Symantec Control Compliance Suite v11

Powered by SC Magazine
 

The Control Compliance Suite enables enterprises to define security and compliance-related policies.

 

 

These are mapped to detailed technical checks and/or specific procedural questionnaires that measure overall risk and compliance within the IT environment.
 
The product is delivered as an on-premise software offering. Besides the hardware platform, the requirements include MS Windows Server 2003 SP2 or 2008 and Microsoft SQL Server 2005 SP2.

The Risk Manager component is designed to provide a quick view of IT risk. The process sets out to define an asset, either physical or business. The next step is to help visualise and document IT risk for the particular asset. Based on the importance of the particular line of business, assets and more, a 'risk threshold' can be set to alert owners when the security of those assets is in jeopardy. The tool will help prioritise remediation tasks based on risk, not severity.

The user interface is well laid out and easy to use, and navigation is Microsoft-like. Policy setup is done through templates, or users can import their own. The product comes with more than 150 mandates, best practices, regulations and more that are predefined and ready for use.

Using the same tool, users can link controls to policies. The policy portion is integrated with the risk module and remediation actions can be initiated with granular instructions to rectify non-compliance and mitigate risk.

Once policies and controls are set, users can assess the environment. Assessments can mean many things: one can assess against standards, use the vulnerability manager to discover critical vulnerabilities, evaluate procedural controls or integrate data from various third-party sources to review.

Security-related information can be collected using a general-purpose external data interface that enables the enterprise to broaden the risk and compliance view by leveraging other security products in its environment. Imports are supported via Open Database Connectivity, web API, or any flat file format.

It should also be noted that data gathering can be done using both agentless and agent-based clients. This feature gives a lot of flexibility in gathering information from devices.

There is an integrated workflow tool for scheduling and assigning tasks, or one can integrate directly with third-party ticketing systems. Reporting, charting and dashboarding are all excellent. A dynamic dashboard capability pulls everything together by presenting a customised view of risk and compliance for specific areas. Dashboards can be defined to address specific needs and include drill-down capabilities to yield specific, detailed information as needed.

Support and maintenance for Symantec's Control Compliance Suite v11 are available as extra services. The documentation, meanwhile, was complete and easy to follow.

Copyright © SC Magazine, UK edition


Symantec Control Compliance Suite v11
 
:
Overall Rating
Verdict:
Good solution for IT risk and compliance management. Although it integrates well with other systems, it looks to be more powerful as a fully deployed suite
Product Info
Supplier:
 
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1827

Vote
Do you support the abolition of the Office of the Information Commissioner?