1. IEEE Electronic Security Initiative 2005 Security Assessment Email & Security Services Department

2. 2005 Security Assessment Goal: Assess the security of the IEEE Internet facing systems and applications and take steps to mitigate/remediate exposures.

3. 2005 Security Assessment Scope: Perform non-intrusive attack and penetration testing (real-world risk analysis) Internet Analog Phones Dial-Up (War Dialing) Wireless Web Applications (Renewal, Catalog & Xplore) Locations: NY and NJ Other locations will be considered in the future (DC/CA)

4. 2005 Security Assessment l ACR l Akibia l CGS l CRT l Ernst & Young ** l Gotham Technology Group l IBM l Internet Security Systems (ISS) l MCI l Mellilo l Sun Microsystems l ETSEC Vendor Selection 12 Vendors responded to the RFP ** Giuliani Partners Advanced Security Center

5. 2005 Security Assessment Selected Vendor: Ernst & Young, LLP Giuliani Advanced Security Center Reason: Ernst & Young methodology and vulnerability tests combined with their staff skills are designed to provide a broad understanding of the potential security issues that could affect the security of the IEEE systems and services.

6. 2005 Security Assessment Assessment start & end date: Security Assessment tentatively scheduled to start on Tue, 24 February 2005 ending on Fri, 6 May 2005.

7. TASKStart DateEnd-Date Pre-Engagement Planning/Kick-off - Internet TestingThu 2/24/05Thu 2/24/05 Internet Penetration Assessment - Field WorkMon 2/28/05Fri 3/11/05 Internet Penetration Testing - ReportingMon 3/14/05Fri 3/18/05 Deliver Draft Report - Internet Penetration TestingFri 3/18/05Fri 3/18/05 Pre-Engagement Planning/Kick-off - Dial-up & WirelessMon 3/21/05Mon 3/21/05 Dial-Up Field WorkTue 3/22/05Wed 3/23/05 Wireless Field WorkTue 3/22/05Thu 3/24/05 Dial-up and Wireless - ReportingFri 3/25/05Tue 3/29/05 Deliver Draft Report - Dial-up & WirelessWed 3/30/05Wed 3/30/05 2005 Security Assessment (Plan)

8. TASKStart DateEnd-Date Pre-Engagement Planning/Kick-off - Application TestingThu 3/31/05Thu 3/31/05 Application Testing - Field WorkMon 4/4/05Fri 4/15/05 Application Testing - ReportingMon 4/18/05Fri 4/22/05 Deliver Draft Report - Application TestingFri 4/22/05 Fri 4/22/05 Final ReportMon 5/2/05Fri 5/6/05 2005 Security Assessment (Plan)