Today IT security teams must contend with a dizzying array of challenges, from cyber-crime and government regulation to the ever increasing complexity of the IT environment itself. For organizations that handle large volumes of customer and employee information, the risk of a data breach is now higher than ever before. Driven by the rising tide of organized cyber-crime, targeted attacks are increasingly aimed at stealing information for the purpose of identity theft. 

At the same time, the growing number of government regulations, industry standards and internal mandates make compliance a difficult and expensive undertaking. According to a recent survey by the IT Policy Compliance Group, 70 percent of respondents are now subject to multiple regulations, standards and mandates required by contractual obligations. In addition, IT infrastructures have reached such a level of scale and complexity that it is now difficult to control deviations from technical standards. There is constant tendency toward configuration drift that can lead to breakdowns in the security, availability and reliability of data and systems.

Given these IT governance, risk and compliance challenges, it is essential to establish strong security policies to protect both assets and information. But putting policies in place is only a first step. It is also necessary to ensure that these policies are effectively enforced. To meet strategic management objectives, IT must continuously monitor and remediate any deviations from established standards and do so in a manner that is efficient and cost-effective.

Fortunately, many solutions are available to solve these challenges, each offering its own set of features and functionality. But what criteria should a company use in evaluating these solutions? Download a Symantec whitepaper with answers to this question by exploring key requirements of an IT Governance, Risk and Compliance (IT GRC) solution.

• Define and manage policies for multiple mandates with out-of-the-box policy content. Map policies to control statements and de-duplicate common controls across multiple mandates.
• Assess how effective controls are in meeting policy requirements. Automatically identify deviations from technical standards and replace manual evaluation processes with web-based questionnaires.
• Identify critical vulnerabilities in the most sensitive servers, web applications, databases, and unmanaged control systems.
• Report on overall risk and compliance posture with dynamic, web-based dashboards and reports. Integrate technical, procedural and data controls with evidence from external systems.
• Remediate deficiencies based on risk using the Common Vulnerability Scoring System. Automate remediation ticketing through out-of-the-box integration with popular ticketing systems.

Key Benefits

• Improve visibility into IT risk posture
• Simplify management of multiple mandates
• Reduce compliance cost and complexity