Symantec Control Compliance Suite 11 is the latest version of its enterprise-class IT governance, risk and compliance (GRC) solution. It will feature the new Control Compliance Suite Risk Manager module which enables security leaders to better understand and communicate risks to the business environment from their IT infrastructure. Risk Manager translates technical issues into risks relevant to business processes, delivers customized views of IT risk for different stakeholders, and helps prioritize remediation efforts based on business criticality rather than technical severity.
2. Connecting IT Risk to the Business
• 70% of security decision makers report increased executive
awareness of IT security due to high profile attacks and
breaches
• Changes to IT risk management programs that would have the
most positive impact on business counterparts
– 47%: better explain the value of security in business terms
– 44%: provide more accurate and timely data
– 40%: more frequent reporting of risk and compliance data
Symantec Control Compliance Suite 11 2
3. Organizational Evolution
From Compliance to Business Risk Management
Build Connect to
sustainable business
Focus on risk program
top priorities
Stay ahead
of threats
Comply with
key mandates
Only 1 in 8 best performing
organizations feel Info Sec can
influence business decisions
Source: Information Risk Executive
Council, 2011
Symantec Control Compliance Suite 11 3
4. Structured Approach to Addressing IT Risk and Compliance
Stakeholders
Security / Audit IT / Operations Business / Mgmt.
1. PLAN 3. REPORT
Define policy and Customize reports for
IT risk objectives multiple stakeholders
2. ASSESS 4. REMEDIATE
Assess environment Remediate based on
against objectives highest priority risks
Environment
Symantec Control Compliance Suite 11 4
5. Symantec Control Compliance Suite
Stakeholders
Security / Audit IT / Operations Business / Mgmt.
PLAN REPORT
• Demonstrate compliance to multiple
• Define Policy risk objectives
CCS business CCS Risk
CCS Reporting CCS Dynamic
Manager Manager* stakeholders
• Create policies for multiple mandates
• Correlate risk across business assets
& Analytics Dashboards
• Map to controls and de-duplicate
CCS Content • High level dashboards with drill down
EVIDENCE
ASSETS CONTROLS
ASSESS
REMEDIATE
• Identify deviations from technical
Symantec Data
Extended Data
CCS Standards
CCS Response
Vulnerability
3rd Party
• Risk-based prioritization Symantec
Assessment
Connectors
Connectors
standards Symantec
Manager
Manager
Manager
• Discover critical vulnerabilities • Closed loop tracking of deficiencies
Ticketing Workflow
ServiceDesk
CCS
• Evaluate procedural controls • Integration Integration systems
with ticketing Integration
• Combine data from 3rd party sources
Environment
Symantec Control Compliance Suite 11 5
* Planned new product. Roadmap subject to change.
6. Control Compliance Suite Risk Manager
Define a business asset you want to manage
Visualize and understand IT risk for this business asset
Prioritize remediation based on IT risk, not technical severity
Monitor risk reduction over time
Symantec Control Compliance Suite 11 6
7. Visualize and Understand IT Risk
Enterprise Wide View of Business Risk
Risk Overview for People’s Bank
Symantec Control Compliance Suite 11 7
8. Visualize and Understand IT Risk
Business Unit Level View of Risk
Risk Overview for Internet Banking
Symantec Control Compliance Suite 11 8
9. Visualize and Understand IT Risk
Balanced View of Business and Operational Metrics
Drill down
to technical
details
Symantec Control Compliance Suite 11 9
11. Prioritize Remediation Based on Risk
Remediation Plan by Security Objective
Review & finalize
remediation plan
Symantec Control Compliance Suite 11 11
12. Monitor Risk Reduction Over Time
Manage Remediation Plans
Track risk reduction for
remediation plans
Symantec Control Compliance Suite 11 12
13. Visualize and Understand IT Risk
High Level Progress Reporting on Security Objectives
Risk Overview for Internet Banking
Review progress, discuss
gaps and drive further
actions, investments and
accountability
Symantec Control Compliance Suite 11 13
14. Key Benefits of Control Compliance Suite Risk Manager
Visualize IT Risk
• Holistic view of IT risk across the enterprise
• Customized views for different audiences
Translate into Business Terms
• Business stakeholders make better decisions
• IT operations prioritize based on business impact
Drive Action to Reduce Risk
• Relevant metrics drive awareness and action
• Better justification for security investments
Symantec Control Compliance Suite 11 14