IT risk, compliance simplified

Managing IT security, risk and compliance places multiple demands on today's enterprise organisations. Increasingly complex IT infrastructures make it difficult to control deviations from technical standards or gain proper insight into overall IT risk and compliance posture.

The need to comply with a growing number of industry regulations, best practice frameworks and internal mandates places significant strain on resources. In many cases, this is compounded by the fact that compliance efforts are being managed through expensive, time-consuming manual processes, leading to redundant efforts, more audit deficiencies and higher audit fees.

Symantec Control Compliance Suite is the only holistic, fully automated solution to manage all aspects of IT risk and compliance at lower levels of cost and complexity.

The solution offers out-of-the-box content on multiple industry regulations, automated assessment of technical and procedural controls, centralised role-based dashboard reporting and integration with other Symantec products and third-party vendor products through APIs.

Define:
Symantec Control Compliance Suite Policy Manager
Policy Manager leverages out-of-the-box content, which is customisable to define and manage policies for multiple industry regulations, frameworks and internal mandates. It automatically maps policies to control statements and de-duplicates common controls across multiple regulations.

Assess:
Symantec Control Compliance Standards Manager (Technical Controls)
Symantec Control Compliance Suite Response Assessment Manager (Procedural Controls)
Symantec Control Compliance Suite assesses how effective controls are in meeting policy requirements. For technical controls, the suite automatically identifies deviations from technical standards. For procedural controls, it replaces costly, error-prone manual processes with Web-based questionnaires.

Identify:
Symantec Control Compliance Suite Vulnerability Manager
Symantec Control Compliance Suite features advanced vulnerability assessment capabilities. This allows organisations to proactively prevent threats to confidential information and critical assets by identifying vulnerabilities in their most sensitive servers, Web applications, databases and unmanaged control systems.

Report:
Symantec Control Compliance Suite reports dynamic Web-based dashboards and the reports provide multiple stakeholders with real-time insight into IT risk and compliance posture. Reports integrate technical, procedural and data controls with evidence from external systems for a more comprehensive overview.

Remediate:
Finally, Control Compliance Suite quantifies risk using an industry standard risk-scoring algorithm (Common Vulnerability Scoring System). It prioritises remediation efforts based on risk through integration with remediation ticketing systems (Altiris Service Desk {out-of-box}, HP Service Manager and Remedy, just to name a few).

Control Compliance Suite enables better management of all aspects of an organisation's IT risk, demonstrates compliance across multiple mandates and reduces the cost and burden of the audit process.

Symantec Data Loss Prevention is now tightly integrated with Control Compliance Suite 10.0, so you can ensure the IT assets with your most sensitive information comply with security and regulatory policies. Symantec Data Loss Prevention scans networks, endpoints and servers to locate sensitive data and sends incident and asset data back to Control Compliance Suite for analysis and review.

Control Compliance Suite creates an asset group by tagging these assets with sensitive information so that you can prioritise them for technical control evaluations and elevate hardening measures accordingly.

Symantec Control Compliance Suite reduces or eliminates the following:

* Increased cost and redundant efforts associated with manual compliance processes.
* Lack of visibility into an organisation's IT risks leading to potential data breaches.
* Lack of visibility into overall compliance risks leading to audit failures and higher audit costs.
* Increased costs associated with integrating and managing multiple point products for IT governance risk and compliance solutions.

If you have any queries or require a demonstration of the solution, please feel free to contact
Meshan Pungavanam at DRS on (011) 523-1600 or e-mail Meshan.pungavanam@drs.co.za