Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Symantec Announces Update to Its Control Compliance Suite

Symantec today shared some details on Symantec Control Compliance Suite 11, the next generation of its enterprise-class IT governance, risk and compliance (GRC) solution. The upcoming release features a new Control Compliance Suite Risk Manager module which enables security and risk management teams to better understand and communicate risks to the business environment from their IT infrastructure.

Symantec today shared some details on Symantec Control Compliance Suite 11, the next generation of its enterprise-class IT governance, risk and compliance (GRC) solution. The upcoming release features a new Control Compliance Suite Risk Manager module which enables security and risk management teams to better understand and communicate risks to the business environment from their IT infrastructure. The Risk Manager translates technical issues into risks relevant to business processes, delivers customized views of IT risk for different stakeholders, and helps prioritize remediation efforts based on business criticality rather than technical severity.

Symantec LogoAccording to a study conducted in January 2012 by Forrester Consulting on behalf of Symantec, when asked what changes to their IT risk program would have the most positive impact on their business counterpart relationships, 47% indicated the improved ability to communicate the value of security and risk management in business terms.

Symantec Control Compliance Suite 11 is designed to address challenges like this. The new Risk Manager module allows security leaders to create a targeted view of IT risk as it relates to a specific business process, group or function. Instead of sending business unit owners detailed reports on outstanding configuration or vulnerability issues, they can illustrate how these issues are causing unacceptably high risk to the company’s online e-commerce site, transaction processing system or other business process. Translating technical IT issues into business risk terms that can be more easily understood helps drive greater awareness, accountability and action.

Symantec says its solution facilitates more effective communications around IT risk by allowing security leaders to customize dashboards with audience-specific risk metrics. Executive-level dashboards can illustrate high-level metrics, such as risk by business unit, or risk scores for mission-critical business processes. Security operations dashboards can drill down to examine technical details behind these risk scores. Dashboards for IT operations can outline detailed remediation plans and monitor risk reduction over time as scheduled remediation activities take place. These different dashboard views provide business stakeholders with the information they need to make better decisions around IT risk, while ensuring that security and IT operations teams are more closely aligned on what needs to be done to reduce the most critical risks to the business.

Symantec Control Compliance Suite features a flexible, scalable data framework which is critical to providing a rich data-driven view to multiple audiences. This framework simplifies the process of bringing together and “normalizing” information from multiple different sources, so that it can be viewed in a common format. The suite brings together automated, technical assessment information with manual data inputs and procedural assessment information. It combines all of this with additional data from other Symantec and non-Symantec solutions, providing a rich set of information available for better analysis and decision making. The result is a truly multi-dimensional view of the IT risks associated with any given business process, group or function.

“We are seeing a growing number of CISOs being asked to provide a business-centric perspective of IT risk that executives and line-of-business managers can understand and act upon. Meeting this need requires a strong focus on the intersection of risk management and IT-based business processes,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group.

Symantec Control Compliance Suite 11 is expected to ship in the spring of 2012.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.