Symantec Resources, Webcasts & White Papers

Aligning IT Risk & Compliance Activities

Archived Webcast from Thursday, April 17, 2008
Speaker: Peter DiStefano, Director, Product Marketing Compliance & Security Management

In this webcast, we will discuss the relevance and necessity of aligning compliance and security efforts. We will explore compliance challenges and best practices, automating IT controls assessments & testing, demonstrating proof of compliance to auditors, translating vague regulations, and monitoring and reporting on IT control effectiveness. You will also learn how Symantec can help you implement a risk based approach to managing compliance with Symantec's Control Compliance Suite.

View this webcast!

Secure Configurations For Compliance And Threat Management

Archived Webcast from Friday, April 18, 2008
Speaker: Peter DiStefano, Director, Product Marketing Compliance & Security Management

This webcast will explore how you can take control and implement a proactive risk-based approach to managing and securing systems and configurations. Today insider threats are a huge concern. It is essential that the controls you have in place support your company's policies and that they are effective in minimizing or eliminating internal and external threats.

View this webcast!

Log Management Compliance: Investment Or Expense?

Archived Webcast from Tuesday, April 29, 2008
Speaker: Todd Zambrovitz, Sr. Product Marketing Manager

Compliance requirements have led many organizations to discover the benefits of automated log retention, consolidation, and analysis solutions. But, as many of these organizations are finding out, why stop there? The value of log information goes way beyond just satisfying some regulatory requirement. Find out how to make your log management projects more of an investment instead of just a short term expense. Learn about how to balance fulfilling your current log management needs with investments that can add value in the future.

View this webcast!

IT Policy Compliance Videos

• Executive Overview - These videos review the compliance challenges faced by IT managers and describe how Symantec.s solutions span the breadth of IT controls compliance. It provides a quick view of how Symantec products, as a whole, deliver a unified platform for managing compliance. The video also reveals the future direction of our compliance portfolio.


• Practitioner Perspectives - This series of videos provides a practitioner.s perspective of the issues associated with IT policy compliance and the Symantec ITPC solution that can resolve them.


• Product Demos - Take a deeper dive into the industries leading IT policy compliance solutions by viewing any or all of 6 product demonstrations.

Reducing the Cost of Security Monitoring (Archived Webcast)

Download this free webcast on "Reducing the Cost of Security Monitoring" with Colin Gibbens, Technical Product Manager, Symantec Security Information Manager and Adam Gray, CTO, of Novacoast.

Security is not achieved through the implementation of any single product or feature; nor once achieved will it guarantee complete protection from all unknowns. It is a process that exists through a well executed incident management response program.

From this webcast you will learn how to:

• Increase network security and stability
• Lower the cost of system maintenance and administration
• Maintain a healthy balance within your incident management response program

This matrix poster outlines IT Controls for security and privacy concerns related to regulatory compliance in the workplace. Topics addressed in this poster include:

View a sample of this invaluable resource

Regulations and Standards: ISO 17799 COBIT 4.0 Sarbanes Oxley HIPAA Payment Card Industry (PCI) GLBA NERC standards CIP PIPEDA (Canada) Issues of Concerns: Risk Assessment and Treatment Security Policy Organization of Information Security Asset Management Human Resources Security Physical and Environmental Security Communications and Operations Management Access Control Information Systems Acquisition, Development and Maintenance Information Security Incident Management Business Continuity Management Compliance

Why Compliance Pays: Reputations and Revenues at Risk - Research Report

A new benchmark research report by the IT Policy Compliance Group is now available that highlights the differences between compliance laggards and leaders and shows how compliance leaders are making compliance pay for them. For example:

• 9 out of 10 firms are not leveraging compliance and IT governance procedures that could help them mitigate financial risk from lost or stolen data
• Firms with the best IT compliance results have the least business downtime from IT security events
• The probability of making the front page of the paper for a data theft or loss is once every three years or sooner for compliance laggards, compared to once every 42 years or later for compliance leaders

Lessons Learned for SOX Compliance and Other Regulatory Challenges

According to most estimates, first-year efforts to comply with the Sarbanes Oxley Act of 2002, widely known as "SOX," tended to overcompensate by trying to cover too many controls. Stacks of manual assessments and spreadsheets were produced at a very high cost. According to Ernst & Young, first-year SOX filers spent 70 percent of their time resolving deficiencies in IT controls in order to pass SOX audits. In the second year of SOX activity, financial report filers still spent 60 to 65 percent of their time resolving IT deficiencies in order to pass SOX audits, and again experienced significant increases in personnel costs as they completed their final SOX audits.

