New Risk Glossary Terms

ABI
Association of British Insurers

Actares
Swiss small shareholder group.

CML
Council of Mortgage Lenders

Consob
Italian market regulator

Eliot Spitzer
Former governor of New York state. He built his career as District Attorney of New York tackling miscreants in the investment banking and insurance industries. Forced out of office following a scandal.

EVCA
Equity and Venture Capital Association

FAA
Federal Aviation Administration

Federal Aviation Administration
Regulator of the US airline industry.

GDR
Global Depository Receipt

Headstart
UK Hedge Fund

Market Timing
US illegal practice of trading in mutual fund companies after the daily fixed pric, profiting from knowledg of subsequent market moves that had not been in the price.

Prime Broker
Institution, usually an investment bank that offering a variety of services to hedge funds or other institutions.

Prime Brokerage
Bundle of services offered by an investment bank to large institutional clients or hedge funds. It is possible for a firm to have more than one prime broker. The firm is not obligated to put all of its business through the pri

Terra Firma
UK private equity firm.

IronKey Award

IronKey Inc., a provider of data and Internet security products, announced today that it has received the Best Security Product Award at the 2008 FOSE Conference and Exhibition.


Each year an expert panel reviews nominations to celebrate the best products and services used by the US government, state governments and associated agencies. This year, the FOSE panel selected from a pool of over 150 nominees in 13 categories. In the Best Security Product category, the judges select the product that is most effective at addressing the security vulnerabilities it was designed to reduce or eliminate. The winners were honored at an exclusive awards ceremony at the FOSE event on April 2, 2008 in Washington, DC and hosted on Federal News Radio.


"We are honored to be recognized by the judges at FOSE as the Best Security Product," said Dave Jevans, CEO at IronKey. "We have worked diligently to build the world's most secure USB flash drive, and this award validates the hard work and intense attention to detail we have poured into the product."


Featuring onboard military-grade AES hardware encryption to protect data stored on the device, the IronKey USB flash drives for personal, enterprise and government have been designed to be the world's most secure. The IronKey is available in 1, 2, and 4 gigabyte capacities, and can be ordered online at http://www.ironkey.com/ and through numerous online retailers, such as AcademicSuperstore.com, Amazon.com, Buy.com, CompUSA.com, eCost.com, NewEgg.com, OfficeDepot.com, PCconnection.com, PCMall.com, Staples.com and ThinkGeek.com.

Skywire Software

Skywire Software, a leading global provider of software and services to the insurance, financial services, and legal and professional services industries, today announced the appointment of Kimberly Horner as director of business development for worldwide channel sales. Horner will report directly to Mike McCurley, Skywire Software’s vice president of worldwide sales.

In her new role, Horner will focus on building and expanding Skywire Software’s channel sales in support of the company’s domestic and international growth targets. Skywire Software is a rapidly expanding software company with a global presence, with 650 employees and more than 2,400 customers in 45 countries worldwide.

“Skywire Software is a market leader in the verticals we serve, and our experience, expertise and penetration in these markets offer a compelling value proposition to channel partners,” said Horner. “Our partner program gives systems integrators, resellers, and consulting firms the opportunity to increase revenue with best-in-breed products and services that complement their own offerings. I look forward to working with our partners to grow revenue and strengthen market presence worldwide for the entire channel while serving the needs of our joint customers.”

Horner brings more than 14 years of key business development and channel sales experience to her new role. Prior to joining Skywire Software, she held senior business development, channel sales and marketing positions with international technology management companies Voyence, Inc. and DataCore Software, and with Sterling Software (acquired by CA Inc. in 2000). Most recently, she was responsible for building revenue-generating channels for international storage and security provider Crossroads Systems, Inc. Horner has an MBA from Pepperdine University and a BA from Texas A&M University.

“Kimberly is a proven relationship builder and sales leader in the software industry, adding bench strength to our expanding channel program,” said McCurley. “She will bring her expert knowledge of the market to bear on solidifying our presence among the key verticals we serve. As a company, Skywire Software is committed to retaining the best talent available. Kimberly’s addition to our team is an example of our commitment to building the best team in the business and providing deep domain expertise to our partners and customers.”

Risk Management Tools

3GSM World Congress Show
Conference for the 3G mobile industry. Held in 2006 in Barcelona.

ALM
Application Lifecycle Management

American-Style Option
Option contract which can be excercised at any time between the purchase date and the expiration date. Most commonly exchange-traded option in the U.S.

Application Access
Access to an application via direct connection, Web services or a terminal.

Application Controls
A type of control activity. Typically involve controls over processing of individual applications, ensure transactions are valid, properly authorized, completely and accurately processed.

Arbitrage
Simultaneous sale and purchase of identical or equivalent financial instruments or commodity futures to benefit from a discrepancy in their prices.

ATE
Automated Test Environment

ATM
Automated Teller Machine

Automated User Enrollment
Process to move user identity information over a network from a data source to a directory where it is needed.

BTO
Business Technology Optimization

By-name Authorization
From an individual username, connecting authorized access to a data target.

CISSP
Certified Information Systems Security Professional

Control Activities
One of five components of internal control according to the COSO Internal Control Framework. Also known as Control procedures.

Control Environment
One of five components of internal control according to the COSO Internal Control Framework

COSO Framework
Most widely used framework to assess the effectiveness of internal control.

COSO
Committee Of Sponsoring Organizations of the Treadway Commission

Data Confidentiality
Access to data is limited to the those with a need to know. All others are denied access.

Data Field Access
Access to one or more selected fields in a database.

Data Governance
The process by which companies govern appropriate access to and the use and transmission of their critical data by measuring operational risk and controlling security exposures.

Data Integrity
Accuracy and reliability of published and non-published information maintenance.

Database Access
Access to one or more data entries in a database.

Day Order
Order placed for execution within one trading session. Automatically cancelled if it can not be executed within the day.

Day Trading
Within one day establishing and liquidating the same position or positions. No positions should be established at the days end.

Derivative Security
Financial security whose value is determined in part from an another security's (the underlying security) value and characteristic.

Directory-enabled access controls
Controls over access to digital resources that is controlled by entries in a service directory

Distributed Enrollment
Process of enrollment conducted by persons at one or more remote locations acting as agents for enrolling end users.

DNS
Domain Name System

ECMA
Enterprise Content Management Association

EDI
Electronic Data Interchange

Entity Level
One of two levels at which internal controls can operate. Controls are implemented at the entity level if they have a pervasive effect on the control environment. An example is the recruitment and training policies of the company

ERM
Enterprise Risk Management

e-SSO
enterprise Single Sign-On.

Extranet Access
Access for employees and business partners to internal Web-enabled applications.

File Access
Access to the contents of a digital file.

FinAnalytica
Vendor of portfolio construction and risk management analytics

Financial Accounting Standards Advisory Council
Overseer of the Financial Accounting Standards Board.

Financial Reporting
Defined by the COSO Framework as:-

Finite Access Control
Control of end-user access for one username to specific resources.

GCRM
Governance, compliance and risk management.

Gen2
RFID standard setting interoperability and bandwidth technologies

General Controls
A type of control activity. Typically involve controls over data center operations, system software acquisition, system maintenance and access security.

Greenline Financial Technologies
specializes in providing technology innovation to the US and international financial services industry. Greenline's flagship product, VeriFIX(R), is recognized throughout the financial services industry as the

Group-membership Access
Assignment to a group sharing similar access rights.

IAPP
International Association of Privacy Professionals

Information and Communication
One of five components of internal control according to the COSO Internal Control Framework

Information Processing
In the context of Control Activities and Sec 404, performed to check accuracy, completeness and authorization of transactions. Broadly break down into two groups:- Application controls and general controls.

Information Systems Audit and Control Association
Publisher with Information Technology Governance Institute of the IT Control Objectives for Sarbanes-Oxley.

Information Technology Governance Institute
Publisher with Information Systems Audit and Control Association of the IT Control Objectives for Sarbanes-Oxley.

Internal Control - Integrated Framework
Formal name of the COSO Framework

Internal Control Deficiency
Occurs when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.

ISACA
Information Systems Audit and Control Association

ITA
Information Technology Architecure

ITGI
Information Technology Governance Institute

Material Weakness
A significant deficiency that, by itself, or in combination with other significant deficiencies, results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be

Monitoring
One of five components of internal control according to the COSO Internal Control Framework

NBA
Network Behavior Analysis

Network Access
Access to network connected resources.

NIAP
National Information Assurance Partnership

Nonrepudiation
Reducing an end-users ability to deny he was the one who authorized an action or sent a message.

Objectives
The COSO Framework defines three broad categories:- compliance with laws and regulations, financial reporting and operations. In relation to Sarbanes-Oxley the important one is financial reporting.

Omgeo TradeSuite
US trade confirmation service from Omgeo

Operations
Element in primary activities dealing with transforming inputs into the final product. Matching, assembly, packaging, testing and facility activities are all covered. Second stage in the value chain of primary activities. Lies betw

Outbound Logistics
Element in primary activities dealing with collected, storing and physically distributing the product to buyers. Including finished goods, warehousing, materials handling, delivery, order processing and scheduling. Third st

Password Reset
Replacing an existing password with a new one. The old password is cancelled. Task performed by the end user, help desk or an administrator

Password Synchronisation
Moving passwords and sometimes usernames from one repository to another using automated processes.

Physical Controls
A type of control activity. They involve the physical security of assets. They ensure adequate safeguards over access to assets and records.

Policy
1) Establishes what should be done. Part of the Control activities.

Privacy Protection
Creating and maintaining digital and/or physical barriers around an individual's personal information to prevent unauthorized access.

RCM
Records Compliance Management

Reduced sign-on
Using the same username/password combination to access every resource over multiple logon events.

RFID
Radio Frequency Identification

Risk Assessment
One of five components of internal control according to the COSO Internal Control Framework

Role Definition
Access authorization based on the job or work performed. Typically applied to a single person or a group sharing the same work.

Role-based access control
Controlling access bas only on the role definitios

SEC
Securities and Exchange Commission.

Section 104
Section of the Sarbanes-Oxley Act requiring the PCAOB to inspect registered public accounting firms on a regular basis

Section 302
Section of the Sarbanes-Oxley Act of 2002 requiring a certification to accompany each quarterly and annual report filed with the SEC.

Section 404
Section of the Sarbanes-Oxley Act of 2002 mandating CEOs and CFOs of public companies to evaluate and report on the effectiveness of an entity's internal control over financial reporting.

SecureLogin
enterprise Single Sign-On software tool from ActivIdentity

Segregation of Duties
A type of control activity. Different people are assigned responsibilities for authorizing transactions, recording transactions and maintaining custody of assets. The purpose is to inhibit the perpetration and concealmen

Self-Enrollment
End-user is permitted to enter his own identity information using an online process

Service Directories
Directories used to provide identity information and authorization data to a gatekeeper device or application.

Service
Business process activities dealing with providing service to enhance or maintain the value of the product, once obtained by the buyer. Installation, repair and supplying parts are all covered. Considered to be a primary activity in t

Single sign-on
Using the same username/password combination to access every resource from a single logon event.

SMTP
Simple Mail Transfer Protocol

SOX Express
Sarbanes-Oxley compliance suite from OpenPages

SOX
Shorthand for Sarbanes-Oxley.

SPI
Synthetic Portfolio Insurance

Summit FT
Treasury and capital markets software platform from Misys.

Support Activities
Part of business process activities support the primary activities in the value chain. Providing purchased inputs, human resources, technology and entity wide functions. Under value chain analysis support activities include

Synthetic Collateralised Debt Obligations
Repackaged portfolios of credit derivatives.

Technology Development
Support activity in value chain analysis. Included are basic research, product design and servicing procedures. The aim is to improve products, services and processes.

TS2
System proprosed by the ECB for a single securities settlements across the Eurozone.

Web Access Control
Internal controls limiting Web server and Web application access.

WKSI
Well-Known Seasoned Issuers

Workflow
Transferring and tracking of a work product as it passes from one person to to another for approvals or additional content, and each transfer is recorded.

The preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly.

Control policies and procedures to ensure actions identified as necessary for risk assessment are carried out. They have to be both established and executed for their effectiveness to be established. Control activities are made up of two elements, poli

Information, data or a device to which an end-user or other device requires access

Risks faced by the company have to be recognized. Objectives have to be set, integrated into the value-chain. To achieve the objectives, risks have to be identified, analyzed and develop methods to manage them.

Senior management have to set the tone at the top, that positively influences the control consciousness of entity personnel. Discipline and structure are generated by the control environment and is the central building block for the other components o

Systems surrounding the control activities. The accounting system counts as information and communication. Information needed to manage, control and conduct operations are captured by the entity.

The means through which the control process is monitored and improved via modification.

GBST Non-Exec

GBST Holdings Limited (ASX: GBT), a leading provider of software and services for the financial services industry, today announced the appointment of Mr David Adams as an independent non-executive director of the company.

Mr Adams brings to GBST a wealth of experience in all facets of the financial services industry. He was a director of Macquarie Bank from 1983 to 2001, and served as a member of the Bank’s executive committee and IT committee. He joined the Bank’s predecessor Hill Samuel Australia in 1980, where he established the first cash management trust, and started Macquarie Bank’s funds management business. He is also a former director of the Over Fifties Investment Group.

In 2000 and 2001, Mr Adams was chairman of the Investment & Financial Services Association, the national peak body that represents the retail and wholesale funds management, superannuation and life insurance industries.

Mr John Puttick, chairman of GBST said, “David’s financial industry knowledge and contacts will be a great asset for us as we continue to expand our share of the financial services market. His experience will help us to ensure that we anticipate changes in the marketplace and develop new services that add value for our clients. The expansion of the company’s board recognises our growth prospects and opportunities for future development.”

Mr Adams said, “I look forward to contributing to the board of GBST and the company’s growth. Turbulent markets have increased the focus on financial businesses’ need for efficient, accurate processing and risk management systems. There is significant opportunity for companies such as GBST, which has a strong track record in the technology and financial service industries. This is particularly the case in the wealth management sector, where progressive use of WRAPs is driving demand for integrated reporting services in Australia and internationally.”

Probability Increased of Risk Prosecution

Public demand for full accountability, including criminal charges if warranted, invariably follows accidental disasters like the recent collapse of a construction crane in midtown Manhattan that killed seven. However, for those who might be under investigation in these tragic accidents "there is good news and not-so-good news" says defense attorney Andrew J. Frisch, a former federal prosecutor and a partner at LeClairRyan in New York.


Writing in the April 2 issue of the New York Law Journal, Frisch says criminal investigations into accidental disasters in New York City over the past century -- starting with the 1904 fire on the steamboat General Slocum that killed 1,021 people and the 1911 Triangle Shirtwaist factory fire that killed 146 young women -- "have established two reasonable guideposts for owners, executives, managers and inspectors whose conduct comes under prosecutorial review."


First, "criminal liability for accidents only attaches when disregard or failure to perceive a substantial and unjustifiable risk of death constitutes a gross deviation from a reasonable person's standard of care," Frisch points out in the "Outside Counsel" column titled "New Basis for Executive Criminal Liability for Tragedies." And second, he says, fudging or falsifying facts shared with investigators "dramatically ups the odds of a criminal charge."


Neither guidepost has changed significantly over the past 100 years, Frisch notes, but persons being investigated must keep in mind marked shifts in the legal landscape that may impact the outcome of their cases.


"[T]he increased use of criminal process to address human failings over the past century," plus the introduction of "Sarbanes-Oxley and the severe sentences imposed on former executives of Enron, WorldCom and Adelphia [has given] voice to a far more voracious appetite for managerial accountability than previously existed," Frisch points out. Extensive media coverage "of noteworthy criminal trials [coupled with] greater public sophistication about the courts, makes successful prosecutions for accidental disasters far more likely now than they were decades ago," he writes. "The executives and managers who escaped conviction for their roles in New York City's two most horrific accidental disasters -- the 1904 fire on the steamboat General Slocum and the 1911 fire at the Triangle Shirtwaist Factory -- might not be so lucky today."


Frisch, whose practice at LeClairRyan concentrates on white collar criminal defense, previously was in charge of prosecuting environmental and public safety crimes (including the 2003 Staten Island Ferry crash) at the United States Attorney's Office for the Eastern District of New York. He has also served the Brooklyn District Attorney as Deputy Chief of the Environmental Crimes and Work Site Safety Bureau.


