initiatives. Our solutions make it possible to easily access, aggregate, and fuse together data from any application, server, or network device, transforming it into useful security performance metric information leading to higher quality communications and more confident decision making.

  Our innovations take the cost and friction out of obtaining the hard facts and data required for actionable IT and security performance assessments and solid compliance reviews. ClearPoint makes it possible for business managers to interact with security performance information in the context of their objectives and use it to take meaningful action.

• ClearPoint Metrics and Imperva Partner to help CISOs, Auditors and Business Managers Accelerate Data :
  clearpoint metrics and imperva corporation today announced a collaborative effort to deliver strategic intelligence on organizations data security and compliance initiatives.
  

  Burlington, MA & Redwood Shores, CA – June 30, 2009 - ClearPoint Metrics and Imperva Corporation today announced a collaborative effort to deliver strategic intelligence on organizations data security and compliance initiatives. The partnership will integrate Imperva’s SecureSphere Data Security Suite with ClearPoint Metrics’ Security Performance Manager™ creating a new class of security performance and risk metrics that will provide visibility into the state, quality and effectiveness of data security investments for chief information security officers, auditors as well as business managers concerned about security.

  ClearPoint’s Security Performance Manager will leverage information from Imperva’s suite to deliver intelligence in the form of performance metrics to assess the business impact and effectiveness of key information security initiatives. The SecureSphere Data Security Suite delivers a complete lifecycle for Web application and database security in a single platform. By securing transactions from the end user through the Web application to the database, the SecureSphere Data Security Suite offers complete data security and visibility and maps all assets on a network. The combination of these two solutions provides a complete assessment of an organizations data risk posture.

  Data intensive businesses, particularly financial and insurance services, but also the energy and retail sectors, depend on Imperva for full visibility and control for business databases and the applications that use them. The award-winning SecureSphere delivers full activity monitoring from the database to the application and is recognized for its overall ease of management and deployment.

  “This strategic partnership with Imperva came about through our mutual work with a global financial services organization,” said Jim Acquaviva, CEO at ClearPoint Metrics. “We look forward to working with them to drive a new class of enterprise performance metrics that enable organization to better understand and communicate the impact of their investments in data security.”

  ClearPoint Metrics purpose-built solution for CIO’s and CISO’s enables organizations to implement enterprise wide IT and information security metrics programs. ClearPoint’s portfolio of adapters provides connections to a large number of critical security and business applications, including threat managers, anti-virus, incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, and vulnerability and patch managers.

  “Imperva’s mission is to help organizations secure critical data and achieve regulatory compliance for their Web and database applications,” said Rohit Gupta, vice president of business development for Imperva. “Combining the visibility and control of database activity provided by SecureSphere with ClearPoint’s Security Performance Manager’s customers get a powerful, global view of the state of their security infrastructure,”

  About Imperva

  Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment. For more information, visit www.imperva.com.

  About ClearPoint Metrics

  ClearPoint Metrics is changing the way organizations drive improvement and assure compliance in IT and information security initiatives through the use of metrics and scorecards.

  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of their IT governance, risk, and compliance initiatives. Our solutions make it possible to easily access, aggregate, and fuse together data from any application, server, or network device, transforming it into useful security performance metric information leading to higher quality communications and more confident decision making.

  Our innovations take the cost and friction out of obtaining the hard facts and data required for actionable IT and security performance assessments and solid compliance reviews. ClearPoint makes it possible for business managers to interact with security performance information in the context of their objectives and use it to take meaningful action. For more information, visit www.clearpointmetrics.com.

• Hitachi ID Systems and ClearPoint Metrics Announce Partnership :
  integrated solution provides enterprises with metrics for secure password management
  

  Burlington, MA & Calgary, Alberta – May 11, 2009 – ClearPoint Metrics and Hitachi ID Systems today announced a partnership that integrates Hitachi’s ID Password Manager with ClearPoint Metrics’ Security Performance Manager™.

  "We are very pleased to have Hitachi as a strategic partner," said Jim Acquaviva, CEO of ClearPoint Metrics. "By integrating with Hitachi ID Password Manager, we deliver a comprehensive data security metrics offering around Hitachi's identity management software, allowing organizations to track adoption, password strength, security incidents, and more. We look forward to working with them on many joint customer implementations."

  With ClearPoint’s Security Performance Manager, security executives and their teams can reliably, confidently, and cost effectively measure, monitor, and communicate the effectiveness of their information security controls, enabling them to deliver fact-based evidence supporting their strategic governance, compliance, and risk initiatives.

  ClearPoint Metrics delivers the industry's first purpose-built solution designed for CIOs, CISOs, and CROs, enabling them to eliminate manual self-assessments and rely on fact-based performance metrics. ClearPoint's portfolio of data adapters delivers connections to a large number of critical security and business applications, including threat managers, anti-virus incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, vulnerability managers, and patch managers.

  "ClearPoint Metrics provides Hitachi ID Password Manager users with the ability to track and analyze security adoption," said Mike Miazga, VP Business Development. "This type of metric helps a successful password management deployment. We're happy to partner with ClearPoint."

  Hitachi ID Password Manager (formerly P-Synch), a component of the Hitachi ID Management Suite, is the premier solution for enterprise password management. Hitachi ID Password Manager reduces the frequency of help desk calls, improves user productivity, and strengthens authentication security. Hitachi ID Password Manager accomplishes this with password synchronization and simplified administration of other authentication factors, such as hardware tokens and biometrics. Hitachi ID Password Manager includes connectors to manage passwords on over 70 kinds of systems and applications.

  Hitachi ID Systems is a leading publisher of identity management software. Its products help organizations strengthen network security, lower IT support costs and improve user productivity. Hitachi ID customers achieve these results by implementing automation and self-service processes to more effectively manage passwords and other authentication factors, to provision and deactivate user access, and to manage user privileges.

  About Hitachi

  Hitachi, Ltd. (NYSE: HIT / TSE: 6501), headquartered in Tokyo, Japan, is a leading global technology company, with approximately 384,000 employees worldwide. Fiscal 2006 (ended March 31, 2007) consolidated revenues totaled 10,247 billion yen (.8 billion). The company offers a wide range of systems, products, and services in market sectors, including information systems, electronic devices, power and industrial systems, consumer products, materials and financial services. For more information on Hitachi, please visit the company's website at http://www.Hitachi.com.

  About Hitachi ID Systems

  Hitachi ID Systems, Inc. is a leading provider of identity management solutions. Hitachi ID Management Suite has been licensed by hundreds of mid- to large-sized organizations worldwide. Hitachi ID Systems' solutions enable organizations to effectively manage every aspect of the user lifecycle. Hitachi ID Management Suite includes Hitachi ID Identity Manager (formerly ID-Synch), Hitachi ID Access Certifier (formerly ID-Certify), Hitachi ID Password Manager (formerly P-Synch), Hitachi ID Privileged Password Manager (formerly ID-Archive), and Hitachi ID Group Manager (formerly ID-Access).

  For more information about Hitachi ID Systems, Inc. and its products, please visit the corporate web site at www.hitachi-id.com, the product web sites at www.Identity-Manager.hitachi-id.com, www.Password-Manager.hitachi-id.com, www.Access-Certifier.hitachi-id.com, www.Privileged-Password-Manager.hitachi-id.com, www.Group-Manager.hitachi-id.com, or call 1.403.233.0740.

  About ClearPoint Metrics

  ClearPoint Metrics is changing the way organizations drive improvement in IT and information security initiatives through the use of metrics and scorecards.

