The provider of systems, storage and security systems Symantec Corp. announced in February the global release of the latest version of its "enterprise-class IT governance, risk and compliance (IT GRC) solution-Symantec Control Compliance Suite 11-which its executives have said will be available to all its customers in Asia sometime round June.
According to them: "[The Symantec Control Compliance Suite 11] will feature the Control Compliance Suite Risk Manager module which enables security leaders to better understand and communicate risks to the business environment from their IT infrastructure. Risk Manager translates technical issues into risks relevant to business processes, delivers customised views of IT risk for different stakeholders, and helps prioritise remediation efforts based on business criticality rather than technical severity."
They cited findings from a study (dated January 2012) they commissioned research house Forrester Consulting to conduct that indicate how "security threats and risk management are becoming part of boardroom-level discussions," including the following.
* "70 percent of security decision makers reported increased executive awareness of IT security as a direct result of recent high profile attacks and data breaches."
* "When asked what changes to their IT risk programme would have the most positive impact on their business counterpart relationships, 47 percent indicated the improved ability to communicate the value of security and risk management in business terms."
* "More than 40 percent called out the need for more timely and accurate data or more frequent reporting of risk and compliance."
And Symantec's fix for these particular communication and visibility issues is the Risk Manager Module. "The Symantec Control Compliance Suite Risk Manager module will allow security leaders to create a targeted view of IT risk as it relates to a specific business process, group or function," they went on to say. "Instead of sending business unit owners detailed reports on outstanding configuration or vulnerability issues, they will be able to illustrate how these issues are causing unacceptably high risk to the company's online e-commerce site, transaction processing system or other key business process. Translating technical IT issues into business risk terms that can be more easily understood helps drive greater awareness, accountability and action. "
Talking about the newly announced Symantec Control Compliance Suite 11, Senior Vice President of the Information Security Group at Symantec, Art Gilliland, said: "The ability to move beyond the traditional role of technical expert and become a business risk advisor is critical to the success of today's IT security leaders. Symantec's next generation IT GRC solution will empower information security leaders to drive real change and accountability with their business counterparts at a time when security threats are becoming boardroom level discussions."
Sign up for Computerworld eNewsletters.