Symantec Solution Measures Compliance Of Systems

by Sunil Kumar    Aug 24, 2005

Symantec Corp has launched its Enterprise Security Manager (ESM) 6.5, which enables organizations to effectively measure the compliance of information systems based on industry, regulatory and corporate security policies and standards. The solution provides the information and intelligence necessary to efficiently remediate non-compliance issues.

In an exclusive to CXOtoday, Jeffrey Hoo, services and management systems field director, regional product marketing, Symantec Corp, Asia Pacific outlined the facets of the product and its core USP for Indian banks.

Said Hoo, “Information security is most critical for an enterprise because the key factor in the end is information integrity. My impression of most Indian banks is that they are focusing on credit risk and not operational risk. What CIOs need is a solution that measures residual risk and then measure it and report it to the management. That is where ESM 6.5 comes in.”

“According to most sources, the BASEL II compliance mandate was set at 2006. But after my discussion with the Indian banking fraternity, the RBI has now revised the date to March 2007,” noted Hoo.

When CXOtoday queried Hoo on the interface with legacy systems prevalent in the Indian enterprise arena, he responded, “Indian banks need to internally audit the operational risk and then initiate relevant processes for information security. Our solution can mitigate the risk and serve as an early warning system with a proactive approach.”

According to Hoo, “Given the number of worm attacks in the recent past, CIOs need to focus on mission-critical apps in the security infrastructure. Also, DDOS attacks and natural calamities jeopardize data security and information integrity in any enterprise. Our product with a security focus serves as an early warning system, which CIOs can use as an audit, security and compliance tool.”

Waxing eloquently he further said, “APAC can be classified into two areas, structured, efficient banking systems such as Australia and Singapore, which have minimal legacy issues and countries such as India and China where BASEL II compliance has to overcome certain inherent systemic issues. In the Greater China area, mainland China currently has to overcome legacy and compliance issues, which are more severe than India.”

“Change control for a bank would depend on the amount of data and how banks manage data. Roles and responsibilities have to be clearly defined and a good consulting team has to be put in place. Information integrity is a double-edged sword, it depends on the technology and also the people implementing it,” said Hoo.

According to him, Indian banks would be at a BASEL-II disadvantage if they get into a last-minute huddle considering G-10 countries rule the roost. To minimize costs, automation is the key.

“Compliance is a daunting task for enterprises. Already under extreme resource constraints, companies face increased pressure from regulators while conducting business in ever-changing threat environment,” said Rowan Trollope, vice president of security management solutions at Symantec.

Government, oversight committees and standards boards now require an unprecedented level of attention on critical issues with respect to data reliability, integrity and security, especially in the context of customer privacy and financial reporting. Failure to comply can result in lost business and customer confidence, in addition to financial and legal liability. As regulation requirements increase, stakeholder demands are also rising. Consumers now look far more closely at a company’s privacy and data protection policies.

Symantec ESM automates the process by proactively monitoring and measuring the organization’s compliance to security practices and regulations, ensuring all their systems are compliant with greater efficiency.

Symantec ESM regularly scans all systems to ensure compliance with stringent regulatory standards, including the new Visa CISP regulation. The solution also offers pre-configured policy assessment templates for Federal Information Security Management (FISMA) (NIST 800-53), Gram-Leach-Bliey Act, Health Insurance Portability and Accountability Act (HIPAA), North America Electric Reliability Counceil (NERC) and Sarbanes-Oxley Act.

Further, the solution also includes industry best practice security policies ISO17799/2005 (BASEL II compliant), SANS Top 20 and Center for Internet Security (CIS) Benchmarks.

Tags: compliance