Research reveals major success factors for SOX compliance Recent research conducted among organizations in North America and around the world helps illuminate what appears to be working when it comes to SOX compliance. Organizations with the least IT control deficiencies:

1. Deliver continuous training to employees while ensuring accountability with policy
2. Restructure the risk management function, internal controls, and IT security
3. Reallocate IT expenditures by shifting spending from consultants and contract labor to automated tools
4. Automate IT measurements, reporting, controls, change management processes, and IT security policies
5. Focus on managing risk to improve IT controls, information collection, and reporting

Managing Access to Critical Data for Protection and Privacy

Protecting intellectual property and confidential personal, financial, and business information is a business priority, and often a legal requirement. To secure their data and ensure that only authorized people have access to it, organizations use a variety of access management disciplines. Access management includes identity management solutions that control permissions for critical data stores by managing Access Control Lists (ACLs). But identity management solutions in isolation risk access inflation, workarounds, and coverage gaps.

Comprehensive access management deploys identity management within a framework that includes disciplines for data protection, integration with hiring and promotion, and especially monitoring. Monitoring augments access management with a second line of defense, protection against unanticipated threats, a source of feedback for the continuous improvement of access management practices, and an audit trail.

The transition to comprehensive access management disciplines starts with an inventory and classification of data and a definition of appropriate IT security controls, along with the creation of a risk model to establish priorities. Typically, this planning process identifies areas of inappropriate access despite restrictive access rules, along with poorly defined controls, inadequate monitoring, and no real metrics for program effectiveness. Once under way, comprehensive access management relies on tight integration with business processes and frequent audits to maintain alignment with policy. And it depends on monitoring to identify, prioritize, and respond to unauthorized access.

Symantec Network Access Control: Comprehensive Network Access Control

The managed state of an organization's individual endpoints plays a critical role in the overall security and availability of its IT infrastructure and related business operations. The new wave of sophisticated crimeware not only targets specific companies, but it also targets desktops and laptops as backdoor entryways into those enterprises' business operations and valuable resources.

To safeguard themselves against these targeted threats, organizations must have a means to guarantee that each endpoint continually complies with corporate security and configuration management policies. Failure to guarantee endpoint policy compliance leaves organizations vulnerable to a wide array of threats, including the proliferation of malicious code throughout the enterprise, disruption of business-critical services, increased IT recovery and management costs, exposure of confidential information, damage to corporate brand, and regulatory fines due to non-compliance.

Symantec Network Access Control enables organizations to ensure the proper configuration and security state of user endpoints-including those of onsite employees, remote employees, guests, contractors, and temporary workers-before they are allowed to access resources on the corporate network. It discovers and evaluates endpoint compliance status, provisions the appropriate network access, and provides remediation capabilities to ensure that endpoint security policies and standards are met. Symantec Network Access Control is network OS-neutral and easily integrates with any network infrastructure, making its implementation more comprehensive, easier, faster, and more cost-effective than competing solutions.

Symantec Endpoint Protection: A unified, proactive approach to endpoint security

Organizations today face a threat landscape that involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services, and damage to corporate brand and reputation. To stay ahead of this emerging breed of stealthy and resilient security threats, organizations must advance their endpoint protection.

Symantec Endpoint Protection enables organizations to take a more holistic and effective approach to protecting their endpoints-laptops, desktops, and servers. It combines five essential security technologies to proactively deliver the highest level of protection against known and unknown threats, including viruses, worms, Trojan horses, spyware, adware, rootkits, and zero day attacks. This offering combines industry-leading antivirus, anti spyware, and firewall with advanced proactive protection technologies in a single deployable agent that can be administered from a central management console. Also, administrators can easily disable or enable any of these technologies based on their particular needs.

Taking Action to Protect Sensitive Data

Only 12 percent of organizations-about one in ten-are experiencing fewer than three losses of sensitive data in the past year. For all other institutions-almost 90 percent-data loss rates are higher. The leading organizations-those with the fewest losses of sensitive data-are spending more time, employing multiple IT controls, and monitoring compliance with their policies weekly, to significantly reduce the loss of sensitive data. In fact, leading organizations are uniquely:

Monitoring and measuring controls and procedures to protect data once every four days

While best-in-class organizations are monitoring and measuring controls and procedures to protect sensitive data once a week, most firms are conducting such measurements only once in a blue moon: at best, once every 176 days. Furthermore, all other organizations are either ignoring the use of IT controls to protect sensitive data or are selectively employing only a few. In this day of instantaneous electronic information exchange and 24x7x365 Internet-connectivity, infrequent monitoring and under utilized IT controls will likely contribute to more instances of sensitive data loss.

Download Symantec Security White Papers Now

Share or bookmarklet this web page at: