Symantec Resources, Webcasts & White Papers

Best Practices for Managing Business Risks from the Use of IT

OnDemand webcast
Learn about best practices for managing business risk. Speaker: Jim Hurley, Managing Director of the IT Policy Compliance Group. Based on exhaustive benchmarks conducted by the IT Policy Compliance Group with thousands of organizations around the World, this session focuses on the relationship between business risks and use of IT. We discuss key business risks from the use of IT, financial outcomes and self-insurance thresholds, outcomes by industry and size of organization and the practices differentiating best performing organizations from the pack.

View this webcast!

Why Compliance Pays

OnDemand webcast
Download this webcast to find out why compliance pays! Speaker: Jim Hurley, Managing Director of the IT Policy Compliance Group. This on-demanad webcast explores the relationship between business outcomes and practices in IT. In addition, we discuss risk and financial loss experience, financial imperative for improving IT governance, risk and controls practices, and practices, objectives, and controls in IT most responsible for improving business outcomes while reducing financial exposure and expense.

Attend this session to learn what best-in-class organizations are doing to improve outcomes. You will find out how you can increase revenue and customer retention levels, lower your financial losses from data theft and loss, and reduce business downtime from IT failures and disruptions, and costs for audit fees and expenses.

View this webcast!





Join us for Symantec's IT Governance Risk and Compliance (IT GRC) Solution Webcast Series. This series explores best practices and strategies you can use to help your organization with compliance challenges and implementing best practices.

IT Governance, Risk and Compliance: What the best performing firms do in IT to deliver better business results and lower risk

OnDemand webcast
This on-demand webcast delivered by Jim Hurley, the managing director of the IT Policy Compliance Group, provides immediate, fact-based insight into adjusting current practices to deliver best-in-class results, based on benchmarks conducted with more than 2,600 organizations from around the World. Some of the highlights of the webcast include:

• Performance results
• Revenues, profits, customer retention
• Financial loss and risk
• Sensitive data protection
• Regulatory compliance
• Business uptime
• Integrated IT governance, risk and compliance among the best-performing firms
• Practices and capabilities driving best-in-class results
• How to leverage interactive assessment and benchmarking tools

Benchmarking IT Risk & Compliance

OnDemand webcast
Join Jennie Grimes, Senior Director, Symantec Enterprise Marketing and Jim Hurley, Managing Director, IT Policy Compliance Group; Symantec Senior Research Mgr as they explore IT Risk and Compliance critical issues. Two areas of focus for this on-demand webcast are presented beginning with the results of Symantec's IT Risk Management Report. The second portion covers research conducted by the IT Policy Compliance Group, a joint research initiative between Symantec, ISACA, CSI and others. At this free webcast you will learn about:

• Persistent myths about IT Risk and suggestions on ways to dispel each
• How organizations keep IT services flexible, adaptive, and aligned to organizational goals in constantly changing business climates
• The intimate relationship between compliance and risk
• How you can take key actions to reduce the financial impact of data loss
• Best practices extracted from industry research and survey respondents

Aligning IT Risk & Compliance Activities

Archived Webcast from Thursday, April 17, 2008
Speaker: Peter DiStefano, Director, Product Marketing Compliance & Security Management

In this webcast, we will discuss the relevance and necessity of aligning compliance and security efforts. We will explore compliance challenges and best practices, automating IT controls assessments & testing, demonstrating proof of compliance to auditors, translating vague regulations, and monitoring and reporting on IT control effectiveness. You will also learn how Symantec can help you implement a risk based approach to managing compliance with Symantec's Control Compliance Suite.

View this webcast!

Secure Configurations For Compliance And Threat Management

Archived Webcast from Friday, April 18, 2008
Speaker: Peter DiStefano, Director, Product Marketing Compliance & Security Management

This webcast will explore how you can take control and implement a proactive risk-based approach to managing and securing systems and configurations. Today insider threats are a huge concern. It is essential that the controls you have in place support your company's policies and that they are effective in minimizing or eliminating internal and external threats.

View this webcast!

Log Management Compliance: Investment Or Expense?

Archived Webcast from Tuesday, April 29, 2008
Speaker: Todd Zambrovitz, Sr. Product Marketing Manager

Compliance requirements have led many organizations to discover the benefits of automated log retention, consolidation, and analysis solutions. But, as many of these organizations are finding out, why stop there? The value of log information goes way beyond just satisfying some regulatory requirement. Find out how to make your log management projects more of an investment instead of just a short term expense. Learn about how to balance fulfilling your current log management needs with investments that can add value in the future.

View this webcast!

IT Policy Compliance Videos

• Executive Overview - These videos review the compliance challenges faced by IT managers and describe how Symantec.s solutions span the breadth of IT controls compliance. It provides a quick view of how Symantec products, as a whole, deliver a unified platform for managing compliance. The video also reveals the future direction of our compliance portfolio.


• Practitioner Perspectives - This series of videos provides a practitioner.s perspective of the issues associated with IT policy compliance and the Symantec ITPC solution that can resolve them.


• Product Demos - Take a deeper dive into the industries leading IT policy compliance solutions by viewing any or all of 6 product demonstrations.

Reducing the Cost of Security Monitoring (Archived Webcast)

Download this free webcast on "Reducing the Cost of Security Monitoring" with Colin Gibbens, Technical Product Manager, Symantec Security Information Manager and Adam Gray, CTO, of Novacoast.

Security is not achieved through the implementation of any single product or feature; nor once achieved will it guarantee complete protection from all unknowns. It is a process that exists through a well executed incident management response program.

From this webcast you will learn how to:

• Increase network security and stability
• Lower the cost of system maintenance and administration
• Maintain a healthy balance within your incident management response program

This matrix poster outlines IT Controls for security and privacy concerns related to regulatory compliance in the workplace. Topics addressed in this poster include:

View a sample of this invaluable resource

Regulations and Standards: ISO 17799 COBIT 4.0 Sarbanes Oxley HIPAA Payment Card Industry (PCI) GLBA NERC standards CIP PIPEDA (Canada) Issues of Concerns: Risk Assessment and Treatment Security Policy Organization of Information Security Asset Management Human Resources Security Physical and Environmental Security Communications and Operations Management Access Control Information Systems Acquisition, Development and Maintenance Information Security Incident Management Business Continuity Management Compliance

IT Risk Management Report 2: Myths and Realities

IT Risk - encompassing Security, Availability, Performance, and Compliance elements - has become a critical issue for executives and boards of directors. In this second volume of the IT Risk Management Report, Symantec extends its analysis of IT professionals' insights into the nature of IT Risk and the most effective ways to manage it, with added focus on Availability and Performance Risk..

The Report addresses persistent myths about IT Risk, concluding that:

• IT professionals are adopting a more balanced, less Security-centric view of IT Risk - more of them now see Risk as critical or serious than any other element
• Compliance Risk is more than Security Risk formalized by law: data breaches, outages and disasters may cause irrecoverable losses of customer loyalty, revenue, and company value
• Reactive or annual project-oriented IT Risk Management is better than nothing. But IT professionals. expectations of monthly incidents in a constantly-changing global and regional business and technology environment call for a continuous, process-oriented approach
• Best-in-class organizations deploy controls balanced across strategic, support, delivery, and security categories, positioning themselves to correct the missing or faulty processes that cause most incidents
• Over the past year, survey participants saw no improvement in Asset Inventory Classification and Management controls, and a decline in Data Lifecycle Management
• IT Risk Management builds on Operational Risk Management and manufacturing quality disciplines, spurred on by Sarbanes-Oxley and other regulations affecting Corporate Governance, and supported by its own emerging frameworks, standards, and best practices.

Why Compliance Pays: Reputations and Revenues at Risk - Research Report

A new benchmark research report by the IT Policy Compliance Group is now available that highlights the differences between compliance laggards and leaders and shows how compliance leaders are making compliance pay for them. For example:

• 9 out of 10 firms are not leveraging compliance and IT governance procedures that could help them mitigate financial risk from lost or stolen data
• Firms with the best IT compliance results have the least business downtime from IT security events
• The probability of making the front page of the paper for a data theft or loss is once every three years or sooner for compliance laggards, compared to once every 42 years or later for compliance leaders

2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk

White Paper - Free Download
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization. IT GRC encompasses the practices for delivering:

• Greater business value from IT strategy, investment and alignment,
• Significantly reduced business and financial risk from the use of IT, and
• Conformance with policies of the organization and its external legal and regulatory compliance mandates.

Lessons Learned for SOX Compliance and Other Regulatory Challenges

According to most estimates, first-year efforts to comply with the Sarbanes Oxley Act of 2002, widely known as "SOX," tended to overcompensate by trying to cover too many controls. Stacks of manual assessments and spreadsheets were produced at a very high cost. According to Ernst & Young, first-year SOX filers spent 70 percent of their time resolving deficiencies in IT controls in order to pass SOX audits. In the second year of SOX activity, financial report filers still spent 60 to 65 percent of their time resolving IT deficiencies in order to pass SOX audits, and again experienced significant increases in personnel costs as they completed their final SOX audits.

Research reveals major success factors for SOX compliance Recent research conducted among organizations in North America and around the world helps illuminate what appears to be working when it comes to SOX compliance. Organizations with the least IT control deficiencies:

1. Deliver continuous training to employees while ensuring accountability with policy
2. Restructure the risk management function, internal controls, and IT security
3. Reallocate IT expenditures by shifting spending from consultants and contract labor to automated tools
4. Automate IT measurements, reporting, controls, change management processes, and IT security policies
5. Focus on managing risk to improve IT controls, information collection, and reporting

Managing Access to Critical Data for Protection and Privacy

Protecting intellectual property and confidential personal, financial, and business information is a business priority, and often a legal requirement. To secure their data and ensure that only authorized people have access to it, organizations use a variety of access management disciplines. Access management includes identity management solutions that control permissions for critical data stores by managing Access Control Lists (ACLs). But identity management solutions in isolation risk access inflation, workarounds, and coverage gaps.

Comprehensive access management deploys identity management within a framework that includes disciplines for data protection, integration with hiring and promotion, and especially monitoring. Monitoring augments access management with a second line of defense, protection against unanticipated threats, a source of feedback for the continuous improvement of access management practices, and an audit trail.

The transition to comprehensive access management disciplines starts with an inventory and classification of data and a definition of appropriate IT security controls, along with the creation of a risk model to establish priorities. Typically, this planning process identifies areas of inappropriate access despite restrictive access rules, along with poorly defined controls, inadequate monitoring, and no real metrics for program effectiveness. Once under way, comprehensive access management relies on tight integration with business processes and frequent audits to maintain alignment with policy. And it depends on monitoring to identify, prioritize, and respond to unauthorized access.

Symantec Network Access Control: Comprehensive Network Access Control

The managed state of an organization's individual endpoints plays a critical role in the overall security and availability of its IT infrastructure and related business operations. The new wave of sophisticated crimeware not only targets specific companies, but it also targets desktops and laptops as backdoor entryways into those enterprises' business operations and valuable resources.

To safeguard themselves against these targeted threats, organizations must have a means to guarantee that each endpoint continually complies with corporate security and configuration management policies. Failure to guarantee endpoint policy compliance leaves organizations vulnerable to a wide array of threats, including the proliferation of malicious code throughout the enterprise, disruption of business-critical services, increased IT recovery and management costs, exposure of confidential information, damage to corporate brand, and regulatory fines due to non-compliance.

Symantec Network Access Control enables organizations to ensure the proper configuration and security state of user endpoints-including those of onsite employees, remote employees, guests, contractors, and temporary workers-before they are allowed to access resources on the corporate network. It discovers and evaluates endpoint compliance status, provisions the appropriate network access, and provides remediation capabilities to ensure that endpoint security policies and standards are met. Symantec Network Access Control is network OS-neutral and easily integrates with any network infrastructure, making its implementation more comprehensive, easier, faster, and more cost-effective than competing solutions.

Symantec Endpoint Protection: A unified, proactive approach to endpoint security

Organizations today face a threat landscape that involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services, and damage to corporate brand and reputation. To stay ahead of this emerging breed of stealthy and resilient security threats, organizations must advance their endpoint protection.

Symantec Endpoint Protection enables organizations to take a more holistic and effective approach to protecting their endpoints-laptops, desktops, and servers. It combines five essential security technologies to proactively deliver the highest level of protection against known and unknown threats, including viruses, worms, Trojan horses, spyware, adware, rootkits, and zero day attacks. This offering combines industry-leading antivirus, anti spyware, and firewall with advanced proactive protection technologies in a single deployable agent that can be administered from a central management console. Also, administrators can easily disable or enable any of these technologies based on their particular needs.

Taking Action to Protect Sensitive Data

Only 12 percent of organizations-about one in ten-are experiencing fewer than three losses of sensitive data in the past year. For all other institutions-almost 90 percent-data loss rates are higher. The leading organizations-those with the fewest losses of sensitive data-are spending more time, employing multiple IT controls, and monitoring compliance with their policies weekly, to significantly reduce the loss of sensitive data. In fact, leading organizations are uniquely:

Monitoring and measuring controls and procedures to protect data once every four days

While best-in-class organizations are monitoring and measuring controls and procedures to protect sensitive data once a week, most firms are conducting such measurements only once in a blue moon: at best, once every 176 days. Furthermore, all other organizations are either ignoring the use of IT controls to protect sensitive data or are selectively employing only a few. In this day of instantaneous electronic information exchange and 24x7x365 Internet-connectivity, infrequent monitoring and under utilized IT controls will likely contribute to more instances of sensitive data loss.

Download Symantec Security White Papers Now

Share or bookmarklet this web page at: