ABOUT SYMANTEC

Press Release

IT Policy Compliance Group Launches New Web Site for Compliance Research

Latest Report Highlights Firms Spending More Than 10 Percent of IT Budget on Security Experience Lower Levels of Compliance Deficiencies

CUPERTINO, Calif. – Dec. 4, 2006 – The IT Policy Compliance Group today announced that it has launched a new web site www.ITPolicyCompliance.com and expanded its membership with the addition of Protiviti. The web site features research findings, guidance, and contributions from compliance experts to assist organizations with improving compliance results. The IT Policy Compliance Group’s latest research report titled “Managing Spend to Improve IT Compliance Results” is now available for download. According to the report, IT compliance leaders are spending 9 percent more on equipment and software and 11 percent less on contractors.

The IT Policy Compliance Group is a group of compliance professionals who have come together to promote the development of fact-based research and information designed to help organizations more effectively achieve their policy and regulatory compliance goals. The group is dedicated to expanding awareness of IT policy compliance as a valuable business function and helping to clarify the value of IT policy compliance through research and publishing activities that helps IT professionals to define, implement, and sustain IT policies that demonstrate and promote compliance.

“The research conducted by the IT Policy Compliance Group provides insight into the actions, capabilities, practices, and success factors for organizations seeking to meet today’s growing number of regulatory mandates, and internal policy initiatives without introducing too many controls that could otherwise reduce competitive business results” said Arshad Matin, vice president, compliance and security management, Symantec Corp. “The IT Policy Compliance Group helps fill gaps in our knowledge about specific IT compliance and IT security practices by conducting primary research among enterprise, medium and small businesses.”

The www.ITPolicyCompliance.com web site is designed to deliver actionable content to help IT professionals meet the policy and regulatory compliance goals of their organizations. For example, past research indicates that IT compliance leaders implement continuous controls monitoring on average of once every 21 days. By comparison, industry laggards are measuring results once every nine months. Supported by members that include: Institute of Internal Auditors, Computer Security Institute, Protiviti and Symantec (collectively known as the IT Policy Compliance Group), the web site delivers fact-based information without advertising, marketing, and sales pitches.

“We are pleased to add to this body of knowledge. As the voice of the internal audit profession, it’s natural that The Institute of Internal Auditors provides guidance on how technology and internal controls should intersect,” says IIA President, David A. Richards, CIA. “Technology adoption is advancing so quickly and there’s so much associated risk that organizations are in desperate need of as much guidance as possible.”

“Protiviti is pleased to be a part of this cooperative effort to drive greater understanding of, and improvements in, policies and regulatory compliance processes within organizations worldwide,” said Rocco Grillo, Director for Protiviti’s Security practice. “We look forward to sharing our research and thought leadership as well as knowledge and key takeaways gained from our ongoing work in these areas.”

The IT Policy Compliance Group provides practical guidelines and best practices for helping IT professionals and auditors plan, implement and manage successful compliance programs. IT policy compliance should be recognized as an ongoing, critical business function that protects and enables an organization’s growth and success. IT policy compliance can add value to businesses, enabling them to grow securely and in some cases improve operational efficiencies and services.

For more information and to download the latest research report titled “Managing Spend to Improve Compliance Results” visit www.ITPolicyCompliance.com.

About IT Policy Compliance Group

The IT Policy Compliance Group is dedicated to improving IT compliance results for organizations and is made up of members from several leading organizations including: the Computer Security Institute, The Institute of Internal Auditors, Protiviti, and Symantec Corporation. The group conducts fact-based benchmark research to determine the best practices that result in improvements to IT compliance results for organizations.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in US dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.