CCS Risk Manager

Published under Risk Management

Control Compliance Suite(CCS) 11 Risk Manager

Tool Identity Card

General information
Basic information to identify the product

Tool name : Control Compliance Suite(CCS) 11 Risk Manager
Vendor name : Symantec Corporation
Country of origin : USA

 

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : World-wide (state oriented)
Supported by organization, club,... (e.g. as sponsor) : N/A

 

Brief description of the product
Give a brief description of the product containing general information, overview of functions…

  • Control Compliance Suite (CCS) Risk Manager enables security leaders to better understand and communicate risks to the business environment from their IT infrastructure. Risk Manager translates technical issues into risks relevant to business processes, delivers customized views of IT risk for different stakeholders, and helps prioritize remediation efforts based on business criticality rather than technical severity.

 

Supported functionality
Specify the functionality this tool provides.

R.A. Method activities supported

  • Risk identification : Using Technical Standards (E.G. ISO 27001, 27002) or as an organization identifying risk.
  • Risk analysis : CCS Risk Manager provides powerful out of the box tools to allow an organization to measure, mitigate and remediate their IT risks and communicate exposure and support stakeholders at all levels for IT excellence.
  • Risk evaluation : CCS Risk Manager allows organizations to use Workflow as well as logical operations to be able to evaluate, score, prioritize and know where their exposures are, and how to address them.

Other phases

  • Asset inventory & evaluation - Symantec Control Compliance Suite features a flexible, scalable data framework which is critical to providing a rich data-driven view to multiple audiences. This framework greatly simplifies the process of bringing together and 'normalizing' information from multiple different sources, so that it can be viewed in a common format. The suite brings together automated, technical assessment information with manual data inputs and procedural assessment information. It combines all of this with additional data from other Symantec and non-Symantec solutions, providing a rich set of information available for better analysis and decision making. The result is a truly multi-dimensional view of the IT risks associated with any given business process, group or function.

R.M. Method phases supported

  • Risk assessment: Predefined and customizable assessments are possible with CCS Risk Manager
  • Risk treatment :Measurement, Scoring, Trending, give the management an ability to illustrate how these issues are causing unacceptably high risk to the company's online e-commerce site, transaction processing system or other key business process
  • Risk acceptance : CCS Risk Manager provides different dashboard views provide business stakeholders with the information they need to make better decisions around IT risk, while ensuring that security and IT operations teams are more closely aligned on what needs to be done to reduce the most critical risks to the business.
  • Risk Communication : CCS Risk manager allows groups to facilitate more effective communication around IT risk by allowing security leaders to customize dashboards with audience-specific risk metrics.
    -Executive-level dashboards can illustrate high-level metrics, such as risk by business unit, or risk scores for mission-critical business processes.
    -Security operations dashboards can drill down to examine technical details behind these risk scores.
    -Dashboards for IT operations can outline detailed remediation plans and monitor risk reduction over time as scheduled remediation activities take place.
    -Additionally a number of communications formats, email, and data exports can be generated for popular office and communications use.

Other phases

  • N/A

Other functionality

  • 3rd Party EDI Connectors : A rich set of interfaces to allow for data import, reporting and remediation for a holistic view of an organisations risk posture.

Information processed

  • N/A

 

Lifecycle
Date of the first edition, date and number of actual version

Date of first release : N/A
Date and identification of the last version : N/A

 

Useful links
Link for further information

Official web site : http://www.symantec.com/theme.jsp?themeid=control-compliance-suite
User group web site : http://www.symantec.com/connect/security/forums/control-compliance-suite
Relevant web site : N/A

 

Languages
List the available languages that the tool supports

Languages available : DE, FR, ES, IT, SC, JP

 

Pricing and licensing models
Specify the price for the product (as provided by the company on May 2012)

  • Price:€ 227,330 - Base license up to 500 users including 12 months maintenance
  • Maintenance: € 27,330 - 12 month maintenance additional years

Sectors with free availability or discounted price : Price information is recommended list price. Discounts apply relative to number of users and servers - price shown is example for up to 500 users. Also discounts apply for Government and Education/Academic organisations.

 

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : Download
Identification required : Yes - evaluation license required and available
Trial period : 30 days by default

 

Tool architecture
Specify the technologies used in this tool

  • Database: Microsoft SQL is used for Data Content and Reporting
  • Web server: Microsoft IIS / Popular Web Browsers are used for Dashboards, Consoles, Reporting UI
  • Application Server: Microsoft Server 2003R2/2008R2 64-Bit hosts the CCS and Associate modules.
  • Client: Displaying Dashboards and Reports

 

Page top

Scope

Target public
Defines the most appropriate type of communities for this tool

  • Government, agencies
  • Large scale companies
  • SME
  • Commercial CIEs
  • Non Commercial CIEs

Specific sector : N/A

 

Spread
Information concerning the spread of this tool

General information : World-wide in many different organizations
Used inside EU countries : N/A
Used outside EU countries : N/A

 

Level of detail
Specify the target kind of people for this tool based on its functionality

Management : Identify current state of risk in their organization - Provides organization-wide dashboard view of current risk position.
Operational : Identify top remediation areas - Drill-down capability for determining specific assets at risk and priority
Technical : Specific remediation action - Detailed information on how to address the technical issue

 

Compliance to IT Standards
List the national or international standard this tool is compliant with

  • Common Criteria EAL 3+ - Previous version (10.5.1 is EAL 3+ certified) Version 11 currently under evaluation. Evaluation should complete within 3 months
  • VPAT - Associated with Section 508
  • FIPS-140-2

 

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • Tool provides assessment of customer's IT infrastructure against specific mandates, regulations &security best practices - Product leverages more than 150 embedded standards, regulations, frameworks &best practices that are commonly required by commercial and public sector organizations

 

Training
Information about possible training courses for this tool

  • Course :Sales Engineer Presentations
    Duration : Ad Hoc
    Skills : General Security IT administration level
    Expenses : Varies depending on size of organization and complexity of environment

 

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : General Windows IT administration skills
  • To use : General IT Security Operations skills
  • To maintain : General IT Security Operations skills

 

Tool Support
Specify the kind of support the company provides for this product

Support : Various level of telephone and electronic support - Support contract purchased with product software. Various levels available providing different availability of support.

 

Organization processes integration
Describe user roles this tool supports

Supported Roles

  • Information Security-Risk &Compliance - Responsible for ensuring organization meets it IT compliance requirements and IT risk goals

Intergration in Organization activities

  • N/A

 

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools

  • Data collection - Product can pull assessment &technical information from other supported deployed products

 

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • Product Knowledge Data base - Access provided as part of product support contract

 

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • Integrated database - SQL Server - Fixed schema that allows flexible queries for various information needs
  • Product knowledge database - Queries on specific product information
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies