1. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Rapid Response Retainer Service Overview

2. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2 Why Verizon Rapid Response Retainer? Computer security incidents continue to rise –Sensitive data breaches, corporate espionage, malware, hacktivism –Internal and external threats –No company or industry is immune to being attacked Not a matter of “if” but “when” you will have a computer security incident –How prepared are you? Benefits of the Rapid Response Retainer: –Trusted relationship established upfront – prior to an incident –Quick to engage: Contract already in place when you need us in an emergency –Guaranteed response SLAs, worldwide –Discounted hourly rates (vs. non-Retainer customers) –Ability to leverage Network-based Intelligence from the global Internet backbone No other forensic vendor offers this capability!

3. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3 Forensic Investigations Malware Analysis PCI Investigations (PFI) Mobile Forensics Electronic Data Recovery and Destruction eDiscovery and Litigation Support Network Intelligence RISK Team Services Reactive Services Verizon RISK team has investigated 8 of the world’s 10 largest data breaches!* Incident Response Plan Development First Responder’s Training Mock Incident Exercises Industrial Control Systems Cybersecurity Assessments IDS 2.0 and Netflow Analysis Watchlist Matching Incident Analytics Proactive Services *Source: http://www.idtheftcenter.com/

4. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4 RISK Team – Global Reach

5. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5 Rapid Response Retainer 24 or 48-hour investigator “in-transit” response North / South America, Europe/Middle East, Asia-Pacific Rapid Response SLA Multiple escalation channels Dedicated Investigative Liaisons Phone support until investigator arrives onsite Phone Response SLA IR Policy Review and “Gap” Analysis IR First Responder’s Training E-Discovery Policy Review and Training Upfront Discovery Access to Verizon’s Risk Intelligence Portal Weekly Intelligence Summaries, monthly Risk Briefings, whitepapers, Hot-or-Hype analysis, etc. Security Intelligence

6. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6 Triggering the Retainer Phone / remote support provided until investigator arrives onsite Incident Occurs Customer Calls Retainer Hotline Engagement Letter / Scope Objectives Investigator(s) In-Transit On-Site Delivery Commences Forensic Investigation and Documentation of Findings

7. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7 Retainer Engagement Letter Engagement Letter: -Defines scope and objectives -Obtains customer’s authorization -Ensures accountability -Filled out by a member of the Verizon RISK team after initial escalation call -Customer signs and returns to Verizon

8. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8 Retainer Onboarding Process Escalation Channels Engagement Process Investigative Liaisons Authorized Customer POC’s RRR Email Distro Risk Intel Portal Incident Reviews / Trigger Points Netflow / CIP Schedule Upfront Discovery o IR Plan Gap Analysis o First Responder’s Training Current IR Capabilities

9. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9 First Responder’s Training Topics Current State of Security Incident Response Fundamentals Evidence Handling / Chain of Custody Volatile Data Collection / Analysis Forensic Imaging Techniques Basic Forensic Analysis Malware Analysis for First Responders IR Mock Incident / Table- Top Exercise E-Discovery Training

10. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10 Rapid Response Retainer Annual SLA Pricing Response SLADescription Annual Fee (per region) 24-hour SLA The SLA guarantees an investigator will be in-transit to any location within North America, South America, EMEA, or APAC within 24 hours. £18K 48-hour SLA The SLA guarantees an investigator will be in-transit to any location within North America, South America, EMEA, or APAC within 48 hours. £15K The SLA program components are designed to help Customer enhance their ability to respond to incidents through: 1) quick response from Verizon’s Investigative Response team; 2) built in IR policy review and IR training through Upfront Discovery; and 3) access to Verizon’s Risk Intelligence. Additional Option DescriptionAnnual Fee NetFlow Option Verizon collects NetFlow data – from Verizon’s backbone – associated with Customer’s external IP address space, and maintains it for 30 days on a rolling basis. To be used as additional evidence source in investigations. £7K

11. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11 Rapid Response Retainer IR Hours Pricing T&M (pay-as-you-go) Flat rate @ £200/hour Upfront Flat rate @ £175/hour OPTION #1: Hours may be purchased on a T&M basis, whereby hours will be invoiced on a monthly basis, for services delivered in the month preceding. If Customer does not trigger the Retainer, hours are not billed. OPTION #2: Hours are purchased in a block, invoiced upfront. Unused hours will roll over if the SLA is renewed. Flexible Use: IR hours may be used for any RISK team services IR hours are used during engagements for which Customer triggers the Retainer service.

12. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Questions?