2. 80% of Organizations Lack Visibility into IT Risks
Question: What Color is Your Information Risk Today?
For 1-in-10, it takes
For 2-in-10, it takes more than one day -to- one week to
nine months to find find the answer
the answer
For 1-in-10, it takes between one
For 6-in-10, it takes between week and three months
three and nine months to to find the answer
find the answer
Source: IT Policy Compliance Group, 2011 N: 1,202
Symantec Control Compliance Suite 10.5 2
3. Why are so Many Organizations Flying Blind?
Inadequate Controls Lack a Holistic View of Inability to Prioritize
Assessments Risk and Report on Risk
• Fail to standardize on • Diverse IT environments • Unable to identify
controls frameworks • Decentralized data highest priority IT risks
• Manual controls collection • Reports lack actionable
mapping • Rationalizing data from data to drive resolution
• Keeping up with multiple sources • Unable to report on key
regulatory changes risks per stakeholder
Symantec Control Compliance Suite 10.5 3
4. Symantec Control Compliance Suite
TECHNICAL CONTROLS
• Symantec™ Control
Compliance Suite
Standards Manager
• Symantec™ Control
Compliance Suite
Vulnerability Manager
REPORT REMEDIATE
POLICY PROCEDURAL CONTROLS
• Symantec™ Control • Symantec™
• Symantec™ Control • Symantec™ Control
Compliance Suite ServiceDesk 7.0
Compliance Suite Compliance Suite
EVIDENCE (Infrastructure)
Policy Manager Response Assessment
Manager
ASSETS
CONTROLS
DATA CONTROLS
• Symantec™ Data Loss
Prevention Discover
3RD PARTY EVIDENCE
• Symantec™ Control
Compliance Suite
(Infrastructure)
Symantec Control Compliance Suite 10.5 4
5. Control Compliance Suite 10.5 – What’s New?
Improved Risk Management Capabilities
• SCAP support provides shared view of IT risks
• New workflow integration helps manage people risks
More Holistic View of IT Risk
• Out-of-box dashboard connectors expand risk views
More Comprehensive Controls Assessments
• Support for PCI 2.0 and SCAP benchmarks
• FDCC support for better desktop controls
• OWASP support for better Web application controls
Symantec Control Compliance Suite 10.5 5
6. SCAP Support Provides Shared View of IT Risks
• Security Content Automation Protocol
• Developed by National Institute of Standards
and Technology (NIST)
• Better visibility into IT infrastructure
• Standard way to write security checks
• Eliminates need to rationalize data from
multiple sources
• Easily downloadable file updates – scan
based on latest standards
• Common framework provides a shared view
of IT risks for better prioritization and faster
remediation
Symantec Control Compliance Suite 10.5 6
7. Manage People Risk With Workflow Integration
• New workflow integration with
Symantec Data Loss Prevention
• Target security awareness training at
individuals in violation of data
protection policy
• New questionnaire summary pages
– Overview of key security awareness risks
– Drill down into more detail for
remediation efforts
Symantec Control Compliance Suite 10.5 7
8. Control Compliance Suite 10.5 – What’s New
Improved Risk Management Capabilities
• SCAP support provides shared view of IT risks
• New workflow integration helps manage people risk
More Holistic View of Risk
• Out-of-box dashboard connectors expand risk views
More Comprehensive Controls Assessments
• Support for PCI 2.0 and SCAP benchmarks
• FDCC support for better desktop controls
• OWASP support for better Web application controls
Symantec Control Compliance Suite 10.5 8
9. Out-of-Box Dashboard Connectors Expand Risk Views
• Automatically collect data from CCS
Response Assessment Manager
• Populate pre-defined dashboard panels
• Side by side view of risks for greater
insights – e.g.
– Data policy violations
– Results of employee security awareness
– Compliance posture of critical servers
• Future releases to bring in data on
– Critical vulnerabilities
– Latest security threats
– Real-time file integrity monitoring
Symantec Control Compliance Suite 10.5 9
10. Control Compliance Suite 10.5 – What’s New
Improved Risk Management Capabilities
• SCAP support provides shared view of IT risks
• New workflow integration helps manage people risk
More Holistic View of Risk
• Out-of-the-box dashboard connectors expand risk views
More Comprehensive Controls Assessments
• Support for PCI 2.0 and SCAP benchmarks
• FDCC support for better desktop controls
• OWASP support for better Web application controls
Symantec Control Compliance Suite 10.5 10
11. CCS 10.5
FDCC Support for Better Desktop Controls
• 85% of total reported security breaches can be traced to end
user actions*
• Built-in support for Federal Desktop Core Configuration (FDCC)
• Common industry standard for US Federal government
• Protects desktops against harmful configuration changes and
vulnerabilities
• Simplifies desktop security
• Easily import monthly updates
• Report on results in FDCC format
*Michael Bednarczyk, Information Week Analytics
Symantec Control Compliance Suite 10.5 11
12. OWASP Support for Better Web Application Controls
• In 2009 there were 5,500+ unique vulnerabilities in Web applications
alone*
• Built-in support for Open Web Application Security Protocol
• Technical standards for securing Web applications
• Focuses on top 10 vulnerabilities
• Automatically identify and remediate risks before they are exploited
• Adopted by PCI Security Standards Council
*Symantec Global Internet Security Threat Report
Symantec Control Compliance Suite 10.5 12