CCS Risk Manager
Control Compliance Suite(CCS) 11 Risk Manager
Tool Identity Card
General information
Basic information to identify the product
Tool name : Control Compliance Suite(CCS) 11 Risk Manager
Vendor name : Symantec Corporation
Country of origin : USA
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage : World-wide (state oriented)
Supported by organization, club,... (e.g. as sponsor) : N/A
Brief description of the product
Give a brief description of the product containing general information, overview of functions…
-
Control Compliance Suite (CCS) Risk Manager enables security leaders to better understand and communicate risks to the business environment from their IT infrastructure. Risk Manager translates technical issues into risks relevant to business processes, delivers customized views of IT risk for different stakeholders, and helps prioritize remediation efforts based on business criticality rather than technical severity.
Supported functionality
Specify the functionality this tool provides.
R.A. Method activities supported
-
Risk identification : Using Technical Standards (E.G. ISO 27001, 27002) or as an organization identifying risk.
-
Risk analysis : CCS Risk Manager provides powerful out of the box tools to allow an organization to measure, mitigate and remediate their IT risks and communicate exposure and support stakeholders at all levels for IT excellence.
-
Risk evaluation : CCS Risk Manager allows organizations to use Workflow as well as logical operations to be able to evaluate, score, prioritize and know where their exposures are, and how to address them.
Other phases
-
Asset inventory & evaluation - Symantec Control Compliance Suite features a flexible, scalable data framework which is critical to providing a rich data-driven view to multiple audiences. This framework greatly simplifies the process of bringing together and 'normalizing' information from multiple different sources, so that it can be viewed in a common format. The suite brings together automated, technical assessment information with manual data inputs and procedural assessment information. It combines all of this with additional data from other Symantec and non-Symantec solutions, providing a rich set of information available for better analysis and decision making. The result is a truly multi-dimensional view of the IT risks associated with any given business process, group or function.
R.M. Method phases supported
-
Risk assessment: Predefined and customizable assessments are possible with CCS Risk Manager
-
Risk treatment :Measurement, Scoring, Trending, give the management an ability to illustrate how these issues are causing unacceptably high risk to the company's online e-commerce site, transaction processing system or other key business process
-
Risk acceptance : CCS Risk Manager provides different dashboard views provide business stakeholders with the information they need to make better decisions around IT risk, while ensuring that security and IT operations teams are more closely aligned on what needs to be done to reduce the most critical risks to the business.
-
Risk Communication : CCS Risk manager allows groups to facilitate more effective communication around IT risk by allowing security leaders to customize dashboards with audience-specific risk metrics.
-Executive-level dashboards can illustrate high-level metrics, such as risk by business unit, or risk scores for mission-critical business processes.
-Security operations dashboards can drill down to examine technical details behind these risk scores.
-Dashboards for IT operations can outline detailed remediation plans and monitor risk reduction over time as scheduled remediation activities take place.
-Additionally a number of communications formats, email, and data exports can be generated for popular office and communications use.
Other phases
-
N/A
Other functionality
-
3rd Party EDI Connectors : A rich set of interfaces to allow for data import, reporting and remediation for a holistic view of an organisations risk posture.
Information processed
-
N/A
Lifecycle
Date of the first edition, date and number of actual version
Date of first release : N/A
Date and identification of the last version : N/A
Useful links
Link for further information
Official web site : http://www.symantec.com/theme.jsp?themeid=control-compliance-suite
User group web site : http://www.symantec.com/connect/security/forums/control-compliance-suite
Relevant web site : N/A
Languages
List the available languages that the tool supports
Languages available : DE, FR, ES, IT, SC, JP
Pricing and licensing models
Specify the price for the product (as provided by the company on May 2012)
-
Price:€ 227,330 - Base license up to 500 users including 12 months maintenance
- Maintenance: € 27,330 - 12 month maintenance additional years
Sectors with free availability or discounted price : Price information is recommended list price. Discounts apply relative to number of users and servers - price shown is example for up to 500 users. Also discounts apply for Government and Education/Academic organisations.
Trial before purchase
Details regarding the evaluation period of the tool
CD or download available : Download
Identification required : Yes - evaluation license required and available
Trial period : 30 days by default
Tool architecture
Specify the technologies used in this tool
-
Database: Microsoft SQL is used for Data Content and Reporting
-
Web server: Microsoft IIS / Popular Web Browsers are used for Dashboards, Consoles, Reporting UI
-
Application Server: Microsoft Server 2003R2/2008R2 64-Bit hosts the CCS and Associate modules.
-
Client: Displaying Dashboards and Reports
Scope
Target public
Defines the most appropriate type of communities for this tool
-
Government, agencies
-
Large scale companies
-
SME
-
Commercial CIEs
-
Non Commercial CIEs
Specific sector : N/A
Spread
Information concerning the spread of this tool
General information : World-wide in many different organizations
Used inside EU countries : N/A
Used outside EU countries : N/A
Level of detail
Specify the target kind of people for this tool based on its functionality
Management : Identify current state of risk in their organization - Provides organization-wide dashboard view of current risk position.
Operational : Identify top remediation areas - Drill-down capability for determining specific assets at risk and priority
Technical : Specific remediation action - Detailed information on how to address the technical issue
Compliance to IT Standards
List the national or international standard this tool is compliant with
-
Common Criteria EAL 3+ - Previous version (10.5.1 is EAL 3+ certified) Version 11 currently under evaluation. Evaluation should complete within 3 months
-
VPAT - Associated with Section 508
-
FIPS-140-2
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
-
Tool provides assessment of customer's IT infrastructure against specific mandates, regulations &security best practices - Product leverages more than 150 embedded standards, regulations, frameworks &best practices that are commonly required by commercial and public sector organizations
Training
Information about possible training courses for this tool
- Course :Sales Engineer Presentations
Duration : Ad Hoc
Skills : General Security IT administration level
Expenses : Varies depending on size of organization and complexity of environment
Users viewpoint
Skills needed
Specify the skills needed to use and maintain the solution
-
To install : General Windows IT administration skills
-
To use : General IT Security Operations skills
-
To maintain : General IT Security Operations skills
Tool Support
Specify the kind of support the company provides for this product
Support : Various level of telephone and electronic support - Support contract purchased with product software. Various levels available providing different availability of support.
Organization processes integration
Describe user roles this tool supports
Supported Roles
-
Information Security-Risk &Compliance - Responsible for ensuring organization meets it IT compliance requirements and IT risk goals
Intergration in Organization activities
-
N/A
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
-
Data collection - Product can pull assessment &technical information from other supported deployed products
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
-
Product Knowledge Data base - Access provided as part of product support contract
Flexibility of tool's database
Can the database be customized and adapted to client requirements?
-
Integrated database - SQL Server - Fixed schema that allows flexible queries for various information needs
-
Product knowledge database - Queries on specific product information