The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
IT GRC With Symantec Control Compliance Suite
1. IT GRC With Symantec
Chris Collier
Presales Specialist
E: Chris.Collier@arrowecs.co.uk
2. Agenda
• What Is IT GRC?
• Common IT GRC Requirements
• Common Qualification Questions
• Symantec Control Compliance Suite
• Summary
• Upcoming Security Webinars
• Q&A
2
4. What is IT GRC?
4
the overall management approach to direct and control
the entire organization.
the set of processes through which management identifies,
analyses & responds appropriately to risks that might
adversely affect the organization.
conforming with stated requirements
(defined for example in laws, regulations, contracts, strategies and policies)
Who does it involve?
IT GRC is dealt with by more than one business unit as it effects the entire
organisation.
C-level & Senior level executives will have more direct input into an organisations
IT GRC posture than at lower levels but it is the duty of all employee’s to ensure
the organisations IT GRC posture is maintained and enhanced.
6. Common IT GRC Requirements
6
- Find the potential risk exposure of an order
processing systems.
- Assess the entire risk exposure throughout the
company.
- Evaluate if company systems are
secured, configured, and patched according to
standards.
- Evaluate procedural controls by providing
automated Web-based questionnaires.
- Prepare for upcoming regulatory compliance
audits.
- Simplify policy management throughout the
company.
8. Control Compliance Suite
8
7 Key Components:
- Symantec™ Control Compliance Suite Risk Manager
- Symantec™ Control Compliance Suite Policy Manager
- Symantec™ Control Compliance Suite Standards Manager
- Symantec™ Control Compliance Suite Vulnerability Manager
- Symantec™ Control Compliance Suite Assessment Manager
- Symantec™ Control Compliance Suite Virtualization Security Manager
- Symantec™ Control Compliance Suite Vendor Risk Manager
All of these modules can be used separately or together , it is all dependant on the customers
requirements.
10. Common Qualification Questions
- Do you have to comply with any regulatory Standards/Frameworks?
- How are you ensuring that you comply with them?
- Have you ever risk assessed your business?
- How do you asses you business procedural controls?
- How are you ensuring that your staff are aware of business procedures?
- Do you know how vulnerable your business systems are?
10
12. Summary
- Managing IT risk and compliance in today's enterprise is challenging.
- Symantec Control Compliance Suite helps you address these challenges
- Control Compliance Suite provides a rich, data-driven view of your
customers environment.
- Symantec's Control Compliance Suite automates IT risk and compliance
processes
- Control Compliance Suite addresses IT risk and compliance challenges
through a four-step process:
- Plan
- Assess
- Report
- Remediate
12
Control Compliance Suite is a modular solution, comprising of seven key components.These components are fully interoperable and available separately or as part of the broader suite. Key infrastructure capabilities available with all modules include a unique and highly scalable data framework to normalize and analyse large volumes of data, customizable Web-based dashboards and reports, and workflow integration with remediation ticketing systems.Symantec™ Control Compliance Suite Risk Manager conveys the impact of IT risk in business-relevant terms. You can work with business leaders to identify IT risk thresholds, assign ownership, and track risk reduction over time.Symantec™ Control Compliance Suite Policy Manager simplifies policy management with out-of-the-box policy content for multiple mandates, automatically mapped to controls and updated on a quarterly basis.Symantec™ Control Compliance Suite Standards Manager is an industry-leading configuration assessment solution designed to evaluate if systems are secured, configured, and patched according to standards.Symantec™ Control Compliance Suite Vulnerability Manager performs end-to-end vulnerability assessment of Web applications, databases, servers, and network devices, delivering a single view of security threats across your IT infrastructure.Symantec™ Control Compliance Suite Assessment Manager simplifies the evaluation of procedural controls by providing automated Web-based questionnaires. These questionnaires can also be used to evaluate overall employee security awareness.Symantec™ Control Compliance Suite Virtualization Security Manager allows you to confidently take advantage of the benefits of virtualization without worrying about degrading your security or compliance posture.Symantec™ Control Compliance Suite Vendor Risk Manager allows you to actively assess and monitor your vendor risk exposure to safeguard your sensitive data and reduce overall business risk.