Symantec Resources, Webcasts & White Papers
Compliance Webcasts & Videos
Best Practices for Managing Business Risks from the Use of IT
Learn about best practices for managing business risk. Speaker: Jim Hurley, Managing Director of the IT Policy Compliance Group.
Based on exhaustive benchmarks conducted by the IT Policy Compliance Group with
thousands of organizations around the World, this session focuses on the
relationship between business risks and use of IT. We discuss key business risks
from the use of IT, financial outcomes and self-insurance thresholds, outcomes by
industry and size of organization and the practices differentiating best performing
organizations from the pack.
View this webcast!
Why Compliance Pays
Download this webcast to find out why compliance pays! Speaker: Jim Hurley, Managing Director of the IT Policy Compliance Group.
This on-demanad webcast explores the relationship between business outcomes and
practices in IT. In addition, we discuss risk and financial loss experience,
financial imperative for improving IT governance, risk and controls practices, and
practices, objectives, and controls in IT most responsible for improving business
outcomes while reducing financial exposure and expense.
Attend this session to learn what best-in-class organizations are doing to improve
outcomes. You will find out how you can increase revenue and customer retention
levels, lower your financial losses from data theft and loss, and reduce business
downtime from IT failures and disruptions, and costs for audit fees and expenses.
View this webcast!
Join us for Symantec's IT Governance Risk and Compliance (IT GRC) Solution Webcast Series. This series explores best practices and strategies you can use to help your organization with compliance challenges and implementing best practices.
IT Governance, Risk and Compliance: What the best performing firms do in IT to deliver better business results and lower risk
This on-demand webcast delivered by Jim Hurley, the managing director of the IT Policy Compliance Group, provides immediate,
fact-based insight into adjusting current practices to deliver best-in-class results, based on benchmarks conducted with
more than 2,600 organizations from around the World.
Some of the highlights of the webcast include:
Managers in IT, assurance, audit, legal, and finance will want to find out what's working, and why, and how adjustments
to current practices and capabilities will drive improvements in their own organization.
- Performance results
- Revenues, profits, customer retention
- Financial loss and risk
- Sensitive data protection
- Regulatory compliance
- Business uptime
- Integrated IT governance, risk and compliance among the best-performing firms
- Practices and capabilities driving best-in-class results
- How to leverage interactive assessment and benchmarking tools
View this webcast!
Benchmarking IT Risk & Compliance
Join Jennie Grimes, Senior Director, Symantec Enterprise Marketing and Jim Hurley, Managing Director, IT Policy Compliance
Group; Symantec Senior Research Mgr as they explore IT Risk and Compliance critical issues. Two areas of focus for this
on-demand webcast are presented beginning with the results of Symantec's IT Risk Management Report. The second portion covers
research conducted by the IT Policy Compliance Group, a joint research initiative between Symantec, ISACA, CSI and others.
At this free webcast you will learn about:
- Persistent myths about IT Risk and suggestions on ways to dispel each
- How organizations keep IT services flexible, adaptive, and aligned to organizational goals in constantly changing business climates
- The intimate relationship between compliance and risk
- How you can take key actions to reduce the financial impact of data loss
- Best practices extracted from industry research and survey respondents
View this webcast!
Aligning IT Risk & Compliance Activities
Archived Webcast from Thursday, April 17, 2008
Speaker: Peter DiStefano, Director, Product Marketing Compliance & Security Management
In this webcast, we will discuss the relevance and necessity of aligning compliance and security efforts. We will explore compliance challenges and best practices, automating IT controls assessments & testing, demonstrating proof of compliance to auditors, translating vague regulations, and monitoring and reporting on IT control effectiveness. You will also learn how Symantec can help you implement a risk based approach to managing compliance with Symantec's Control Compliance Suite.
View this webcast!
Secure Configurations For Compliance And Threat Management
Archived Webcast from Friday, April 18, 2008
Speaker: Peter DiStefano, Director, Product Marketing Compliance & Security Management
This webcast will explore how you can take control and implement a proactive risk-based approach to managing and securing systems and configurations. Today insider threats are a huge concern. It is essential that the controls you have in place support your company's policies and that they are effective in minimizing or eliminating internal and external threats.
View this webcast!
Log Management Compliance: Investment Or Expense?
Archived Webcast from Tuesday, April 29, 2008
Speaker: Todd Zambrovitz, Sr. Product Marketing Manager
Compliance requirements have led many organizations to discover the benefits of automated log retention, consolidation, and analysis solutions. But, as many of these organizations are finding out, why stop there? The value of log information goes way beyond just satisfying some regulatory requirement. Find out how to make your log management projects more of an investment instead of just a short term expense. Learn about how to balance fulfilling your current log management needs with investments that can add value in the future.
View this webcast!
IT Policy Compliance Videos
View these videos now!
- Executive Overview - These videos review the compliance challenges faced by IT managers and describe how Symantec.s solutions span the breadth of IT controls compliance. It provides a quick view of how Symantec products, as a whole, deliver a unified platform for managing compliance. The video also reveals the future direction of our compliance portfolio.
- Practitioner Perspectives - This series of videos provides a practitioner.s perspective of the issues associated with IT policy compliance and the Symantec ITPC solution that can resolve them.
- Product Demos - Take a deeper dive into the industries leading IT policy compliance solutions by viewing any or all of 6 product demonstrations.
Reducing the Cost of Security Monitoring (Archived Webcast)
Download this free webcast on "Reducing the Cost of Security Monitoring" with Colin Gibbens, Technical Product Manager, Symantec Security Information Manager and Adam Gray, CTO, of Novacoast.
Security is not achieved through the implementation of any single product or feature; nor once achieved will it guarantee complete protection from all unknowns. It is a process that exists through a well executed incident management response program.
From this webcast you will learn how to:
The process is augmented with technology and an organizations goal is to achieve an acceptable balance in managing the risk associated with the operation of the network. They will explore the technology and expertise to help your organization achieve this delicate balance and get the most out of your security investment.
- Increase network security and stability
- Lower the cost of system maintenance and administration
- Maintain a healthy balance within your incident management response program
Download this webcast now!
Compliance Matrix Poster for IT & Compliance Professionals
This matrix poster outlines IT Controls for security and privacy concerns related to regulatory
compliance in the workplace. Topics addressed in this poster include:
View a sample of this invaluable resource
Regulations and Standards:
- ISO 17799
- COBIT 4.0
- Sarbanes Oxley
- Payment Card Industry (PCI)
- NERC standards CIP
- PIPEDA (Canada)
Issues of Concerns:
- Risk Assessment and Treatment
- Security Policy
- Organization of Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Information Security Incident Management
- Business Continuity Management
Download your FREE Compliance Crosswalk Matrix Poster Now
Security White Papers
IT Risk Management Report 2: Myths and Realities
IT Risk - encompassing Security, Availability, Performance, and Compliance elements - has become a critical issue for executives and boards of directors.
In this second volume of the IT Risk Management Report, Symantec extends its analysis of IT professionals' insights into the nature of IT Risk and the most
effective ways to manage it, with added focus on Availability and Performance Risk..
The Report addresses persistent myths about IT Risk, concluding that:
Symantec recommends a continuous IT Risk Management process starting with risk assessment, paying close attention to cultural and training issues, and addressing long-term structural improvements as well as "early wins." Most implementations will focus on Risk and associated controls in the early stages, but should follow up with Risk and delivery controls, and include Compliance and Performance Risk with strategic controls for an integrated, effective program over the long term.
- IT professionals are adopting a more balanced, less Security-centric view of IT Risk - more of them now see Risk as critical or serious than any other element
- Compliance Risk is more than Security Risk formalized by law: data breaches, outages and disasters may cause irrecoverable losses of customer loyalty, revenue, and company value
- Reactive or annual project-oriented IT Risk Management is better than nothing. But IT professionals. expectations of monthly incidents in a constantly-changing global and regional business and technology environment call for a continuous, process-oriented approach
- Best-in-class organizations deploy controls balanced across strategic, support, delivery, and security categories, positioning themselves to correct the missing or faulty processes that cause most incidents
- Over the past year, survey participants saw no improvement in Asset Inventory Classification and Management controls, and a decline in Data Lifecycle Management
- IT Risk Management builds on Operational Risk Management and manufacturing quality disciplines, spurred on by Sarbanes-Oxley and other regulations affecting Corporate Governance, and supported by its own emerging frameworks, standards, and best practices.
Why Compliance Pays: Reputations and Revenues at Risk - Research Report
A new benchmark research report by the IT Policy Compliance Group is now available that highlights the differences between compliance laggards
and leaders and shows how compliance leaders are making compliance pay for them. For example:
To find out how you can turn compliance into a tool that will help you improve the rate of return on your compliance efforts, reduce data loss,
financial loss and stock decline, download this white paper today.
- 9 out of 10 firms are not leveraging compliance and IT governance procedures that could help them mitigate financial risk from lost or stolen data
- Firms with the best IT compliance results have the least business downtime from IT security events
- The probability of making the front page of the paper for a data theft or loss is once every three years or sooner for compliance laggards,
compared to once every 42 years or later for compliance leaders
2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk
White Paper - Free Download
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk.
The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization.
IT GRC encompasses the practices for delivering:
The 2008 Annual Report, assembled from benchmark research conducted with more than 2,600 organizations around the World,
reveals the IT GRC maturity profiles, business outcomes, capabilities and practices that are most responsible for
influencing and impacting business rewards and risks.
- Greater business value from IT strategy, investment and alignment,
- Significantly reduced business and financial risk from the use of IT, and
- Conformance with policies of the organization and its external legal and regulatory compliance mandates.
Lessons Learned for SOX Compliance and Other Regulatory Challenges
According to most estimates, first-year efforts to comply with the Sarbanes Oxley Act of 2002, widely known as "SOX," tended to
overcompensate by trying to cover too many controls. Stacks of manual assessments and spreadsheets were produced at a very high cost.
According to Ernst & Young, first-year SOX filers spent 70 percent of their time resolving deficiencies in IT controls in order to pass SOX
audits. In the second year of SOX activity, financial report filers still spent 60 to 65 percent of their time resolving IT deficiencies in
order to pass SOX audits, and again experienced significant increases in personnel costs as they completed their final SOX audits.
Research reveals major success factors for SOX compliance Recent research conducted among organizations in North America and around the
world helps illuminate what appears to be working when it comes to SOX compliance. Organizations with the least IT control deficiencies:
1. Deliver continuous training to employees while ensuring accountability with policy
2. Restructure the risk management function, internal controls, and IT security
3. Reallocate IT expenditures by shifting spending from consultants and contract labor to automated tools
4. Automate IT measurements, reporting, controls, change management processes, and IT security policies
5. Focus on managing risk to improve IT controls, information collection, and reporting
Managing Access to Critical Data for Protection and Privacy
Protecting intellectual property and confidential personal, financial, and business information is a business priority, and often a legal
requirement. To secure their data and ensure that only authorized people have access to it, organizations use a variety of access management
disciplines. Access management includes identity management solutions that control permissions for critical data stores by managing Access
Control Lists (ACLs). But identity management solutions in isolation risk access inflation, workarounds, and coverage gaps.
Comprehensive access management deploys identity management within a framework that includes disciplines for data protection, integration
with hiring and promotion, and especially monitoring. Monitoring augments access management with a second line of defense, protection
against unanticipated threats, a source of feedback for the continuous improvement of access management practices, and an audit trail.
The transition to comprehensive access management disciplines starts with an inventory and classification of data and a definition of
appropriate IT security controls, along with the creation of a risk model to establish priorities. Typically, this planning process
identifies areas of inappropriate access despite restrictive access rules, along with poorly defined controls, inadequate monitoring, and no
real metrics for program effectiveness. Once under way, comprehensive access management relies on tight integration with business processes
and frequent audits to maintain alignment with policy. And it depends on monitoring to identify, prioritize, and respond to unauthorized access.
Symantec Network Access Control: Comprehensive Network Access Control
The managed state of an organization's individual endpoints plays a critical role in the overall security and availability of its IT
infrastructure and related business operations. The new wave of sophisticated crimeware not only targets specific companies, but it also
targets desktops and laptops as backdoor entryways into those enterprises' business operations and valuable resources.
To safeguard themselves against these targeted threats, organizations must have a means to guarantee that each endpoint continually complies
with corporate security and configuration management policies. Failure to guarantee endpoint policy compliance leaves organizations vulnerable
to a wide array of threats, including the proliferation of malicious code throughout the enterprise, disruption of business-critical
services, increased IT recovery and management costs, exposure of confidential information, damage to corporate brand, and regulatory
fines due to non-compliance.
Symantec Network Access Control enables organizations to ensure the
proper configuration and security state of user endpoints-including those of onsite employees, remote employees, guests, contractors, and
temporary workers-before they are allowed to access resources on the corporate network. It discovers and evaluates endpoint compliance
status, provisions the appropriate network access, and provides remediation capabilities to ensure that endpoint security policies and
standards are met. Symantec Network Access Control is network OS-neutral and easily integrates with any network infrastructure, making its
implementation more comprehensive, easier, faster, and more cost-effective than competing solutions.
Symantec Endpoint Protection: A unified, proactive approach to endpoint security
Organizations today face a threat landscape that involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities
in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving organizations vulnerable to data
theft and manipulation, disruption of business-critical services, and damage to corporate brand and reputation. To stay ahead of this emerging
breed of stealthy and resilient security threats, organizations must advance their endpoint protection.
Symantec Endpoint Protection enables organizations to take a more holistic and effective approach to protecting their endpoints-laptops,
desktops, and servers. It combines five essential security technologies to proactively deliver the highest level of protection against known and
unknown threats, including viruses, worms, Trojan horses, spyware, adware, rootkits, and zero day attacks. This offering combines
industry-leading antivirus, anti spyware, and firewall with advanced proactive protection technologies in a single deployable agent that can
be administered from a central management console. Also, administrators can easily disable or enable any of these technologies based on their
Taking Action to Protect Sensitive Data Employing multiple IT controls to help protect sensitive data
Only 12 percent of organizations-about one in ten-are experiencing fewer than three losses of sensitive data in the past year. For all other
institutions-almost 90 percent-data loss rates are higher. The leading organizations-those with the fewest losses of sensitive
data-are spending more time, employing multiple IT controls, and monitoring compliance with their policies weekly, to significantly
reduce the loss of sensitive data. In fact, leading organizations are uniquely:
Monitoring and measuring controls and procedures to protect data once every four days
While best-in-class organizations are monitoring and measuring controls and procedures to protect sensitive data once a week,
most firms are conducting such measurements only once in a blue moon: at best, once every 176 days. Furthermore, all other organizations are
either ignoring the use of IT controls to protect sensitive data or are selectively employing only a few. In this day of instantaneous
electronic information exchange and 24x7x365 Internet-connectivity, infrequent monitoring and under utilized
IT controls will likely contribute to more instances of sensitive data loss.
Download Symantec Security White Papers Now
Share or bookmarklet this web page at: