BVEW Bindview Development Corp (MM)

Joining forces to promote a better understanding of global IT security compliance requirements, BindView Corp. (Nasdaq:BVEW), the Computer Security Institute (CSI) and The Institute of Internal Auditors (IIA) announced today the formation of a new organization dedicated to developing metrics that provide performance measurements for meeting IT security compliance. The Security Compliance Council will conduct extensive research that provides performance measurement guidelines based on evolving regulatory best practices in organizations throughout the world. The new Council comprises experienced leaders with a vested interest in helping organizations define the roles and responsibilities of the IT security professionals who are tasked with facilitating compliance through corporate security functions and IT controls. Recognizing that IT security compliance is a costly, ongoing and critical business function that contributes to an organization's long-term growth and success -- and also involves IT security tasks that require consistent activities -- the Council will provide research guidance on innovative methods for implementing best practices that reduce compliance costs and improve overall IT security. Founding members of the new Council include BindView Senior Vice President Steve Kahan who will serve as President; BindView's James Hurley, who serves as Executive Vice President of Research; Chris Keating, Director of the Computer Security Institute (CSI); and Dave A. Richards, CIA, President of The Institute of Internal Auditors (IIA). "Estimates for 2005 suggest that compliance will exceed $15 billion in the U.S. alone, and the cost and complexity of meeting regulatory compliance requirements continue to escalate. Concurrently, organizations around the globe face mounting pressures to contain expenses and demonstrate due diligence," said Kahan. "Each Council member is a proponent of IT security compliance as a contributing factor to organizational success and shareholder confidence. We must identify new, more practical methods for implementing lower cost security and compliance to meet today's regulatory requirements. This will be the primary goal of our research pursuits." "Protecting IT assets is the cornerstone of the work we do at CSI," said Keating. "Now more than ever, the convergence of security and compliance means that companies around the world must focus significant attention on how they allocate their resources to protect their global networks. We heartily endorse the work of the Security Compliance Council and look forward to providing our members with tangible research to aid their efforts." According to The IIA's Richards, "Thousands of companies met Section 404 requirements for the first time with their March 2005 10K filings, and 20 percent of their time was spent documenting controls, while another 15 to 20 percent was spent remediating that documentation. These time-consuming exercises will require both automation and the implementation of best-practice principals to curb the time and costs associated with meeting the important regulatory requirements." Research Guidelines Research will be conducted by James Hurley, a former industry analyst with The Aberdeen Group and a recognized authority on IT security and compliance. Hurley, a member of the BindView RAZOR research team of compliance experts, will deliver unbiased findings and recommendations based on primary research. The research will combine blind, quantitative findings with in-depth interviews focused on delivering fact-based guidance, including steps to improve performance results in the areas of security, compliance and risk management. The Council will deliver tangible business value for security, compliance, risk management and related technology-enabled business procedures. The research will be published and distributed through the Council and will adhere to the guidelines of the Council of American Survey Research Organizations (CASRO). Only aggregated data for analysis, published research data, reports and insights will be used in the research, and no personally identifiable respondent data will be disclosed. Through continuous performance research, benchmark research, maturity index research and business alignment research, the Council will deliver a unique mix of fact-based findings, tools and pragmatic advice to assist security, compliance and risk management executives in making improvements. Surveys on the first two benchmarking reports -- "The CSO's Security Compliance Agenda" and "U.K. Security Spend and Performance Benchmark" -- begin this week. Interested participants will be able to access the survey at any of four websites: www.bindview.com; www.theiia.org; www.GoCSI.com or www.securitycompliance.com. All research participants will receive a free copy of the research to benchmark where they stand vis-a-vis their industry peer groups. The Council's website at www.securitycompliance.com will serve as the archive repository for research and will be the primary source for content and resources for benchmarking and improving security compliance to protect information assets and demonstrate due care. About BindView BindView Corporation is a global provider of IT security compliance software. BindView solutions remove barriers that limit an organization's ability to cost effectively demonstrate due care and maintain compliance with IT security policies and regulatory mandates. BindView policy compliance; vulnerability and configuration management; and directory and access management software combine best-practices knowledge with automated controls to reduce risk and protect IT assets at the lowest cost across users, systems, applications and databases in multi-platform environments. More than 20 million licenses have shipped to 5,000 companies worldwide, spanning all major business segments and the public sector. Contact BindView via e-mail at info@bindview.com, on the web at http://www.bindview.com, and at 1-713-561-4000 or 1-800-749-8439. About CSI Established in 1974, the Computer Security Institute is the world's leading international membership organization specifically dedicated to serving and training the information, computer and network security professional through a wide variety of educational programs, training and publications. The CSI Annual Computer Security Conference & Exhibition is the longest-running and most respective conference in the industry. The CSI 32nd Annual Conference & Exhibition will be held November 14-16 in Washington, DC. For more information about the Computer Security Institute or the CSI 32nd Annual Conference, visit GoCSI.com, contact Computer Security Institute at 415-947-6320; e-mail csi@cmp.com; or fax 415-947-6023. About The IIA Established in 1941, The IIA has more than 100,000 members worldwide. It serves as the internal audit profession's global voice, recognized authority, acknowledged leader, principal educator, and chief advocate. The Institute monitors legislation, regulations and pronouncements of other professional organizations throughout the world on matters that directly or indirectly impact the practice of internal auditing. It provides the International Standards for the Professional Practice of Internal Auditing and offers a variety of leading-edge professional development opportunities, a comprehensive certification program, thorough quality assessment services, benchmarking surveys, and valuable research reports and educational products through The IIA Research Foundation.