RealTime IT News

Symantec Adds Risk Management Consulting

Symantec has announced a new consulting service designed to bring the disparate elements of IT risk exposure and remediation under one umbrella. The Symantec Foundation IT Risk Assessment is built on Symantec's services and application to provide methodologies for improved practices across all IT risk areas.

Symantec  lists four pillars of IT risk as security, availability, performance and compliance. In many instances, the company has noticed firms are not tying the activities and investments in these pillars under one banner.

"Information might be assessed from all four focuses, but linking those four areas into an overall program lens is not something that organizations have been able to do in an effective fashion," Samir Kapuria, director of global consulting services for Symantec told internetnews.com.

Most organizations have looked at these four topics as discrete topics. The security group operates in a tactical or reactive mode. Another group is focused on compliance, regulatory and corporate governance but might be part of a different division or organization.

As a result, the four pillars don't have the same advocates, and often don't know what the other is doing, Kapuria noted.

As part of this, Symantec has developed a modeling tool called INFORM (INFOrmation assurance Risk Model) to gather qualitative and quantitative data from the clients and to generate a report based on what it found.

INFORM is based on industry frameworks like Information Technology Infrastructure Library (ITIL)  and BS17799. In essence, the goal of the tool is to measure a company's risk management competency against these standards and provide benchmarking on how efficient the four pillars are being run.

Symantec consultants then provide a report and recommendations on what should be done to remediate the problems. Kapuria said Symantec has more than 1,100 consultants ready to go for interested clients.