Called Symantec Foundation IT Risk Assessment, the service identifies, categorizes and prioritizes current IT risks so organizations can invest in projects that manage risk, cost and performance more effectively.
The service also includes workshops and interviews with employees, and measures the maturity of an organizations IT risk management policies in comparison with industry standards such as ITIL (Information Technology Infrastructure Library) and BS17799, said Darren Thomson, senior director of IT risk management at Symantec, based in Cupertino, Calif.
"Its impossible to prioritize and therefore budget effectively for risk management projects if you dont have a complete picture," Thomson said.
Symantec Consulting also uses the Symantec INFORM (Information Assurance Risk Model) tool to gather data from clients and generate gap analyses and solution recommendation reports. The INFORM program is a set of vendor-neutral tools, based on Symantecs peer benchmarking platform made up of more than 800 customer surveys on IT risk management, Symantec officials said.
The service culminates with a full report that includes an executive summary of the organizations IT risk posture as well as recommendations for remediation.
"The Foundation IT Risk Assessment really allows us to engage with a client to help them to take that first step so they are able to build a very comprehensive view of the IT risks that exist in their organization," Thomson said.
While there are many other companies that perform risk assessments, Jon Oltsik, an analyst at Enterprise Strategy Group, said Symantecs service distinguishes itself from some consulting services because it focuses on multiple areas.
"Its a real good, focused scorecard on where you stand and what you need to do," Oltsik said.
The list price of the service is roughly $50,000.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.