Preparing for risk assessment

book

Article ID: 179430

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

 

Resolution

Preparing for risk assessment

The organization of all the known assets into the system is a crucial step in the process of governance in IT. Symantec Control Compliance Suite lets you collect the data for the assets, manage and monitor the assets, and evaluate the assets against a set of standards. You can collect the asset data either from the data collection components in the system or from a CSV file. Symantec Control Compliance Suite lets you reconcile the collected asset data based on certain rules.

The Symantec Control Compliance Suite supports certain predefined platforms and predefined asset types. The Symantec Control Compliance Suite also provides the flexibility to create your own asset types and perform the risk assessment on the custom asset types.

You are ready for the risk assessment when you have imported all the known assets into the asset system. Before you begin the asset import, it is recommended that you review the basic concepts in the asset system.

Table: Preparing for risk assessment

Task

Description

Register Data Processing Service

Before the Application Server can use a newly installed Data Processing Service (DPS), you must register the DPS. with the Application Server. When you register the DPS, you also assign the DPS to a site and specify the DPS roles.

See Registering the Data Processing Service.

See Importing the specific and common fields for custom asset using the CSV data collector.

Go to Settings > Map View > Register DPS.

Configure data collectors

Go to Settings > Map View > Right-click the site > Edit settings.

In the Data Processing Service dialog box, configure the following data collectors:

  • Navigate to Collector - General Settings tab.

    Configure at least one data collection component to collect the assets. You can configure the data collector for the platform for which you want to import the assets.

    For example:

    If you want to collect the data for the Windows platform, you must configure the Windows Information Server settings.

    See Configuring the data collectors.

  • Navigate to Collector settings by site and click CSV Settings.

    Select Common from the platform list. Configure the Common platform through CSV settings if you want to collect the data for the fields that are common for all the asset types.

Set up the reconciliation rules

Go to Manage > Asset System > Reconciliation Rules > Create Rule.

Perform one of the following tasks to use the reconciliation rules:

  • Use the predefined reconciliation rules to add the assets into the asset system for the first time.

    However, the predefined reconciliation rules add all the imported assets into the default folder, Asset System.

  • Create you own reconciliation rules to organize the assets into the asset system in a specific folder hierarchy.

    See Creating reconciliation rules without manual review.

Import the assets

Go to Manage > Assets > Asset System > Asset Tasks > Import Assets.

Perform the following tasks to import the assets into the asset system:

Create asset groups

Go to Manage > Assets > Asset System > Asset Group Tasks > Create Asset Group.

Perform the following tasks with the asset groups:

  • Create static and dynamic asset groups to create asset clusters on the basis of a common logical criteria.

    See Creating a static asset group.

    See Creating a dynamic asset group.

  • Use the predefined dynamic asset groups.

    Copy a relevant predefined asset group to the folder in which you want to create an asset cluster.


Assessing the compliance and the risk posture of the system