According to Frisch, parties being investigated in such tragic incidents should avoid engaging in any degree of deceit pertaining to such occurrences, and to instead adopt a stance of full disclosure or none at all. He cites the outcome of the case surrounding the October 15, 2003 crash of the Staten Island Ferry boat Andrew J. Barberi, in which 11 were killed and many others injured. As the boat neared the St. George Terminal that evening, the pilot-an insomniac who knew "he was too exhausted to work that day" and was "taking a regimen of medications he had concealed from the Coast Guard in obtaining renewal of his pilot's license" -- was alone at the helm, Frisch writes. Immediately after granting a deckhand permission to leave the pilothouse and attend to the Barberi's imminent docking, "the pilot nodded off, missed the nautical cue to decelerate and slammed a passenger deck of the vessel into a maintenance pier."


The investigation of the ferry disaster is a case study in the perils of attempting to deceive, Frisch says. "The Director of the Ferry Service told the National Transportation Safety Board that the absence of two pilots in the operating pilothouse was inexplicable given the Ferry Service's longstanding rule," Frisch relates, and advised the Coast Guard Investigative Service that he had always followed the rule when he had worked as a pilot. The Ferry Service's pilots told investigators, however, that no such rule had been publicized or routinely followed. Moreover, Frisch states, the Director's own former co-pilots said that the Director had himself not followed the rule. The Director's attempted cover-up helped prove his awareness of the risk of a pilot's sudden disability and his failure to discharge his duty to guard against that risk. Despite the Director's awareness of the risk of a pilot's sudden disability, he neither publicized nor enforced the rule nor any other measure to meet even the minimal standard of care. Upon the Director's guilty plea to seaman's manslaughter he was sentenced to a term of imprisonment of a year and a day.


"Criminal investigations have served the public well," Frisch concludes. "The investigations of the Triangle Shirtwaist Factory and the General Slocum led to new laws and rules for worker and passenger safety that protect us today, and the Staten Island Ferry's pilothouses will likely never again be staffed by a lone pilot. Owners, executives, managers and inspectors are powerless to avoid prosecutorial scrutiny after an accidental disaster. They are best served by complete candor or by complete silence, lest they help make the case against themselves and compound the sorrow of the survivors."

RSA Enhances Data Loss Prevention

RSA, The Security Division of EMC, today announced the advancement of the RSA Data Loss Prevention (DLP) Suite through new capabilities that are designed to allow customers to secure the sensitive information that is most critical to their businesses.

The RSA DLP Suite is engineered to provide unified, seamless data policy orchestration across the enterprise, allowing customers to discover and monitor sensitive data and apply the appropriate enforcement mechanisms to secure sensitive data across the IT stack.

"Securing data is an information management process. To be successful, data must first be identified and classified; different controls need to be applied to prevent the data's loss, and the enterprise-wide management of those controls needs to be as efficient as possible," said Dennis Hoffman, Vice President and General Manager, Data Security Group, and Chief Strategy Officer at RSA, The Security Division of EMC. "This release of the DLP suite is a major advancement in addressing this overall process in a holistic manner. The RSA DLP Suite is engineered both to provide the ability to orchestrate policies that secure sensitive data in the datacentre, network, and at the endpoints, and to provide one of the industry's most robust data discovery and detection capabilities, which are key to an organisation's ability to identify risk and protect against sensitive data loss no matter where the data resides. "

"DLP technology is one of the least understood tools on the security market, and there is a lack of consensus on what a DLP solution is actually comprised of. We define it as products and solutions that, based on central policies, identify, monitor and protect data at rest, in motion and in use, through deep content analysis," noted Rich Mogull, Founder, Securosis.com on Securosis.com. "A true DLP solution is one that will protect data over the course of its lifecycle and one that maps to business processes."

New Features Provide Accuracy and Scalability The RSA DLP Suite is one of the industry's most comprehensive data loss prevention solutions, and is designed to provide customers with the most robust database of policies to secure data for both regulatory (PCI, privacy laws) and non-regulatory (intellectual property, business strategy/operations data) security drivers. This design simplifies the integration of DLP technology into existing IT infrastructures. These capabilities along with the RSA DLP Suite's distributed grid architecture provide market leading accuracy and scalability. The DLP Suite includes RSA DLP Endpoint, RSA DLP Network, and RSA DLP Datacentre, with overall management of the Suite provided by the RSA DLP Enterprise Manager.

* RSA DLP Enterprise Manager - this new centralised DLP management console is engineered to provide centralised policy orchestration, unifying policy with
workflow, reporting and administration. Policies for the appropriate handling of sensitive data are defined by DLP Enterprise Manager and then are pushed out to the endpoints, network or datacentre. The centralised incident workflow and extensive reporting capabilities is designed to simplify integration with existing IT practices, lowering total cost of ownership.
* RSA DLP Endpoint is built to provide advanced protection from sensitive information leaving off endpoints. DLP Endpoint - Discover is engineered to locate sensitive data on desktops and laptops, while the new DLP Endpoint - Enforce prevents sensitive data from being copied, printed, saved to CD/DVD or USB ports. It provides content-aware enforcement using context to analyse data. This feature is built to minimise the disruption to end users who have a legitimate business requirement to copy data from their laptop while insuring that sensitive data is not leaked off endpoints in accordance with security policy.
* RSA DLP Network is designed to locate sensitive data travelling over the network such as email, IM, or webmail traffic, and then applies the appropriate action such as block, quarantine, or encrypt.
* RSA DLP Datacentre is engineered to discover sensitive, unprotected data in the data centre and provides a range of remediation options and can work in conjunction with other products in the RSA Data Security System, such as the RSA File Security Manager, which is designed to provide the ability to audit user access to sensitive files or folders, and then enable role based access controls using encryption.

The RSA DLP Suite also is engineered to provide broad, international DLP support. For international organisations and multinational companies, the DLP Suite is designed to provide comprehensive, pre-packaged policies for international markets that map to important international data regulations and non regulatory security drivers. Out of the box, it comes with a database of more than 100 different policy templates for a range of security drivers.

Getting Started With Data Loss Prevention Technology For organisations who are seeking guidance with their data security strategy, understand potential risks associated with the loss of sensitive data, or feel that the task of securing all sensitive information is too costly, RSA is introducing the RSA DLP RiskAdvisor Service. With RSA DLP RiskAdvisor, organisations can quickly gain visibility into where sensitive data is unprotected and be given concrete remediation recommendations to reduce the risk of sensitive data loss. The high impact service helps customers prioritise their needs based on business risk and delivers measurable results in preventing data loss.

Customer Validation
Meridian Health is a family of not-for-profit health care organisations that include home care agencies, long-term and assisted living communities, ambulatory care, ambulance services, and occupational health located throughout Monmouth and Ocean counties in New Jersey. Meridian Health is the regional provider of trauma services and cardiac surgery, and recently deployed RSA DLP Network and RSA DLP Endpoint to protect sensitive data.

"At Meridian, we are entrusted with the private information of patients, employees and vendors, as well as the protection of proprietary business information. Our goal with DLP technology was to find a solution that would detect and prevent the unauthorised transmission of data, as well as identify and remedy potential areas of risk or non-compliance prior to an incident," said Catherine Gorman-Klug, corporate director, privacy and data security for Meridian Health. "Deploying RSA DLP Network and RSA DLP Endpoint was instrumental in helping us assess where personally identifiable information resided across our network, and heightened awareness across Meridian Health of the need to protect data. The solution also helps us in ongoing regulatory compliance. It's currently monitoring close to 4,000 email users as well as close to 11,000 team members and physicians."

Powering RSA's Data Security System
The RSA DLP Suite also provides the strategic hub for the RSA(tm) Data Security System, a set of products and services that implement a holistic approach for securing data. The Data Security System is designed to enable customers to discover and monitor sensitive information; enforce controls, such as encryption and data loss prevention, and report and audit to prove that sensitive data is secure. The RSA DLP Suite is engineered to provide policy orchestration for the RSA Data Security System, enabling other data control and audit mechanisms from RSA, EMC and 3rd parties, to be leveraged as part of a holistic process. The DLP Suite enables organisations to define policies centred around the data itself, and leverage control mechanisms throughout the infrastructure to remediate risk and enforce policy.

