1. MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Information System Security Services In today’s competitive marketplace, facilitating electronic access to business information is a key factor in meeting Enterprise mission goals and objectives. But allowing unauthorized access to that same information can be disastrous. Hence, more so than ever before, securing a Corporation or Agency’s assets, facilities and information is an absolute necessity. Mainstay Enterprises, Inc. specializes in the evaluation of Enterprise Information Infrastructures for Government & Commercial Clients, and in the formulation/implementation of Security Plans/Policies/Procedures, Technical and Operational Security Safeguards, and Security Awareness/Training. Security Assessment  Vulnerability/Risk Assessments  Safeguard Cost/Benefit Analysis  Security Test & Evaluation  Penetration Testing using Client- Approved Rules of Engagement  Computer Forensics  Certification & Accreditation Documentation per DITSCAP, DIACAP, NIST, SCAP, and other Fed./Commercial Formats Risk Mitigation  Security Policy & Procedures  Security Awareness & Training  Security Documentation (Security Plans, Risk Management Plans, etc.)  Technical Controls (Firewalls, VPNs, Intrusion Detection, PKI, Smart cards, Biometrics, etc.)  Business Continuity & Disaster Recovery Plans MAINSTAY ENTERPRISES, INC. 209 West St., Suite 204 Annapolis, MD 21401 (301) 261-2655 www.mainstay-ent.com Contact: Mr. William Bigno (703) 967-9015 bbigno@mainstay-ent.com

2. MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Data Collection/Interviews – Conducted to identify existing system/security architecture, Assets, Threats, Vulnerabilities, Plan/Policy/Procedure implementation & effectiveness, and Mission Criticality and Requirements. Technical Vulnerability Assessment – Conducted through the use of automated tools and manual scripts. The system environment, design and operations are tested and non-intrusively scanned to identify technical vulnerability and recommend remediation activity. Risk Assessment – Conducted to provide a quantitative assessment of the possible loss that could be realized in the event that a threat action is successful. Identifies and assesses Assets, Threats, and Vulnerabilities. Results utilized to prepare a Cost/Benefit Analysis of potential mitigation. Security Test & Evaluation/Penetration – Conducted to aid in the evaluation of safeguards currently in place, in order to determine their effectiveness. Also conducted after implementation of security recommendations to evaluate their overall effectiveness. Recommendations – Multiple options provided to Client Management in a Cost/Benefit scenario, so that cost-effective, informed decisions regarding implementation may be made. MAINSTAY INFORMATION SECURITY ASSESSMENT METHODOLOGY MAINSTAY ENTERPRISES, INC. 209 West St., Suite 204 Annapolis, MD 21401 (301) 261-2655 www.mainstay-ent.com Contact: Mr. William Bigno (703) 967-9015 bbigno@mainstay-ent.com Documentation – System Security Authorization Agreement (SSAA), Risk Assessment Report, Information System Security Plan, Remediation Plan, Security Test & Evaluation Plan/Report, etc. Process Requirements DITSCAP/DIACAP NIST NIACAP FAA SCAP VA ITSCAP AFSSI 5024 Other Automated Toolsets Scanners/Vulnerability Assessment Tools (Windows, Unix/Solaris &Macintosh Environments) Risk Assessment & Questionnaires ST&E/Penetration Test Tools & Scripts Documentation Templates

3. MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” MAINSTAY ENTERPRISES, INC. 209 West St., Suite 204 Annapolis, MD 21401 (301) 261-2655 www.mainstay-ent.com Contact: Mr. William Bigno (703) 967-9015 bbigno@mainstay-ent.com MAINSTAY INFORMATION SYSTEMS SECURITY RISK MITIGATION Mainstay provides its Clients with Risk Mitigation Strategies that help to protect the confidentiality, integrity and availability of Enterprise Assets. Our experience ranges from the creation of Agency-Level Security Policy and Risk Management Plans to the implementation of detailed Technical Solutions for Identification & Authentication (I&A), Intrusion Detection, Red Team/Blue Team Support, and Secure Remote Access. Recommendations are made based upon the Client’s mission criticality and requirements. By presenting remediation recommendations using a Cost/Benefit Analysis, we are able to provide Management with the means to make an informed decision on which risks are acceptable, and which must be remediated. Management Controls Technical Controls I&A Controls Virus Detection/Prevention Intrusion Detection Secure Network Design Secure Remote Access Techniques Security Awareness & Training Emergency Response Teams Disaster Recovery Simulation & Training Computer Forensics (Blue Team) Security Policy & Procedures Contingency, Continuity Of Operations & Disaster Recovery Plans Security Guides & Handbooks Incident Response Concept Of Operations Operational Controls

4. MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Physical Security Services The modern world has become increasingly dangerous, and threats to our Country’s infrastructure have become both more complex, and more diverse. Today, targets may include Airports, Aircraft, Train Stations, Trains, Maritime Facilities, Docks, Schools, Hospitals, Warehouses, Office Buildings and the people within them. Threats are only limited by the imagination of the attacker, while the vulnerabilities that they exploit are only limited by the security measures in place. Mainstay Enterprises, Inc. is focused on assisting our Clients in evaluating their inherent vulnerabilities to realistic threat scenarios, and in developing and implementing Defense In Depth strategies to help safeguard their assets. Security Analysis  Pre- or Post Construction  Five-Step Methodology Blueprint Evaluation Site Survey Risk Assessment Penetration Exercises Safeguard Recommendations Security Implementation  Defense In Depth Solutions that create multiple barriers to the successful completion of an attack  Force Protection Techniques that maximize survivability in the event of an attack MAINSTAY ENTERPRISES, INC. 209 West St., Suite 204 Annapolis, MD 21401 (301) 261-2655 www.mainstay-ent.com Contact: Mr. William Bigno (703) 967-9015 Bbigno@mainstay-ent.com

5. MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” Blueprint Review – Consists of checking existing Blueprints to identify Crawl Spaces, Electrical Demark, Communications Demark, Access Points, and Egress Points. Also identifies construction abnormalities which can be used to attack the facility. Site Survey – Conducted to better understand the environment in which a facility is or will be built. Includes Geographic, Demographic, Photographic, Landscaping, Cover and Concealment, Lighting and Adjacent Structures. Risk Assessment – Conducted to provide a quantitative assessment of the possible loss that could be realized in the event that threat action is successful. Identifies and assesses Assets, Threats, and Vulnerabilities. Results utilized to prepare a Cost/Benefit Analysis of potential Safeguards. Penetration – Conducted to aid in the evaluation of safeguards currently in place, in order to determine their effectiveness. Also conducted after implementation of security recommendations to evaluate their overall effectiveness. Recommendations – Multiple options provided to Client Management in a Cost/Benefit scenario, so that cost-effective, informed decisions regarding implementation may be made. MAINSTAY PHYSICAL SECURITY ANALYSIS METHODOLOGY MAINSTAY ENTERPRISES, INC. 209 West St., Suite 204 Annapolis, MD 21401 (301) 261-2655 www.mainstay-ent.com Contact: Mr. William Bigno (703) 967-9015 Bbigno@mainstay-ent.com

6. MAINSTAY ENTERPRISES, INC. “We Support Your Security Needs” MAINSTAY ENTERPRISES, INC. 209 West St., Suite 204 Annapolis, MD 21401 (301) 261-2655 www.mainstay-ent.com Contact: Mr. Barry Bendel (703) 587-8130 bbendel@mainstay-ent.combbendel@mainstay-ent.com or Mr. William Bigno (703) 967-9015 bbigno@mainstay-ent.com MAINSTAY PHYSICAL SECURITY IMPLEMENTATION TOOLS & TECHNIQUES Management Controls Security Policy Security Procedures Contingency & Disaster Recovery Plans Operational Controls Security Awareness & Training Emergency Response Teams Personnel Background Checks Technical Controls Access Controls Surveillance Early Warning Physical Barriers Management Controls Security Policy Security Procedures Contingency & Disaster Recovery Plans Management Controls Security Policy Security Procedures Contingency & Disaster Recovery Plans Management Controls Security Policy Security Procedures Contingency & Disaster Recovery Plans Operational Controls Security Awareness & Training Emergency Response Teams Personnel Background Checks Operational Controls Security Awareness & Training Emergency Response Teams Personnel Background Checks Operational Controls Security Awareness & Training Emergency Response Teams Personnel Background Checks Technical Controls Access Controls Surveillance Early Warning Physical Barriers Technical Controls Access Controls Surveillance Early Warning Technical Controls Access Controls Surveillance Early Warning Communications Mainstay provides its Clients with Defense In Depth Strategies that implement the creation of defensive barriers which act in a delay or denial posture to hinder or prevent successful completion of an attack. By creating multiple barriers for an attacker to negotiate, the deterrence factor alone may allow ample time for response, or for security forces to intercede, thus denying the attack. The use of Force Protection Techniques as a part of the Defense In Depth Strategy allows special emphasis to be placed on the safety and security of a Client’s Staff, Management Team and Client Family Members. Protective Barriers