Date post: | 18-Nov-2014 |
Category: |
Technology |
Upload: | symantec |
View: | 3,854 times |
Download: | 0 times |
Symantec Control Compliance Suite 10.5
February 3, 2011
80% of Organizations Lack Visibility into IT Risks
2
Question: What Color is Your Information Risk Today?
For 2-in-10, it takes more than
nine months to find
the answer
For 1-in-10, it takes
one day -to- one week to
find the answer
For 1-in-10, it takes between one
week and three months
to find the answer
For 6-in-10, it takes between
three and nine months to
find the answer
Source: IT Policy Compliance Group, 2011 N: 1,202
Symantec Control Compliance Suite 10.5
Why are so Many Organizations Flying Blind?
3
Lack a Holistic View of Risk
• Diverse IT environments
• Decentralized data collection
• Rationalizing data from multiple sources
Inability to Prioritize and Report on Risk
• Unable to identify highest priority IT risks
• Reports lack actionable data to drive resolution
• Unable to report on key risks per stakeholder
Inadequate Controls Assessments
• Fail to standardize on controls frameworks
• Manual controls mapping
• Keeping up with regulatory changes
Symantec Control Compliance Suite 10.5
CONTROLS
ASSETS
EVIDENCE
Symantec Control Compliance Suite
4Symantec Control Compliance Suite 10.5
TECHNICAL CONTROLS
3RD PARTY EVIDENCE
DATA CONTROLS
PROCEDURAL CONTROLSPOLICYREPORT REMEDIATE
• Symantec™ Control Compliance Suite Policy Manager
• Symantec™ Control Compliance Suite
Standards Manager
• Symantec™ Control Compliance Suite
Response Assessment Manager
• Symantec™ ControlCompliance Suite (Infrastructure)
• Symantec™ ServiceDesk 7.0
• Symantec™ ControlCompliance Suite (Infrastructure)
• Symantec™ Data Loss Prevention Discover
• Symantec™ Control Compliance Suite
Vulnerability Manager
• SCAP support provides shared view of IT risks
• New workflow integration helps manage people risks
Improved Risk Management Capabilities
• Out-of-box dashboard connectors expand risk views
More Holistic View of IT Risk
• Support for PCI 2.0 and SCAP benchmarks
• FDCC support for better desktop controls
• OWASP support for better Web application controls
More Comprehensive Controls Assessments
Symantec Control Compliance Suite 10.5 5
Control Compliance Suite 10.5 – What’s New?
SCAP Support Provides Shared View of IT Risks
Symantec Control Compliance Suite 10.5 6
• Security Content Automation Protocol
• Developed by National Institute of Standards and Technology (NIST)
• Better visibility into IT infrastructure
• Standard way to write security checks
• Eliminates need to rationalize data from multiple sources
• Easily downloadable file updates – scan based on latest standards
• Common framework provides a shared view of IT risks for better prioritization and faster remediation
Manage People Risk With Workflow Integration
• New workflow integration with Symantec Data Loss Prevention
• Target security awareness training at individuals in violation of data protection policy
• New questionnaire summary pages
– Overview of key security awareness risks
– Drill down into more detail for remediation efforts
Symantec Control Compliance Suite 10.5 7
Control Compliance Suite 10.5 – What’s New
• SCAP support provides shared view of IT risks
• New workflow integration helps manage people risk
Improved Risk Management Capabilities
• Out-of-box dashboard connectors expand risk views
More Holistic View of Risk
• Support for PCI 2.0 and SCAP benchmarks
• FDCC support for better desktop controls
• OWASP support for better Web application controls
More Comprehensive Controls Assessments
Symantec Control Compliance Suite 10.5 8
Out-of-Box Dashboard Connectors Expand Risk Views
• Automatically collect data from CCS Response Assessment Manager
• Populate pre-defined dashboard panels
• Side by side view of risks for greater insights – e.g.
– Data policy violations
– Results of employee security awareness
– Compliance posture of critical servers
• Future releases to bring in data on
– Critical vulnerabilities
– Latest security threats
– Real-time file integrity monitoring
Symantec Control Compliance Suite 10.5 9
Control Compliance Suite 10.5 – What’s New
• SCAP support provides shared view of IT risks
• New workflow integration helps manage people risk
Improved Risk Management Capabilities
• Out-of-the-box dashboard connectors expand risk views
More Holistic View of Risk
• Support for PCI 2.0 and SCAP benchmarks
• FDCC support for better desktop controls
• OWASP support for better Web application controls
More Comprehensive Controls Assessments
Symantec Control Compliance Suite 10.5 10
FDCC Support for Better Desktop Controls
• 85% of total reported security breaches can be traced to end user actions*
• Built-in support for Federal Desktop Core Configuration (FDCC)
• Common industry standard for US Federal government
• Protects desktops against harmful configuration changes and vulnerabilities
• Simplifies desktop security
• Easily import monthly updates
• Report on results in FDCC format
Symantec Control Compliance Suite 10.5 11
CCS 10.5
*Michael Bednarczyk, Information Week Analytics
OWASP Support for Better Web Application Controls
• In 2009 there were 5,500+ unique vulnerabilities in Web applications alone*
• Built-in support for Open Web Application Security Protocol
• Technical standards for securing Web applications
• Focuses on top 10 vulnerabilities
• Automatically identify and remediate risks before they are exploited
• Adopted by PCI Security Standards Council
Symantec Control Compliance Suite 10.5 12
*Symantec Global Internet Security Threat Report
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Thank you!
Symantec Control Compliance Suite 10.5 13