Chinese Bank Deal For Diebold

With a solution powered by Diebold, Incorporated (NYSE:DBD) , customers of the Agricultural Bank of China can now interact effortlessly with their financial institution through an expanded self-service network that includes an additional 1,400 Opteva(R) automated teller machines (ATMs) and Bulk Cash Recyclers. This relationship with Diebold provides Agricultural Bank of China a greater reach into its widespread customer base, which will benefit from the many new banking services and enhanced accessibility the Opteva 328 ATM offers.

"Agricultural Bank of China's partnership with Diebold also furthers the financial institution's efforts to grow its self-service network, assisting in accelerating branch transformation and strengthening market share," said Daniel Hu, Diebold's vice president and managing director, North Asia and China. "Diebold prides itself on offering innovative solutions that will position financial institutions with the necessary resources to meet any end- user need."

The launch of the new Diebold Opteva ATM fleet will enable customers to make hassle-free deposits without the need for a banking card. This allows farmers and other agricultural workers to transfer funds without a card to their families, who traditionally live in remote rural areas, for easy withdrawal from Agricultural Bank of China's branches using an ATM card. Diebold's innovative solution will streamline these customers' transactions, improving the nature of banking for China's agriculture industry.

Agricultural Bank of China is among the four largest state-owned commercial banks in China, with more than 31,000 branches and banking offices across the country. Its focus has been on improving productivity and reducing costs while better serving its growing customer base. Abroad, Agricultural Bank of China is listed as one of the World's Top 500 companies by Fortune.
Diebold's well-tailored strategy has assisted the bank in implementing a self-service solution that offers its customers the advanced functionality they require. This partnership also will help the bank build stronger, more lasting relationships with customers, which aligns well with its strategy to improve efficiencies while facilitating growth.

"An additional benefit for the financial institution is Diebold's unparalleled service offerings," Hu said. "These services will provide the support necessary to simplify Agricultural Bank of China's transition to a larger self-service network and will allow the financial institution to optimize its long-term strategy through enhanced accessibility, improved uptime and increased profits."

NovaShield anti-malware

NovaShield, Inc., a leader in advanced anti-malware technology, today launched a free 60-day trial version of its cutting-edge anti-malware product, NovaShield AntiMalware, for both Windows XP and Vista. Developed to detect rapidly morphing and sophisticated malware threats such as drive-by-downloads, Trojans, keyloggers and rootkits, NovaShield's leading anti-malware technology has been awarded two grants from the National Science Foundation (NSF) for the commercialization of its breakthrough research in PC security and protection.

"Today, the newest strains of malware often slip past traditional anti-virus defenses," said Dr. Jon Giffin, a noted security researcher and member of the faculty in the School of Computer Science at the Georgia Institute of Technology. "PC users now need advanced anti-malware software to protect them from cybercriminals working to infect and control personal computers and to steal personal information. A threat detection approach that is not reliant upon signatures would help protect these users from emerging forms of malware."

NovaShield's specification-based monitoring approach relies upon detecting a program's malicious behavior rather than relying upon some previously recognized pattern or signature in the malicious program. This ability to monitor the activities of a program and to recognize when these activities match the high level behavior of sophisticated malware enables NovaShield to catch threats that might otherwise avoid detection from current signature-based and anomaly-detection based software.
In January, Google's Anti-Malware Team reported that one in every 1,000 pages of the World Wide Web contains malicious drive-by-downloads that automatically install and run malware to exploit browsing visitors. Website features such as videos, advertisements and blogs provide new avenues for hackers to hide phishing schemes and malware. Signature-based anti-malware products require a computer to be infected before a signature can be written to prevent against future attacks of the same strain. This often leaves PC users vulnerable to emerging threats during a time known as the window of exposure. In crawling the web sites of over 95,000 suspicious web sites over a period of several months, NovaShield security researches were able to detect hundreds of new threats with NovaShield AntiMalware that were not detected by leading signature-based anti-virus programs. The median time for a vendor to obtain signatures for these threats, i.e. the window of exposure, was at least 19 days. Recent data from a leading anti-virus vendor reports that the median window of exposure for all threats was 55 days in the 1st half of 2007.

The root cause of this wide window of exposure is obvious when looking at recent test results conducted by Av-test.org, a leading organization in the testing and analyzing the range of anti-virus software, which showed a shocking 500 percent increase in malware variants from almost 1 million in 2006 to over 5 million in 2007. Over a five-year window from 2002 to 2007, the number of such variants rose by a factor of 25. This trend is a big problem for a signature-based approach because a signature must be generated for many, if not all, of these variants. A behavior-based approach, on the other hand, can potentially detect the presence of an unlimited number of these variants with the same behavior profile. The inexorable growth in malware variants thus makes a robust behavior-based solution no longer just a nice "add-on," but a "must-have" feature for better protection and security.

CACI C4ISR Contract Win

CACI International Inc (NYSE:CAI) announced today that it has been awarded a $26.8 million task order contract by the U.S. Army's Research, Development and Engineering Command to provide engineering support for the Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) On-The-Move Product Management Office. CACI competed for this four- year award (one base year, three option years) through the Strategic Services Sourcing (S3) contract vehicle the company holds with the U.S. Army. With the award, CACI continues growing its core business in C4ISR solutions.

The C4ISR On-The-Move Product Management Office provides a relevant environment/venue to assess emerging C4ISR technologies in a network-centric environment in order to reduce and mitigate risk for Future Combat Systems (FCS) concepts and to accelerate technology insertion into the current force.

Activities that Team CACI supports range from large-scale demonstrations and explorations conducted at Fort Dix, NJ; the Naval Air Engineering Station, Lakehurst NJ; and other installations as needed; as well as other smaller- scale technical explorations and tests. During these activities, technology developers from governmental agencies, academia, and the commercial sector are provided an opportunity to evaluate the performance of their systems in a structured, low-risk manner, in conditions not ordinarily available within their development environment. These technologies include unmanned air systems and ground vehicles, unattended ground sensors, battle command systems, and next-generation voice and data communications systems. Throughout, CACI and its teammates continue to focus on providing technical, systems engineering, analysis, and program management support that enable these events to meet U.S. Army standards of timeliness, accuracy, and efficiency.

CACI President of U.S. Operations Bill Fairl said, "CACI is pleased to continue providing the C4ISR On-The-Move Product Management Office with low- risk, high-quality technical and management support to help assess emerging technologies. We have assembled a world-class team and offer a seamless transition of personnel and services. We provide proven processes for evaluating technologies quickly and effectively, and can facilitate technology maturation and ultimate fielding to the warfighter."

According to Paul Cofoni, CACI's President and Chief Executive Officer, "CACI has designed our comprehensive services and solutions to support national security and defense needs at every level. This includes providing innovative approaches to help the U.S. Army get the best and most up-to-date technologies to our troops. CACI's support for C4ISR technologies helps our military stay one step ahead of our adversaries, by continually enhancing the government's ability to gather and act on vital information."

Chief Risk Officer at PrivateBancorp

Kevin Van Solkema has joined PrivateBancorp, Inc. (NASDAQ:PVTB) as chief risk officer responsible for overall risk management encompassing credit, operational and enterprise risk and loan review, it was announced today. He was also named a managing director and chief risk officer of The PrivateBank-Chicago, a unit of PrivateBancorp, as well as a member of the executive management committee.

Previously, Van Solkema served as deputy chief credit officer for LaSalle Bank N.A., Chicago.

"We are pleased that Kevin has joined our team. He is a very seasoned professional who will contribute greatly as we continue our growth of middle market commercial relationships," said Larry D. Richman, President and Chief Executive Officer of PrivateBancorp, Inc. and The PrivateBank-Chicago.

Prior to his tenure as deputy chief credit officer for LaSalle Bank, Van Solkema served as head of consumer risk management for the North American business unit at ABN AMRO/LaSalle Bank, where his responsibilities encompassed credit and operational risk management activities for ABN AMRO Mortgage Group and LaSalle Bank's consumer lending and portfolio mortgage units. Previously, Van Solkema managed LaSalle Bank Midwest's commercial loan workout group. Van Solkema began his career in 1983 at Michigan National Bank, rising to head of risk management at that institution.

Van Solkema holds an MBA in finance from Michigan State University, East Lansing, MI and a BBA degree in accounting from Grand Valley State University, Allendale, MI.