itb-nz logo
Story image

Risk and compliance solution with focus on business

01 Mar 2012

According to Symantec Corp. security threats and risk management are becoming part of boardroom-level discussions. The company recently announced the upcoming release of Symantec Control Compliance Suite 11, the latest version of its enterprise-class IT governance, risk and compliance (GRC) solution. It will feature the new Control Compliance Suite Risk Manager module which enables security leaders to better understand and communicate risks to the business environment from their IT infrastructure. Risk Manager translates technical issues into risks relevant to business processes, delivers customised views of IT risk for different stakeholders, and helps prioritise remediation efforts based on business criticality rather than technical severity. A January 2012 study conducted by Forrester Consulting on behalf of Symantec found:

  • 70 percent of security decision makers reported increased executive awareness of IT security as a direct result of recent high profile attacks and data breaches  
  • When asked what changes to their IT risk programme would have the most positive impact on their business counterpart relationships, 47 percent indicated the improved ability to communicate the value of security and risk management in business terms  
  • More than 40 percent called out the need for more timely and accurate data or more frequent reporting of risk and compliance

Symantec Control Compliance Suite Risk Manager module will allow security leaders to create a targeted view of IT risk as it relates to a specific business process, group or function. Instead of sending business unit owners detailed reports on outstanding configuration or vulnerability issues, they will be able to illustrate how these issues are causing unacceptably high risk to the company’s online e-commerce site, transaction processing system or other key business process. Translating technical IT issues into business risk terms that can be more easily understood helps drive greater awareness, accountability and action. The solution will facilitate more effective communication around IT risk by allowing security leaders to customise dashboards with audience-specific risk metrics.

  • Executive-level dashboards can illustrate high-level metrics, such as risk by business unit or risk scores for mission-critical business processes
  • Security operations dashboards can drill down to examine technical details behind these risk scores
  • Dashboards for IT operations can outline detailed remediation plans and monitor risk reduction over time as scheduled remediation activities take place

These different dashboard views provide business stakeholders with the information they need to make better decisions around IT risk, while ensuring that security and IT operations teams are more closely aligned on what needs to be done to reduce the most critical risks to the business. Symantec Control Compliance Suite will feature a flexible, scalable data framework which is critical to providing a rich data-driven view to multiple audiences. This framework greatly simplifies the process of bringing together and ‘normalising’ information from multiple different sources, so that it can be viewed in a common format. The suite brings together automated, technical assessment information with manual data inputs and procedural assessment information. It combines all of this with additional data from other Symantec and non-Symantec solutions, providing a rich set of information available for better analysis and decision making. The result is a truly multi-dimensional view of the IT risks associated with any given business process, group or function.