Symantec Control Compliance Suite

Compliance of IT systems to corporate security policies (Symantec Control Compliance Suite)

Fast increase in number of new threats, along with complication of business infrastructures, turns ensuring compliance to regulatory requirements into a permanent problem. As a result the organization is forced to distract considerable resources from the solution of its profile business challenges. For problem solving of compliance of IT systems to corporate security policies and official standards the agentless technology of scanning of direct systems of Symantec Control Compliance Suite is offered.

Following features enter functionality of a system:

• The centralized collection of information from systems using bezagenty technologies and support of a set of types of systems (OS MS Windows, Solaris, AIX, HP-UX, Linux, NetWare, DBMS Oracle, MS SQL and so forth);
• Centralized operation by politicians and standards of security (SOX, CIS, NSA, ISO 17799, CobiT, HIPAA, Basel II and others, developed in the company);
• The centralized data storage from the scanned systems;
• Centralized operation by problems of collecting and information analysis;
• Reports generation on compliance to politicians and standards.

Within system implementation of Symantec Control Compliance Suite thin setup of data collection and report generation according to requirements of policy of IT safety of customer company is performed and also personnel training to work with a system is made.

Results of system implementation of Symantec Control Compliance Suite:

• Economy of the resources selected by the company for internal and external checks of observance of information security policies;
• Increase in level of information security of the company and reduction of risk of unauthorized access to data, thanks to more complete information about observance of security policies;
• Decrease in technological and reputational risks;
• Increase in degree of trust to the company from clients and partners;
• Automation of process of control of compliance to information security policies;
• Economy of working time of IT specialists;
• Transparency in compliance to information security policies of the company (existence of the regular automated compliance verification processes);
• Constant control of quality of compliance (lack of human errors at manual transactions).

Thus, system implementation of management of compliance to information security policies Symantec Control Compliance Suite allows to increase capitalization and security of your company.

Symantec Control Compliance Suite 11

The Symantec corporation announced in March, 2012 preparation for an exit of Symantec Control Compliance Suite 11 — the new version of a system for corporate management, risk control and check of compliance to requirements (GRC). The new module Control Compliance Suite Risk Manager allowing heads of departments of security will be a part of the solution it is better to understand the nature of risks and their influence on a business environment from an IT infrastructure position. The configured type of representation of risks for different concerned parties allows to create the solution and proposes problem solving in a priority order, taking into account as far as the question is critical for business, says Symantec.

The module Symantec Control Compliance Suite Risk Manager will allow heads of divisions of information security to create target representation of IT risks according to their influence on specific business processes, groups or functions. Instead of sending to heads of divisions of itemized statements on configurations or vulnerabilities, responsible for cybersecurity will be able to illustrate that these problems create unacceptable risks for work of the website of online store, transaction processing systems or other processes, key for business. The translation of technical issues into the business language more clear to heads allows to achieve the best awareness, to assess a situation and quicker to work, are sure of Symantec.

At the same time, the new version of Control Compliance Suite promotes increase in efficiency of collective work on risks, allowing heads of departments of cybersecurity to display specific metrics for a single audience: so, the possibility of visualization for heads will help to illustrate metrics of the high level, such as risks for business divisions or risks for crucial business processes; visualization of information security can output detailed data, allowing to study the technical aspects connected with risks; visualization for IT transactions may contain the detailed plans of correction and to provide data on risk reduction over time in process of application of the planned measures.

Thus, possibilities of visualization allow concerned parties to obtain that information which is necessary to them for adoption of more weighed solutions concerning IT risks. At the same time the staff of divisions of IT and cybersecurity understands more precisely what needs to be made to reduce the most critical risks for business, noted in Symantec.

The product family of Symantec Control Compliance Suite will contain the flexible and scaled system for work with data which is necessary for informing different categories of listeners. This system simplifies process of consolidation and "normalization" of information obtained from different sources, allowing to browse them in a uniform format.

In general the products Symantec Control Compliance Suite integrate automatically obtained technical information, data entered manually and also results of assessment procedures of a status. All this is combined with the additional information from other solutions of Symantec and other companies, providing to users a rich data set for quality improvement of the analysis and decision making. As a result users receive a multidimensional picture of the IT risks relating to specific business processes, groups or functions, claim in the company.

Symantec Control Compliance Suite 11 will go on sale at the beginning of summer of 2012.

2014: Set of expansions

On March 4, 2013 the Symantec corporation announced an exit of set of expansions for Control Compliance Suite.

Description

Set will help to control requirements of the Russian legislation in the field of personal data protection, the state resources, payment and banking systems. The NGO Echelon Ltd company - the technology partner of Symantec company developed.

Development will simplify process of adaptation of a product for control of compliance to domestic policy of the company, as much as possible automates and will simplify process of control of compliance for risk reduction during audits and checks of regulators regarding requirements:

• 21 orders of FSTEC of February 18, 2013;
• 17 order of FSTEC of February 11, 2013;
• The standard of the Bank of Russia on information security support of the organizations of a banking system of the Russian Federation service station of BR IBBS-1.2-2010;
• Provision of Bank of Russia N 382-P O requirements to ensuring data protection at implementation of money transfers.

"At the moment we can observe a tendency to complication of compliance to requirements of regulators of the Russian Federation. In the circumstances CCS will be irreplaceable for carrying out internal audit cybersecurity in the large companies", - Ilya Troitsky, the head of certification in the Russian Federation noted Symantec companies.

"When developing this set of expansions our experts considered the long-term experience of Eshelon company accumulated at work in audit area and the analysis of security of the organizations. Process automation of control and conformity assessment – the service which was very demanded by our many partners, and technologies of Symantec company provide extremely effective mechanism for the solution of this task" - Valentin Tsirlov, the chief executive of NGO Echelon Ltd emphasized.