  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of their IT governance, risk, and compliance initiatives. Our solutions make it possible to easily access, aggregate, and fuse together data from any application, server, or network device, transforming it into useful security performance metric information leading to higher quality communications and more confident decision making. Our innovations take the cost and friction out of obtaining the hard facts and data required for actionable IT and security performance assessments and solid compliance reviews.

• ClearPoint Metrics Integrates with PGP Universal Server™ :
  clearpoint metrics integrates with pgp universal server™ to deliver scorecards that provide real-time insight on usage of pgp® applications
  

  Burlington, MA – April 16, 2009 – ClearPoint Metrics today announced a technology alliance with PGP Corporation, a global leader in enterprise data protection, to integrate PGP Universal Server™ with ClearPoint Metrics’ Security Performance Manager. The joint technology integration offering will provide C-Level security executives with higher-level views of their PGP^® application activity with more context for risk-based decision making.

  Today, security executives including CISOs, CIOs and VPs, often lack a consistent and auditable process to obtain the information they need from their data security applications to accurately assess the performance of their risk and security profile, and track their organization’s compliance and corporate governance initiatives.

  ClearPoint Metrics and PGP Corporation have come together to solve this critical problem for security executives and their teams by enabling them to reliably and cost effectively measure, monitor and communicate the effectiveness of their PGP^® applications and their security controls. By integrating PGP Universal Server and the ClearPoint Metrics’ Security Performance Manager, ClearPoint Metrics’ data adapters can now extract information from PGP Universal Server data logs and create scorecards of all the data collected from PGP Whole Disk Encryption and PGP Universal Gateway Email applications. 

  PGP Universal™ Server manages security policy across multiple applications to defend sensitive data and avoid the financial loss, legal ramifications, and brand damage resulting from a data breach. Using PGP Universal Server, an organization can deploy one encryption application to address an immediate tactical requirement and then deploy additional applications later, as required. This strategic approach to encryption allows the enterprise to quickly adapt to emerging requirements for encryption using a single encryption management console.

  In effect, ClearPoint Metrics has extended the value of PGP Universal Server, by delivering scorecards that provide real-time insight and reporting metrics on customer’s usage of their PGP^® applications. These graphical-view scorecards provide PGP customers with fact-based evidence and analysis on their strategic governance, compliance, and risk initiatives.

  “With this technology integration, we are extending the PGP ecosystem and continuing to open up the PGP Encryption Platform with third-party functionality to give customers more choice and flexibility,” said Steve Schoenfeld, vice president of Products and Strategy at PGP Corporation. “ClearPoint Metrics’ Security Performance Manager’s metrics and scorecards simplify information from security and infrastructure systems, and when combined with the PGP Universal Server key management and policy enforcement capabilities, customers get a powerful, global view of the state of their security infrastructure.”

  “We are very honored to be working with a leader such as PGP Corporation and increasing the value of our solution to our joint customers” said Jim Acquaviva, CEO of ClearPoint Metrics. “This technology integration was driven in response to fulfilling customer needs and demand and we look forward to working more closely with PGP Corporation’s future customer initiatives.” 

  ClearPoint Metrics delivers a purpose built solution for CIO’s and CISO’s and allows their organizations to implement enterprise IT and information security metrics programs. ClearPoint’s portfolio of adapters provides connections to a large number of critical security and business applications, including threat managers, anti-virus, incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, vulnerability managers and patch managers.

  About PGP Corporation 

  PGP Corporation is a global leader in email and data encryption software for enterprise data protection. Based on a unified key management and policy infrastructure, the PGP^® Encryption Platform offers the broadest set of integrated applications for enterprise data security. PGP^® platform-enabled applications allow organizations to meet current needs and expand as security requirements evolve for email, laptops, desktops, instant messaging, smartphones, network storage, file transfers, automated processes, and backups.

  PGP^® solutions are used by more than 100,000 enterprises, businesses, and governments worldwide, including 95 percent of the Fortune® 100, 75 percent of the Fortune® Global 100, 87 percent of the German DAX index, and 51 percent of the U.K. FTSE 100 Index. As a result, PGP Corporation has earned a global reputation for innovative, standards-based, and trusted solutions. PGP solutions help protect confidential information, secure customer data, achieve regulatory and audit compliance, and safeguard companies' brands and reputations. Contact PGP Corporation at www.pgp.com.

  About ClearPoint Metrics

  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor and communicate the state, business impact, and effectiveness of their IT governance, risk, and compliance initiatives. As both regulatory and best practice frameworks mandate the use of metrics, ClearPoint delivers both the hard facts and data that evidence the existence and efficacy of internal controls and the executive views and scorecards that enable evaluation of performance and alignment with business objectives. CIOs and CISOs of leading Global 2000 companies rely on ClearPoint Metrics software and best practice know-how to quickly and cost effectively implement a successful metrics initiative supporting their strategic imperatives and establishing a foundation for constant improvement in safeguarding their organization’s information assets.

• ClearPoint Metrics announces RSA Conference Event Participation and Speaking Schedule :
  clearpoint’s industry participation demonstrates its momentum and leadership in the security metrics and performance management market.
  

  Burlington, MA - March 30, 2009 - ClearPoint Metrics, the leader in IT and security performance management and metric solutions for governance, compliance, and risk, today announced it is presenting the company’s vision for the future of security performance metrics and its role as the leading innovator of automated solutions at three important venues in conjunction with the RSA Conference 2009.

  ClearPoint will present its market leading Security Performance Management Solution in the McAfee Partner Pavilion at RSA on April 20-24. ClearPoint is a McAfee Secuirty Innovation Alliance Program member and as such will be demonstrating the benefits of metrics and scorecards achieved through the integration of its market leading Security Performance Manager™ with the McAfee ePO product line.

  Jim Acquaviva, CEO of ClearPoint Metrics, will present at the 4th Annual, America’s Growth Capital Information Security Conference, on April 20, 2009 in San Francisco, CA. The conference, which takes place the day before the RSA Conference 2009, will feature presentations from executives of leading public and private information security companies, including Cisco, IBM, McAfee, Symantec, Acme Packet, and more. The day-long program of keynote topics, panel discussions, and presentations serves to address the significance of information security in the IT landscape. During his presentation, Jim will present Clearpoint’s market leading security performance management solution and will introduce its newly released on-line metrics catalog. An industry first, the catalog encapsulates best practices for measuring the impact of security investments and communicating the security posture of an organization through the use of metrics and scorecards. 

  ClearPoint will also participate in this year’s Metricon 3.5 event, to be held on April 20 at Google’s offices in San Francisco. Metricon 3.5 is an informal workshop designed to facilitate exchange of new ideas as well as practical experience in using metrics to drive better security, compliance, and risk management. The day will consist of open, moderated exchange among metrics thought leaders and security practitioners and short informal presentations. ClearPoint will be presenting its research into a methodology and approach to a, "Metrics-Mashup." In metric development, a mashup is a Metrics Application that fuses together data from multiple sources into a single integrated tool to produce results that were not the original reason for producing the raw source data. An example of a metric mashup is the use of vulnerability scanning data from nCircle to add vulnerability information to patching data from WSUS, and asset classification, value and organization data from an asset management system thereby creating a new and distinct Metric service that was not originally provided by either source. The results provide a single, integrated, comprehensive view of complementary products that demonstrates relationship among these products. Effective Security performance management requires a holistic view, without a metrics mash up style capability, executives must view results from these products in isolation, thereby making it difficult for them to make appropriate fully-informed decisions. The Metricon event is attended by security-focused thought leaders from every area of industry and government.

  "The security industry is constantly evolving the innovations and developments of leading information technology and solutions providers, such as those in participating in the events around RSA 2009," said Acquaviva. "ClearPoint Metrics is participating in this industry innovation. Our solutions are doing for CIO’s and CISO’s what integrated financial reporting and management systems do for the CFO – providing concrete facts and trusted information that allow organizations to measure, monitor, and communication the state, quality, and effectiveness of an organization’s security initiatives." 

  About ClearPoint Metrics
  
  ClearPoint Metrics is changing the way organizations drive improvement in IT and information security initiatives through the use of metrics and scorecards. ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of their IT governance, risk, and compliance initiatives. Our solutions make it possible to easily access, aggregate, and fuse together data from any application, server, or network device, transforming it into useful security performance metric information leading to higher quality communications and more confident decision making. Our innovations take the cost and friction out of obtaining the hard facts and data required for actionable IT and security performance assessments and solid compliance reviews. We make it possible for business managers to interact with security performance information in the context of their objectives and use it to take meaningful action.

  For more information, visit us on the Web at www.clearpointmetrics.com.

  ###

• ClearPoint Metrics and Lumeta Partner to Integrate Security Data and Network Discovery :
  integration produces unique joint offering for global network visibility
  

  Burlington, MA & Somerset, NJ – March 30, 2009 - ClearPoint Metrics and Lumeta Corporation today announced a partnership that integrates Lumeta’s IPsonar^® with ClearPoint Metrics’ Security Performance Manager™. Security Performance Manager fuses data from an organization’s infrastructure tools into a consistent, understandable dashboard for measurement, monitoring, and communication of the state, business impact, and effectiveness of information security initiatives. IPsonar discovers and maps all assets on a network. The combination of these two solutions gives IT a complete security assessment of its entire network, including assets that, previously, would have remained unknown and unmanaged.

  Lumeta’s IPsonar provides global network visibility to those entrusted with managing their IT networks. Using multi-protocol discovery technology, IT managers can create a comprehensive set of network facts, including complete asset identification, leak detection, and address space discovery. This comprehensive view enables IT managers to optimize vulnerability management while enhancing the value of existing IT assets.

  ClearPoint Metrics delivers a purpose-built solution for CIO’s and CISO’s and allows their organizations to implement enterprise IT and information security metrics programs. ClearPoint’s portfolio of adapters provides connections to a large number of critical security and business applications, including threat managers, anti-virus, incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, and vulnerability and patch managers.

  “This strategic partnership with Lumeta came about through our mutual work with a global financial services organization,” said Jim Acquaviva, CEO at ClearPoint Metrics. “We look forward to working with them on other major customer initiatives.”

  “ClearPoint’s Security Performance Manager’s metrics simplify information from security and infrastructure systems, and when combined with IPsonar’s leading network discovery capabilities, customers get a powerful, global view of the state of their security infrastructure,” said Michael Markulec, chief operating officer at Lumeta. “As security threats continue to mount, gaining a complete understanding of the network and its vulnerabilities – and being able to prioritize those vulnerabilities – needs to be a top priority for large IT organizations.”

  About Lumeta Corporation

  Lumeta empowers large enterprise and government agencies with global network visibility, allowing them to understand how network change affects security, availability, and compliance.

  Lumeta’s IPsonar is the industry’s only network assurance solution that discovers and maps every asset on a network, including assets not currently under management. This capability enables IT professionals to analyze the connectivity between assets and networks, uncover risk patterns, and automate the enforcement of network policies.

  With this level of network assurance, IT organizations can harden security, improve business continuity, and deploy new services without impacting its ability to deliver existing services.

  For more information, visit the Lumeta Web site at http://www.lumeta.com.

  About ClearPoint Metrics

  ClearPoint Metrics is changing the way organizations drive improvement in IT and information security initiatives through the use of metrics and scorecards.
  
  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor, and communicate the state, business impact, and effectiveness of their IT governance, risk, and compliance initiatives. Our solutions make it possible to easily access, aggregate, and fuse together data from any application, server, or network device, transforming it into useful security performance metric information leading to higher quality communications and more confident decision making.
  
  Our innovations take the cost and friction out of obtaining the hard facts and data required for actionable IT and security performance assessments and solid compliance reviews. ClearPoint makes it possible for business managers to interact with security performance information in the context of their objectives and use it to take meaningful action.

• ClearPoint Metrics and Sophos Partner to Stamp Out IT Security Threats :
  clearpoint’s data adapter for sophos will provide advanced metrics to fight malware and spam
  

  BURLINGTON, Mass. - February 2, 2009 - ClearPoint Metrics, a leader in IT and information security performance management and metrics solutions, today announced the availability of a data adapter for a world leader in IT security and control, Sophos. 

  Today, Sophos’ Enterprise and Security Control solution defends organizations against known and unknown malware threats, as well as intrusion, policy abuse, unauthorized users, and the use of unwanted applications. ClearPoint’s new data adapter will provide joint customers with advanced metrics capabilities and functionality related to protecting businesses from virus and spam-related security threats.

  The Security Performance Manager™ automates the entire process of designing, calculating and communicating Key Performance Indicators to help IT organizations manage and minimize asset risk and exposures. The solution is designed to consistently gather hard facts and reliable data, profile high-risk users, assets, and concentrations of risk, confidently communicate the state and effectiveness of major initiatives, proactively align IT initiatives with business priorities, and save substantial time and cost in compliance assessment, reporting, and audits.

   “Our partnership with Sophos will arm customers with a clearer analysis and forecast of their current and imminent security threats, enabling them to better assess their preparedness and make strategic investment decisions.” said James Acquaviva, CEO of ClearPoint Metrics. “ClearPoint’s ability to fuse data from Sophos solutions with other enterprise information provides actionable metrics with rich context and relevancy to the user.”
  
  ClearPoint’s portfolio of over 50 adapters provides connections to a large number of critical security and business applications, including threat managers, anti-virus, incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, vulnerability managers and patch managers. ClearPoint’s pre-built data adapters, metrics, and scorecards allow CISOs and their teams to quickly and effectively launch and sustain an information security metrics initiative.
  
  For more information regarding ClearPoint Metric’s data adapters and connectors, please visit http://www.clearpointmetrics.com/products/default.aspx?id=85.

  About Sophos
  
  Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

  Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

  About ClearPoint Metrics

  ClearPoint is the IT and Information Security Performance Measurement Company. We're innovating scalable data collection, aggregation, analytics, and visualization technology for measuring the effectiveness of IT infrastructures. ClearPoint makes it possible to easily access, aggregate, and fuse together data from any application, server, or network device transforming it into useful performance metrics that enable quality communications and confident decision making. Our innovative products take the cost and friction out of obtaining the hard facts and data required for actionable performance assessments. ClearPoint Metrics is changing the way organizations drive improvement in IT and information security governance, risk, and compliance initiatives through the use of metrics and scorecards.

  www.clearpointmetrics.com

  Sophos® and ClearPoint Metrics® are registered trademarks of LogLogic and ClearPoint Metrics, respectively. All other registered or unregistered trademarks are the sole property of their respective owners. Copyright© 2009 ClearPoint Metrics. All rights reserved.

• McAfee, Inc. Expands Security Innovation Alliance :
  mcafee technology ecosystem attracts more than 40 partners in its first year
  

  SANTA CLARA, CALIF. - January 20, 2009—McAfee, Inc. (NYSE: MFE) today announced a new program tier in the McAfee^® Security Innovation Alliance™ (SIA). The Sales Teaming Program will include select SIA partners that complement the McAfee product portfolio and enable the McAfee sales force and channel to drive more complete security solution relationships with enterprise customers. 
  
  The McAfee Sales Teaming Program was launched this week at McAfee’s annual Sales Kick-Off event, which is attended by more than 1,000 McAfee sales and channel personnel.  The inaugural members of the invitation-only program include AccessData, Application Security, Bit9, Catbird, Guardium, LogRhythm, Secerno and SenSage; representing the markets of forensics, database security, whitelisting, virtualization security and log management.
  
  Through the Sales Teaming Program, SIA partners will benefit from a more proactive and mutually rewarding selling model. From a customer perspective, this will provide easier access and faster evaluation of “McAfee Compatible” solutions.
  
  McAfee also announced four new “McAfee Compatible” solutions from its current SIA partners, including Absolute Software, Passfaces, MXI Security and Q1 Labs. There are also nine new members that have joined the program,  including Agiliance, AirPatrol Corporation, Archer Technologies, Arxan, ClearPoint Metrics, HP, RedSeal Systems, Secure Passage and Verdiem.
  
  “McAfee now has more than 40 partners in the SIA program committed to helping our joint customers drive operational savings with ‘McAfee Compatible’ products,” said Joe Gottlieb, vice president of corporate strategy and technology alliances, McAfee. “As our program begins to flourish, we see numerous opportunities to assemble a wide range of product innovations that enable more effective security and compliance management workflows. Taken together, these benefits will help our customers find the savings they need to fund the advancements they require to keep up with the threat horizon.” 
  
  The McAfee Security Innovation Alliance program accelerates the development of interoperable security products and simplifies the integration of those products within complex customer environments.  Supported by the program, partners integrate their products with McAfee ePolicy Orchestrator^® (ePO™), McAfee’s industry-leading security and compliance management platform, and/or other McAfee products, such as McAfee Endpoint Encryption and McAfee Vulnerability Management Service.
  
  For more information on how to become a Security Innovation Alliance partner, please visit www.mcafee.com/sia.

  About McAfee, Inc.
  
  McAfee, Inc., headquartered in Santa Clara, California, is the world’s largest dedicated security technology company. McAfee is relentlessly committed to tackling the world’s toughest security challenges. The company delivers proactive and proven solutions and services that secure systems and networks around the world, allowing users to safely connect to the Internet, browse and shop the Web securely. Backed by an award-winning research team, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to comply with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. http://www.mcafee.com.
  ###
  
  McAfee, ePolicy Orchestrator, ePO, Security Innovation Alliance and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2009 McAfee, Inc. All rights reserved.

• ClearPoint Metrics and LogLogic Connect to Provide Comprehensive IT Risk Management Solution :
  clearpoint’s latest adapter for loglogic will help organizations identify, analyze, and address internal it security threats
  
  ClearPoint’s Latest Adapter for LogLogic Will Help Organizations Identify, Analyze, and Address Internal IT Security Threats.

  BURLINGTON, Mass. - January 12, 2009 - ClearPoint Metrics^®, the IT and Information Security performance metrics market leader, today announced the availability of data connection capabilities between ClearPoint’s Security Performance Manager™and LogLogic’s Compliance Suites™.

  LogLogic Compliance Suites offer a window into all user activities across an organization’s IT infrastructure and provide a real-time view of adherence to multiple regulations and standards. With ClearPoint’s new data adapter LogLogic’s enterprise customers can leverage ClearPoint’s security performance management solution to obtain advanced metrics on internal IT security initiatives and cost effectively communicate the state, quality, and effectiveness of their initiatives throughout the organization.

  The LogLogic Compliance Suites automate the analysis of log data generated by all applications, databases, systems, and network devices. In doing so, the software offers businesses insight into where data is moving and who is accessing it. In addition to helping companies meet industry compliance regulations, such as Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes-Oxley (SOX), that require the collection and analysis of log data, LogLogic Compliance Suites address enterprise risk management, information retention policies, and IT risk management. They can also help increase overall operational efficiency, reduce IT budgets, and reduce ongoing compliance costs. Currently, LogLogic has baseline reporting capabilities such as exporting reports into CSV, PDF or HTML formats.  With data integration with ClearPoint’s Security Performance Manager, valuable LogLogic data can be integrated with ClearPoint’s visual metrics and scorecarding system to deliver the hard facts and data that lead to more informed decision making and reliable compliance assessments.

  “Though collecting log data is mandatory for many industry compliance regulations, businesses that want to maintain best practices for security and accountability can leverage ClearPoint’s solutions to develop policies that mitigate risk,” said Dominique Levin, executive vice president of marketing and strategy for LogLogic. “ClearPoint’s data adapter will help us provide LogLogic customers with a clear concise view of ongoing IT risk to ensure the effectiveness of their information security initiatives.”
  The ClearPoint Metrics Security Performance Manager™ enables IT and security executives and their teams to successfully measure, monitor, and communicate the state, quality, and effectiveness of their information security investments, enhancing and supporting their governance, risk, and compliance initiatives with reliable performance metrics.

  The Security Performance Manager™ automates the entire process of designing, calculating and communicating Key Performance Indicators to help IT organizations manage and minimize asset risk and exposures. The solution is designed to consistently gather hard facts and reliable data; profile high-risk users, assets, and concentrations of risk, confidently communicate the state and effectiveness of major initiatives, proactively align IT initiatives with business priorities and save substantial time and cost in compliance assessment, reporting, and audits.

  “The addition of LogLogic to the ClearPoint family of metric data sources partners is significant,” said Jim Acquaviva, CEO of ClearPoint Metrics. “Our customer’s success is predicated on obtaining hard facts and data from strategic data stores, such as LogLogic, and creating useful and actionable metrics that communicate the efficacy of internal controls and the business value of investments.”

  ClearPoint’s portfolio of over 50 adapters provides connections to a large number of critical security and business applications, including threat managers, anti-virus, incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, vulnerability managers and patch managers.

  About LogLogic

  LogLogic® is a visionary leader in log management for business operations, security, and compliance for the most demanding global enterprises as well as mid-market companies. The LogLogic family of LX-ST and MX appliances addresses the compliance, operations, and risk mitigation needs for collecting, storing, reporting, and alerting on 100 percent of IT log data from virtually any device, operating system, or application. LogLogic's innovations include creating the world's first search engine for fast-moving IT log data, the first open log management platform and API, and Compliance Suites for PCI, SOX, HIPAA, and other mandates that automate using log data to enforce critical controls and regulations. LogLogic received four and half stars out of five from SC Magazine's forensic tools review in 2008 and was named a Deloitte Technology Fast 50 Rising Star in 2007. For more information, visit www.loglogic.com and http://blog.loglogic.com.

  About ClearPoint Metrics

  ClearPoint is the IT and Information Security Performance Measurement Company. We're innovating scalable data collection, aggregation, analytics, and visualization technology for measuring the effectiveness of IT infrastructures. ClearPoint makes it possible to easily access, aggregate, and fuse together data from any application, server, or network device transforming it into useful information that leads to quality communications and confident decision making. Our innovative products take the cost and friction out of obtaining the hard facts and data required for actionable performance assessments. We make it possible for business managers to interact with information in the context of their environment and use it to drive improvement. ClearPoint Metrics is changing the way organizations drive improvement in IT and information security governance, risk, and compliance initiatives through the use of metrics and scorecards. www.clearpointmetrics.com.

  LogLogic® and ClearPoint Metrics® are registered trademarks of LogLogic and ClearPoint Metrics, respectively. All other registered or unregistered trademarks are the sole property of their respective owners. Copyright© 2009 ClearPoint Metrics. All rights reserved.

• ClearPoint Metrics and nCircle Collaborate to Deliver Performance and Risk Assessment Metrics :
  clearpoint’s latest data adapter for ncircle ip360 allows organizations to make smarter, informed decisions
  

  BURLINGTON, Mass. - November  18, 2008 - ClearPoint Metrics, a leader in IT and information security performance management and metrics solutions, today announced the availability of a data adapter for nCircle IP360. Many organizations have made an investment in nCircle’s IP360, a security and compliance discovery platform that profiles networked devices and their applications, vulnerabilities and configurations for over 21,000 conditions. Through the new adapter, these organizations can now unleash that valuable information and deliver it via Clearpoint’s metrics and scorecards. ClearPoint’s data adapters connect, collect and fuse data from a variety of third-party security solutions, such as nCircle, using agentless, read-only technology that extracts the specific data and documentation needed to compute metrics and create useful, decision-making information. ClearPoint’s portfolio of adapters provide connections to a large number of critical security and business applications, including threat managers, anti-virus, incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, vulnerability managers and patch managers. ClearPoint currently supports over 50 third party sources and general purpose connectors.
  
  "With each new data adapter, our clients can learn even more about their security posture," said James Acquaviva, CEO of ClearPoint Metrics. "It’s too much of an information security risk and time sink for CISOs to rely on manual compilation processes or qualitative questionnaires for their decision making information. ClearPoint’s data adapters work behind the scenes to automatically and securely pull data from various sources, and deliver metrics that are based on hard facts and data."
  
  ClearPoint’s pre-built data adapter technology is a key component to its Security Performance Manager, an integrated software and best practice content solution designed to provide a complete, automated and cost-effective view of an organization’s security performance through the use of metrics and scorecards. Far beyond manual collection, this automated solution delivers meaningful insight and valuable decision-making information that communicates the security posture of an organization, based on hard facts and data. ClearPoint’s pre-built data adapters, metrics, and scorecards allow CISOs and their teams to quickly and effectively launch and sustain an information security metrics initiative. "nCircle is delivering the most comprehensive coverage in the market." said Karl Hutter, Senior Vice president, corporate development. "We are pleased to partner with Clearpoint Metrics to make this breadth of information available through changing times."

  About nCircle
  
  nCircle is the leading provider of automated security and compliance auditing solutions. More than 4,000 enterprises, government agencies, and service providers around the world rely on circle’s proactive solutions to manage and reduce security risk and achieve compliance on their networks. NCircle has won numerous awards for growth, innovation, customer satisfaction, and technology leadership. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. Additional information about nCircle is available at www.ncircle.com.

  About ClearPoint Metrics
  
  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor and communicate the state, business impact, and effectiveness of their IT governance, risk and compliance initiatives. As new governance, regulatory and best practice frameworks now mandate the use of metrics, ClearPoint delivers the hard facts and data that evidence the existence and efficacy of internal controls and the executive views and scorecards that enable evaluation of performance and alignment with business objectives. CIOs and CISOs of leading Global 2000 companies rely on ClearPoint Metrics software and best practice know-how to quickly and cost effectively implement a successful metrics initiative supporting their strategic imperatives and establishing a foundation for constant improvement in safeguarding their organization’s information assets.

  nCircle is a registered trademark of nCircle Network Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners.

• ClearPoint Releases Expanded Data Access Capabilities :
  seim, nac and intrusion detection product support added to the portfolio
  

  Burlington, MA – November 14, 2008 – ClearPoint Metrics, the leader in performance management and metric solutions, today announced it is expanding its support of important security and business applications with the delivery of a set of new data adapters. These new adapters, delivered with the ClearPoint Metrics Security Performance Manager™, are the result of customer driven requests to expand their metrics and performance management initiatives to investments they have made in strategic applications and data sources. ClearPoint’s data adapters are the foundation of its customer's success with metrics fueling their ability to deliver reliable trustworthy performance indicators and risk assessments.
   
  "ClearPoint continues to expand its reach as a leader in performance management and metrics," said Jim Acquaviva, CEO of ClearPoint Metrics. "Data is the oxygen for metrics. Our customers demand reliable repeatable metrics based on hard facts and data to support their security assessments replacing manual compilation and self assessment questionnaires. Our regular quarterly release of new data adapters addresses both customer driven requests and the needs of our Metrics Application Packages. Access to new data sources enables our customers to continuously expand the breadth of their metrics efforts and deliver more value through their investment in our products."

  This month ClearPoint released new adapters for:

  · ArcSight ESM (Enterprise Security Manager)

  · Cisco Security Agent

  · McAfee Network Security Platform

  · SourceFire 3D System

  ClearPoint’s data adapters deliver secure data access that feeds metrics deployed to the ClearPoint Metrics Management Platform with the required data on-demand eliminating the need for implementing and maintaining complex data warehouse products. The Platform provides complete user control over access credentials, schedules, data set definitions, and metric design.

  ClearPoint’s portfolio of adapters enable users to fuse information together from a large number of critical security and business applications an transform it into useful decision making information including: threat managers, anti-virus, incident managers, intrusion detection and prevention, identity and access managers, asset managers, network/system managers, vulnerability scanners, vulnerability managers, and patch managers.

  About ClearPoint Metrics:

  
  ClearPoint is the IT and Information Security Performance Measurement Company. We're innovating scalable, high performance data collection, aggregation, analytics, and visualization technology for measuring the effectiveness of IT infrastructures. ClearPoint makes it possible to easily access, aggregate, and fuse together data from any application, server, or network device transforming it into useful information that leads to quality communications and confident decision making. Data from scanners, anti-virus, intrusion detection, LDAP directories, configuration managers, firewalls, service tickets … if an application produces it, ClearPoint can create useful performance metrics from it.

  Our innovative products take the cost and friction out of obtaining the hard facts and data required for actionable performance assessments. We make it possible for business managers to interact with information in the context of their environment and use it to drive improvement. ClearPoint Metrics is changing the way organizations drive improvement in IT and information security governance, risk, and compliance initiatives through the use of metrics and scorecards.

  www.clearpointmetrics.com.

• ClearPoint Metrics Forms Board of Advisors :
  world’s first ciso, computer security expert and praised author all provide strategic support
  
  CHELMSFORD, Mass. - September 28, 2008 - ClearPoint Metrics, a leader in performance management and metric solutions, today announced the selection of its Board of Advisors, comprised of distinguished IT and information security experts and practitioners.  ClearPoint’s advisory board was assembled to help ClearPoint better serve its customers and to capitalize on the company’s burgeoning opportunities in IT and information security performance management.  
  
  “ClearPoint looks to expand its reach as a leader in performance management and metrics,” said Jim Acquaviva, CEO of ClearPoint Metrics.  “The formation of ClearPoint’s advisory board brings together key industry experts to advance the strategic direction of the company and help drive product innovation as we continue to grow.  These individuals are outstanding strategists and experienced executives, and we are delighted to have some of their time and effort focused on ClearPoint Metrics.”
  
  ClearPoint Metrics’ board of advisors includes:
  
  Dr. Daniel Geer serves as Chief Information Security Officer at In-Q-Tel, not-for-profit investment firm that works to identify, adapt, and deliver innovative technology solutions to support the mission of the U.S. Intelligence Community.  Dr. Geer is an expert in computer security and has been recognized as a pioneer in the space for his insight into the critical issues that plague the security industry.  He has been featured in publications such as Network World, Search Security and InfoWorld.  Dr. Geer has served in multiple advisory roles for various organizations including the Federal Trade Commission, the Department of Defense, the Institute for Information Infrastructure Protection and more.  Dr. Geer will serve as the chairman of the ClearPoint Metrics advisory board.   
  
  Andrew Jaquith, lead security analyst at the Yankee Group and author of the recently released book, Security Metrics: Replacing Fear, Uncertainty and Doubt.  Mr. Jaquith has more than 15 years of IT experience and previously co-founded and served as the program director at @stake, Inc., a security consulting pioneer.  His research has been featured in publications such as CIO, CSO and IEEE Security & Privacy.  
  
  Stephen Katz, founder and president of Security Risk Solutions, an information security company providing consulting and advisory services.  He is the world’s first CISO and held positions at JP Morgan, Citibank/Citigroup and Merrill Lynch.  Mr. Katz is a prominent figure in the information security discipline and has been a leading force in increasing the visibility and shaping the direction of the security industry.  He also the founder and past chairman of the Financial Services Information Sharing and Analysis Center.   
  
  The advisory board will meet quarterly to conduct a review of the current market requirements and discuss how to best meet the needs of ClearPoint customers based on its best practice content strategy and software product roadmap.  In addition, the advisors will have opportunities to collaborate with ClearPoint’s prospects and customers.  
  
  About ClearPoint Metrics
  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor and communicate the state, business impact and effectiveness of their IT governance, risk and compliance initiatives.  As both regulatory and best practice frameworks mandate the use of metrics, ClearPoint delivers both the hard facts and data that evidence the existence and efficacy of internal controls and the executive views and scorecards that enable evaluation of performance and alignment with business objectives.  CIOs and CISOs of leading Global 2000 companies rely on ClearPoint Metrics software and best practice know-how to quickly and cost effectively implement a successful metrics initiative supporting their strategic imperatives and establishing a foundation for constant improvement in safeguarding their organization’s information assets. www.clearpointmetrics.com.
  
                                                              ###
• ClearPoint Metrics to Present at FS-ISAC Member Meeting :
  jim acquaviva, clearpoint metrics ceo, will speak on recent customer success implementing information security metric programs
  

  CHELMSFORD, Mass. - April 21, 2008 - ClearPoint Metrics, a leader in performance management and metric solutions, today announced that Jim Acquaviva, President and CEO, will be presenting at the upcoming 2008 FS-ISAC member meeting and conference being held May 5 to 7 at the Don Cesar Resort in St. Pete, FL.  ClearPoint Metrics is an Affiliate Member of the Financial Services Information Sharing and Analysis CenterFS-ISAC). 

  The FS-ISAC, in collaboration with the U.S. Department of Treasury and the Financial Services Sector Coordinating Council (FSSCC), serves to enhance the ability of the financial services sector to prepare for and respond to cyber and physical threats, vulnerabilities and incidents, and acts as the primary communications channel for the sector.  As a member-owned organization, FS-ISAC looks to include and accept only those companies that are leading the charge for secure data in the financial services sector. 

  FS-ISAC’s member meeting and conference brings together leaders in the financial services sector to share information and exchange ideas on issues and trends related to protecting critical infrastructure and information assets.  This year’s theme, “Enabling Preparedness: Charting the Threat Landscape”, sets the stage for tracks on crisis management, information security, compliance and more.  Acquaviva will discuss how leading Global 2000 companies are using the ClearPoint Metrics’ Security Performance Manager solutions to develop and implement IT and Information Security performance management and metrics programs. 

  ClearPoint Metrics’ Security Performance Manager and related subscription offerings equip global 2000 companies in the banking, insurance, brokerage and credit cards industries to reliably measure, monitor and communicate the state, business impact and effectiveness of their IT governance, risk and compliance initiatives.  Just as the FS-ISAC provides security alerts to its members for immediate information sharing to maximize each organization’s security posture, ClearPoint Metrics provides CIOs and CISOs with the hard facts and data from their disparate infrastructure systems to make better informed decisions on information security risk management. 

  About FS-ISAC
  Launched in 1999, FS-ISAC was established by the financial services sector in response to 1998's Presidential Directive 63. That directive - later updated by 2003's Homeland Security Presidential Directive 7 - mandated that the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure.  Constantly gathering reliable and timely information from financial services providers, commercial security firms, federal, state and local government agencies, law enforcement and other trusted resources, the FS-ISAC is now uniquely positioned to quickly disseminate physical and cyber threat alerts and other critical information to your organization. This information includes analysis and recommended solutions from leading industry experts.   www.fsisac.com. 

  About ClearPoint Metrics
  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor and communicate the state, business impact and effectiveness of their IT governance, risk and compliance initiatives.  As both regulatory and best practice frameworks mandate the use of metrics, ClearPoint delivers both the hard facts and data that evidence the existence and efficacy of internal controls and the executive views and scorecards that enable evaluation of performance and alignment with business objectives.  CIOs and CISOs of leading Global 2000 companies rely on ClearPoint Metrics software and best practice know-how to quickly and cost effectively implement a successful metrics initiative supporting their strategic imperatives and establishing a foundation for constant improvement in safeguarding their organization’s information assets.  www.clearpointmetrics.com.

• ClearPoint Metrics to Present at America’s Growth Capital Information Security Conference :
  industry thought leaders address information security in the it landscape
  
  CHELMSFORD, Mass. - March 31, 2008 - ClearPoint Metrics, a leader in IT and security performance management and metric solutions for governance, risk and compliance, today announced that James Acquaviva, CEO of ClearPoint Metrics, will present at the 4th Annual America’s Growth Capital Information Security Conference on April 7, 2008 in San Francisco, CA. 

  The conference, which takes place the day before the RSA Conference 2008, will feature presentations from executives of leading public and private information security companies, including Cisco, IBM, McAfee, Symantec, Acme Packet and more.  The day-long program of keynote topics, panel discussions and presentations serves to address the significance of information security in the IT landscape.  During his presentation, Mr. Acquaviva will provide an overview of the company and will address best practices to understand and communicate the security posture of an organization through the use of metrics and scorecards. 

  “The security industry is constantly evolving the innovations and developments of leading information technology and solutions providers, such as those in participating in the America’s Growth Capital Conference,” said Acquaviva.  “ClearPoint Metrics is participating in this industry innovation.  Our solutions are doing for CIO’s and CISO’s what integrated financial reporting and management systems do for the CFO -- providing concrete facts and trusted information that allow organizations to measure, monitor and communication the state, quality and effectiveness of an organizations security initiatives.” 

  About ClearPoint Metrics
  
  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor and communicate the state, business impact and effectiveness of their IT governance, risk and compliance initiatives.  As both regulatory and best practice frameworks mandate the use of metrics, ClearPoint delivers both the hard facts and data that evidence the existence and efficacy of internal controls and the executive views and scorecards that enable evaluation of performance and alignment with business objectives.  CIOs and CISOs of leading Global 2000 companies rely on ClearPoint Metrics software and best practice know-how to quickly and cost effectively implement a successful metrics initiative supporting their strategic imperatives and establishing a foundation for constant improvement in safeguarding their organization’s information assets.  www.clearpointmetrics.com.

• ClearPoint Metrics and FS-ISAC Host Information Security Roundtable :
  leading security executives set to discuss information security governance and performance metrics initiatives
  
  CHELMSFORD, Mass. - March 24, 2008 - ClearPoint Metrics, a leader in performance management and metric solutions, today announced that it will host an Information Security Executive Roundtable comprised of a distinguished panel of security executives on March 27, 2008 in New York City.  The roundtable, co-hosted by the Financial Services Information Sharing and Analysis Center (FS-ISAC), will be moderated by Andrew Jaquith, lead security analyst at the Yankee Group and author of the recently released book, Security Metrics: Replacing Fear, Uncertainty and Doubt.  
  
  This week’s roundtable participants include IT and security executives from top financial service, publishing and media companies, including Bank of America, Goldman Sachs, JPMorgan Chase, McGraw-Hill, Merrill Lynch, The New York Times Company and more.  The group is set to discuss and debate the issues involved with information security governance and performance metrics initiatives, such as aligning security initiatives with business objectives, designing and implementing a fact-based security performance management system, improving an organization’s security processes and determining the optimal level of security investment.  
  
  “ClearPoint Metrics has found that many security executives stay up at night pondering the same question: ‘Do I have what I need to safeguard my company’s information assets?’” said Jim Acquaviva, CEO of ClearPoint Metrics.  “Through this roundtable, we are aiming to provide an exclusive forum to help them answer this and other questions.  In turn, we can also share the insights ClearPoint has gained on this topic through working with FS-ISAC and its membership.   A special thanks to the FS-ISAC for co-hosting this important event, the first of more to come.”
  
  ClearPoint became an active member of FS-ISAC earlier this year.  Since 2006, ClearPoint Metrics has delivered solutions that enable IT and security executives in the banking, insurance, brokerage and credit card industries, to consistently and reliably measure, monitor and communicate the state, business impact and effectiveness of their overall IT governance, risk and compliance (GRC) initiatives.   The company recently announced an enhanced version of its Security Performance Manager and related packages.  ClearPoint Metrics provides CIOs and CISOs with the hard facts and data from their disparate infrastructure systems to make better informed decisions on IT initiatives and information security risk management.  
  
  About ClearPoint Metrics
  
  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor and communicate the state, business impact and effectiveness of their IT governance, risk and compliance initiatives.  As both regulatory and best practice frameworks mandate the use of metrics, ClearPoint delivers both the hard facts and data that evidence the existence and efficacy of internal controls and the executive views and scorecards that enable evaluation of performance and alignment with business objectives.  CIOs and CISOs of leading Global 2000 companies rely on ClearPoint Metrics software and best practice know-how to quickly and cost effectively implement a successful metrics initiative supporting their strategic imperatives and establishing a foundation for constant improvement in safeguarding their organization’s information assets.  www.clearpointmetrics.com.
  
  About FS-ISAC
  
  Launched in 1999, FS-ISAC was established by the financial services sector in response to 1998's Presidential Directive 63. That directive - later updated by 2003's Homeland Security Presidential Directive 7 - mandated that the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure.  Constantly gathering reliable and timely information from  financial services providers, commercial security firms, federal, state and local government agencies, law enforcement and other trusted resources, the FS-ISAC is now uniquely positioned to quickly disseminate physical and cyber threat alerts and other critical information to your organization. This information includes analysis and recommended solutions from  leading industry experts.   www.fsisac.com. 
  
• ClearPoint Metrics Announces Enhanced Security Performance Manager Solution :
  metrics and scorecards respond to industry needs to measure, monitor and communicate the effectiveness of grc initiatives
  

  CHELMSFORD, Mass. - March 17, 2008 - ClearPoint Metrics, a leader in performance management and metrics solutions, today announced Security Performance Manager™ V2.0, an integrated software and content solution, designed to enable IT and security executives to consistently and reliably measure, monitor and communicate the state, business impact and effectiveness of their overall IT governance, risk and compliance (GRC) initiatives.  
  
  Unlike approaches which rely on manual processes or cumbersome data warehouses that come with their own information security concerns as well as high costs, ClearPoint’s Security Performance Manager provides a complete, automated and cost-effective view of an organization’s security performance through the use of metrics and scorecards.  ClearPoint’s pre-built data adapters, metrics and scorecards allow CISOs and their teams to quickly and effectively launch and sustain an information security metrics initiative.  Now, security executives are able to monitor and communicate the progress of their information security initiatives with a reliable, consistent and auditable solution.
  
  “ClearPoint is doing for the CISO what integrated financial reporting and management systems do for the CFO,” said James Acquaviva, CEO of ClearPoint Metrics.  “Based on the best practices of our customers and industry experts, our solution allows customers to move beyond self assessments and surveys and deliver the hard facts and data that validate the state of their information security initiatives and enables better decision making.  For the first time, organizations can confidently evaluate their security investments within the context of the enterprise and proactively align their initiatives that safeguard information assets with their business priorities.”
  
  Recent best practice frameworks, including ISO 27000 and CobiT, are now prescribing or mandating metrics as a required component of certification, increasing the demand for solutions that help IT organizations create a centralized approach to managing risk and compliance, while simultaneously meeting governance objectives.  Security Performance Manager delivers on compliance requirements by automating IT and information security performance assessment, measurement and metrics that express the business impact of security investments, provide hard facts and data to verify the existence and efficacy of controls and demonstrate the alignment of IT and information security with an organization’s business objectives.
  
  According to the Forrester report, “Defining IT GRC” issued December 2007 and written by Khalid Kark, Marc Othersen and Chris McClean, “IT GRC initiatives have traditionally been scattered across the organization without any coordination or synchronization.  It is not uncommon for different business areas to develop their own solutions for the same requirement or for IT to deploy multiple technologies to address a common issue.  Not only do these separate initiatives create inefficiency, but these silos also make it very hard to assess and manage risks holistically.  As a result, there is a growing demand for solutions to help IT organizations effectively breakdown these silos and create a centralized approach to managing risk and compliance while simultaneously ensuring good governance.”
  
  ClearPoint’s Security Performance Manager includes best-practice content for specific security initiatives.  ClearPoint’s pre-built packages offer companies a fast, flexible and cost-effective way to deliver automated, consistent and authoritative information security metrics and scorecards.  Packages are easily customized and provide the data needed to support risk analysis and resource allocation decisions.  ClearPoint’s packages include:

  • Threat and Virus Management:  Provides managers with scorecards and metrics that give visibility of the management and performance of systems providing protection against internal and external threats and viruses.  The package metrics leverage data from enterprise AV, IDS and incident management systems and communicate results on scorecards around: the type and source of threats and virus; quantity and quality of remediation efforts; coverage and activity on intrusion detection systems; and quantity and outcomes of security incident responses.
    
    
  • Identity and Access Management:  Identity and access metrics provide visibility into the user base of an organization directly from directory systems and account management tools.  Then, scorecards show: trends in the number and types of accounts; when and how users access systems; aggregate provisioning/de-provisioning status; and key risks areas such as user rights to high value and sensitive assets.
    
    
  • Vulnerability and Patch Management:  Enables uses to detect, trend and manage existing concentrations of risk with metrics that access the results of vulnerability scanning, patch management and support ticket systems across the enterprise.  Scorecards assess the coverage and outcomes of the vulnerability scanning process; visualize the state and trends of the remediation of known vulnerabilities; and state the condition of patch application processes and the residual risks across the organization.
    
    
  • Compliance:  Provides scorecards that show: the current state, trends and effectiveness of key performance indicators for ISO 27002 controls and control areas; the profile of PCI DSS systems in an organization; the state and effectiveness of controls around the 12 PCI DSS requirements; and the state of SOX internal controls and material events around critical systems.  This package is a supplement to the three core packages.
    

  First available in 2006 and now updated, ClearPoint’s Security Performance Manager is built upon ClearPoint’s Metrics Management Platform, including the Metrics Design Studio, Metrics Production Server and Metrics Communication Server.  Together, they provide the tools to create and manage metrics and scorecards, automate the data collection across disparate data sources, and deliver a web-based portal for communicating scorecards to users.  Significant enhancements to the Metrics Management Platform include:

  • Improved Ability to Present Scorecards to Users:  Enhanced presentation views and design capabilities allow advanced control and flexibility for the end-user.
    
    
  • Significantly expanded set of data adapters:  New data adapters offer broad coverage and easy access to element tools, asset management systems and user directories.  With nine new adapters, ClearPoint supports over 35 vendor specific products and general purpose connectors for CSV files, ASCII logs, Excel, JDBC/ODBC, LDAP, JCA and web services.
    
    
  • Improved Metrics Production System:  In addition, the Metrics Management Platform offers improved processing scale with the ability to run multiple production servers.
    

  ClearPoint’s Security Performance Manager equips CIOs and CISOs at global 2000 companies across many vertical markets, including financial services and manufacturing, with the data needed to make intelligent decisions on information security management.  The upgraded packages and enhancements in 2.0 will help current and future customers quickly and effectively launch an information security metrics initiative, complying with the standards and mandates set by industry groups and regulators.
  
  Pricing & Availability
  ClearPoint Metrics’ Security Performance Manager packages are available immediately and pricing begins at $50,000 per package per year.  Enterprise licensing is also available.  Each package includes the Metrics Management Platform.  
  
  For more information on the Security Performance Manager, visit www.clearpointmetrics.com.
   
  About ClearPoint Metrics
  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor and communicate the state, business impact and effectiveness of their IT governance, risk and compliance initiatives.  As both regulatory and best practice frameworks mandate the use of metrics, ClearPoint delivers the hard facts and data that evidence the existence and efficacy of internal controls and the executive views and scorecards that enable evaluation of performance and alignment with business objectives.  CIOs and CISOs of leading Global 2000 companies rely on ClearPoint Metrics software and best practice know-how to quickly and cost effectively implement a successful metrics initiative supporting their strategic imperatives and establishing a foundation for constant improvement in safeguarding their organization’s information assets.  www.clearpointmetrics.com.

• ClearPoint Metrics Announces Sponsorship of Source Boston, a new security industry event :
  
  
  CHELMSFORD, Mass. - March 10, 2008 - ClearPoint Metrics, a leader in performance management and metric solutions, today announced that it will sponsor and participate in the upcoming security industry event, Source Boston, taking place March 12 to 14, 2008 at the Hyatt Regency in Cambridge, MA.  
  
  The ClearPoint Metrics, delivers a purpose built solution for CIO’s and CISO’s and their teams to implement an enterprise IT and information security metrics program. The Security Performance Manager is an integrated software and best practices content solution that fuses data from existing infrastructure tools and systems to enabling organizations to  consistently and reliably measure, monitor and communicate the state, business impact and effectiveness of information security initiatives.  
  
  ClearPoint Metrics is a sponsor of Source Boston and ClearPoint’s VP of Security Metrics, Andrew Sudbury, will be speaking on how to design and implement a successful security metrics program including what to measure, how to measure and how to communicate information security metrics initiatives across an organization.  
  
  “We are delighted to be sponsoring and participating in the new Source Boston security industry event,” said Jim Acquaviva, CEO of ClearPoint Metrics.  “This event is much needed and will be of great service to the IT and information security community. We look forward to sharing the insight and know how we have gained through working with Global 200 organizations on the best practices for measuring what matters and communicating business impact for security initiatives to executives and throughout the enterprise.”
  
  SOURCE is a new event for security professionals who want to gain industry knowledge from top industry experts.  Special keynote guest will be Richard Clarke, internationally recognized expert on security who served the last three U.S. presidents as a senior White House Advisor.  The SOURCE 2008 curriculum was designed by security experts with deep industry roots, including former members of @stake, the NSA, and L0pht Heavy Industries, the security think tank. The conference will help educate security and IT professionals and senior executives on the latest security trends while providing opportunities for attendees to network with industry thought leaders.  For more information see www.sourceboston.com.
  
  About ClearPoint Metrics
  ClearPoint Metrics solutions enable IT and Security executives and their teams to consistently and reliably measure, monitor and communicate the state, business impact and effectiveness of their IT governance, risk and compliance initiatives.  As both regulatory and best practice frameworks mandate the use of metrics, ClearPoint delivers both the hard facts and data that evidence the existence and efficacy of internal controls and the executive views and scorecards that enable evaluation of performance and alignment with business objectives.  CIOs and CISOs of leading Global 2000 companies rely on ClearPoint Metrics software and best practice know-how to quickly and cost effectively implement a successful metrics initiative supporting their strategic imperatives and establishing a foundation for constant improvement in safeguarding their organization’s information assets.  www.clearpointmetrics.com.
• ClearPoint Metrics to Host Executive Roundtable Addressing Pivotal Role of Measuring IT Security and :
  ciso guru steve katz to moderate the may 14th events
  

  CAMBRIDGE, Mass., May 1, 2007— ClearPoint Metrics, a leading provider of software that manages security performance through metrics, today announced it will host an executive roundtable on metrics as the foundation of an organization’s successful information technology (IT) security governance and performance management initiatives.  Moderated by Steve Katz, former security executive for multiple Fortune 500 corporations and a key security industry thought leader, two roundtables will be held on May 14, 2007. The first will be from 11:30 AM to 2 PM. at the Network Appliance headquarters in Sunnyvale, CA. The second will be  at Le Meridian Hotel from 4 to 7 on 333 Battery Street in San Francisco.  Only 12 attendees can be accommodated:  RSVP as soon as possible to Pam Brodt at 650-400-6864 or pam.brodt@theroundtablenetwork.com.  There is no cost to attend and appropriate refreshments will be served at each event.
  “Metrics are essential for driving positive change in behavior, processes and investments that mitigate risk, improve security and reduce unnecessary costs,” explained James Acquaviva, CEO of ClearPoint Metrics.  “This roundtable will explore best practices on how information security governance drives the need for fact-based security performance measurement through metrics, as well as new technologies that are automating the metrics effort.” 

  Steve Katz has been a leading proponent of IT security since 1985, as the Senior Security Executive for JP Morgan, Citibank/Citigroup and most recently, Merrill Lynch.  As moderator, he will discuss industry and government-level efforts to raise the visibility, and shape the direction, of IT security.  Topics to be addressed include:

  •        How do you develop and then implement a fact-based security performance initiative?

  •        What key performance indicators can you use to assess your success?

  •        How do you communicate the value and impact of security investments?

  •        Can you reduce the costs of reporting compliance and governance efforts through automation?

  •        How do you align security initiatives with business objectives?

  Security executives are challenged by how to integrate security into their existing IT management and governance structures.  This roundtable will provide guidance on gathering more accurate information about a firm’s security state, the value of different security investments and ways to improve, as well as build, internal security practices.
  For more information or to RSVP, contact Pam Brodt at 650-400-6864 or pam.brodt@theroundtablenetwork.com.

> Need help starting a security performance
assessment program? GO.

> Learn how to License ClearPoint On-Demand GO.

> Evaluate ClearPoint's Security Metrics as-a-ServiceGO.

> Evaluate ClearPoint's PCI Compliance as-a-ServiceGO.

> Download a free pdf "ClearPoint is..."GO.