Home > Information Security Magazine > Features > Reworking Risk Policy
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Reworking Risk Policy
by Harris Weisman
Issue: Jun 2006
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   NEXT PAGE  >

Another noteworthy feature of many policy management products is that they integrate across the enterprise, pulling data from a variety of sources, including backup, antivirus, content filtering solutions, firewalls, operating systems and routers; these data feeds should reduce the amount of data the user has to sift through. Some automated tools also integrate vulnerability management, keeping systems up to date and addressing emerging threats and zero-day exploits.

The ability of policy management tools to automatically correlate large amounts of disparate data can also facilitate regulatory compliance and reporting since it allows users to pull compliance data for specific regulations. A major complaint among security professionals is the redundant requests for the same audit-related information from external auditors, internal auditors and government regulators. Instead of having to complete several different audits that address similar issues, these tools allow you to generate reports tailo...



red for different groups.

Automated policy management tools can also monitor for violations and track policy exceptions. A key benefit is that all reports are consolidated into one management console, making them easier to track than with the manual approach. But they are not really active monitoring products--they won't act like a fire alarm. Symantec, however, plans to integrate BindView with technology that manages incidents; other tools are designed to integrate with security event management products.

None of the products are plug-and-play--all take time to implement; some even require companies to convert their policies into a specific format. Implementation times vary depending on the product and the state of the organization's policies.

Along with implementation times, software cost is a key consideration with automated tools. For instance, the Elemental Security Platform 2.0 starts at about $35,000 with server agents costing around $600; workstation and laptop agents cost $60.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts