TAKING COMMAND OF YOUR GRC JOURNEY WITH RSA ARCHER

Similar documents
SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

INTELLIGENCE DRIVEN GRC FOR SECURITY

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

RSA Advanced Cyber Defence Summit

Professional Services for Cloud Management Solutions

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Implementing ITIL v3 Service Lifecycle

MITIGATE CYBER ATTACK RISK

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Helping the C-Suite Define Cyber Risk Appetite. The executive Imperative

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

The University of Queensland

Symantec Data Center Transformation

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Networking for a dynamic infrastructure: getting it right.

Cisco Start. IT solutions designed to propel your business

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Cybersecurity. Securely enabling transformation and change

Networking for a smarter data center: Getting it right

Demystifying GRC. Abstract

ACL Interpretive Visual Remediation

RSA Cybersecurity Poverty Index : APJ

Next Generation Policy & Compliance

VMware Cloud Operations Management Technology Consulting Services

RSA INCIDENT RESPONSE SERVICES

RSA NetWitness Suite Respond in Minutes, Not Months

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Accelerate Your Enterprise Private Cloud Initiative

ALIGNING CYBERSECURITY AND MISSION PLANNING WITH ADVANCED ANALYTICS AND HUMAN INSIGHT

How Cisco IT Improved Development Processes with a New Operating Model

OVERVIEW BROCHURE GRC. When you have to be right

NEXT GENERATION SECURITY OPERATIONS CENTER

The Windstream Enterprise Advantage for Banking

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

RSA Cybersecurity Poverty Index

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

THE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Angela McKay Director, Government Security Policy and Strategy Microsoft

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

THE STATE OF IT TRANSFORMATION FOR RETAIL

CYBERSECURITY MATURITY ASSESSMENT

ORGANIZATIONS FACE RAPID RATE OF REGULATORY CHANGE

Leading the Digital Transformation from the Centre of Government

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

How Your Organization Can Drive Success in the Age of Digital Disruption

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Optimisation drives digital transformation

Preparing your network for the next wave of innovation

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Improving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN

HPE IT Operations Management (ITOM) Thought Leadership Series

WHAT CIOs NEED TO KNOW TO CAPITALIZE ON HYBRID CLOUD

Smart Data Center Solutions

Micro Focus Partner Program. For Resellers

Modern Database Architectures Demand Modern Data Security Measures

SIEM Solutions from McAfee

Cyber Security and Cyber Fraud

New Zealand Government IBM Infrastructure as a Service

GDPR Update and ENISA guidelines

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Enterprise GRC Implementation

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

MODERNIZE INFRASTRUCTURE

The State of Cybersecurity and Digital Trust 2016

UNLEASHING THE VALUE OF THE TERADATA UNIFIED DATA ARCHITECTURE WITH ALTERYX

FOR FINANCIAL SERVICES ORGANIZATIONS

THE POWER OF TECH-SAVVY BOARDS:

What to Look for in a Partner for Software-Defined Data Center (SDDC)

RSA INCIDENT RESPONSE SERVICES

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Now on Now: How ServiceNow has transformed its own GRC processes

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Advancing Customer-Driven Solutions for Ontario

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Risk Advisory Academy Training Brochure

Sustainable Security Operations

Run the business. Not the risks.

E X E C U T I V E B R I E F

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Modernizing Healthcare IT for the Data-driven Cognitive Era Storage and Software-Defined Infrastructure

Executive brief Create a Better Way to Work: OpenText Release 16

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Data Management and Security in the GDPR Era

Your Challenge. Our Priority.

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

CA Security Management

Pave the way: Build a value driven SAP GRC roadmap March 2015

Cyber Espionage A proactive approach to cyber security

Toward an Automated Future

Transcription:

TAKING COMMAND OF YOUR GRC JOURNEY WITH RSA ARCHER Inspire Everyone to Own Risk ABSTRACT Organizations must implement a cohesive risk management program to protect against loss while remaining agile to meet strategic objectives. RSA Archer can transform your compliance program and enable your organization to proactively manage risk by providing improved visibility, enabling better decisions to achieve business objectives with more predictable results. RSA Archer provides a technology platform that leverages a common framework for managing risk and compliance in the context of your business, which is necessary for your governance, risk and compliance (GRC) program to succeed in today s increasingly complex risk landscape and competitive markets. May 2016 WHITE PAPER

Copyright 2016 EMC Corporation. All rights reserved. RSA believes the information in this document is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. EMC 2, EMC, the EMC logo, RSA, the RSA logo, and Archer are registered trademarks or trademarks of EMC Corporation in the United States and other countries. VMware is a registered trademark or trademark of VMware, Inc., in the United States and other jurisdictions. Copyright 2016 EMC Corporation. All rights reserved. Published in the USA. 5/16 White Paper H15097 2

TABLE OF CONTENTS WHY RISK INTELLIGENCE?... 4 BRINGING VALUE TO THE ORGANIZATION... 4 THE ROAD TO MATURITY... 4 RSA ARCHER SOLUTION & USE CASE APPROACH... 5 INSPIRE EVERYONE TO OWN RISK... 6 CONCLUSION... 7 3

WHY RISK INTELLIGENCE? The next five years will bring even more pressure and greater shifts in the way governance, risk and compliance (GRC) programs need to operate to succeed. Not only are regulations and risk management needs changing, but the technology used to power businesses is radically shifting. The delineation between digital strategies and business has disappeared, and any differentiation between cyber risk and business risk has vanished. Given that many new business growth strategies rely on technology, organizations must be able to manage cyber risk as part of their risk management strategy. GRC programs must create a unified risk culture and a common language across the enterprise in order to understand risk in the context of the organization s overall objectives. Therefore, effective risk management practices must address cyber risk and business risk in equal measure and provide a consolidated view of risk to executives and practitioners. Today s business environment is fraught with risk. Technology and eeconomic and market conditions affect organizations on a daily basis. The constantly changing risk landscape is a leading topic in headlines, industry forums, media outlets and Board rooms. We are moving to a world where your risk management approach is not only your defense against known and unknown risks, but a critical component of your competitive advantage. Rather than avoiding risk, organizations need to effectively position themselves to embrace risk with confidence to successfully seize growth opportunities in the market. Risk management is becoming a core capability that separates the winners from the losers. Organizations that understand and effectively manage risk will prosper, while those that cannot will fail. Success starts with the ability to manage risk in a manner that frees up resources to focus on the company s long term, strategic objectives. Executives need relevant, up-to-date risk information in order to make the right decisions and pursue the right opportunities. With so much change in the risk landscape, organizations need agile, flexible programs to anticipate and mitigate risk. Without these programs, a wrong decision could be costly to the business and the company s brand reputation. While most organizations have built out risk processes and programs in one section of the company, organization are often left with isolated pockets of risk management, with efforts duplicated or, even worse, skipped entirely, leaving serious gaps. Insight into risk is often incomplete, inaccurate or delayed. These factors make it difficult to ensure accountability and impossible to prioritize where to dedicate resources. Ultimately, the business does not have the risk insights needed to make the right decisions to protect company value and drive growth. RSA Archer's Risk Intelligence approach represents balance in addressing and managing major risks facing organizations today while providing insights to help them make the right business decisions and explore new opportunities with predictability. As the backbone of your governance, risk and compliance program, RSA Archer enables you toleverage processes, break down organizational silos to share data for greater visibility, and build efficiencies across your organization to effectively transform compliance, manage risk and exploit opportunity. BRINGING VALUE TO THE ORGANIZATION These days, executives cannot afford to invest in anything that does not bring value to the company, and risk and ccompliance functions are no exception. Results and Reach are simple measurements of the value your GRC efforts bring to the organization. GRC programs are expected to deliver Results with a constant increase in effectiveness in managing risk and compliance in order to raise the right issues with the appropriate priority. There also needs to be continued expansion of Reach within the GRC program ideally, protecting more and more of the organization as the program matures. As Results and Reach increase, so does the Value of the risk and compliance program to the organization. For oorganizations looking to improve their Results and expand their Reach, the first step is meeting the company's Compliance obligations. Most organizations have achieved a certain level of Results due to compliance initiatives and then work to expand their compliance Reach. The second step is managing Risk by improving processes and addressing a broader set of business concerns. Ultimately, the goal is to reach the point where the organization can use Compliance and Risk as a competitive advantage truly bringing value to the organization by helping drive Opportunity. THE ROAD TO MATURITY No organization can achieve complete visibility into risk. There is no crystal ball that will magically outline opportunity, map risks, and provide a distinct, unobstructed path to success. However, there are specific stages organizations can move through in building Risk Intelligence. Siloed Stage: Many organizations are stuck in the most elementary risk and compliance approaches that attack individual issues within a stovepipe strategy. This strategy relies on constant fire-fighting mode for the front line and functional employees. Some silos may be mature, but some could be missing or just forming. With the focus typically on compliance and tactical risks, the 4

organization cannot see beyond the immediate issue. Risk managers are hunkered down in the trenches with little movement forward, relying on old fashioned approaches that may get the job done but will never keep pace in today s market. These organizations need to take this compliance crush off the table and start solving regulatory and industry needs in the most efficient and effective manner. This requires automating compliance and building a cohesive strategy to deal with the compliance table stakes of doing business. Compliance obligations need to be tackled but with an eye towards the future. Building more silos at this point is futile. Risk and compliance functions need to focus on where data and processes can be leveraged, reused and shared and limitations of niche, operational tools can be overcome. By Transforming Compliance, companies will pave the way to the next stage in their journey. Managed Stage: Companies in this stage have solved or are well on their way to solving the compliance conundrum and are poised to harness risk. Transforming Compliance has resulted in common policies, standards and controls, an effective control infrastructure, and efficient methods to measure, monitor and report compliance state. Companies in this stage need to become aware of the various risks they are juggling and put plans in place to manage these risks within the context of a broader strategy. A key factor in this evolution is addressing both cyber/technical risk and business risk with a combined strategy. The business needs to understand the risks in its technology landscape, and technologists must be active participants in addressing business risk. The risk program should be focused on giving the business the insight to navigate major issues. This progress is being fueled more and more by metrics and analytical capabilities that provide visibility into risk. Companies in the Managed stage begin building the bigger picture, shoring up strong competencies, and bringing weaker elements up to a stable state. As the GRC program matures, effort begins shifting from compliance as the key driver to more focus on risk. The organization eventually reaches a point where the Opportunity Landscape starts taking shape and the company is then poised to move to the next stage Advantaged. Advantaged Stage: When the organization has mapped out and conquered the Risk Landscape, they can begin exploring the Opportunity Landscape. The organization is now ready to realize the competitive advantages of harnessing risk beating competitors to market, launching new products and services with calculated efficiencies, and avoiding major issues that affect reputation and the bottom line. They have turned the corner from managing Unrewarded Risk to benefitting from Rewarded Risk. Organizations in this stage focus on speaking business language rather than risk language. They are able to identify and respond to emerging risks ahead of the curve, using common taxonomies, common approaches, well-oiled decision-making processes, and, most importantly, data to support their decisions. This is where the full power of Risk Intelligence comes to bear, as the organization explores and exploits the Opportunity Landscape. RSA ARCHER SOLUTION & USE CASE APPROACH To address risk as a multi-dimensional challenge, RSA Archer offers solutions in seven areas Audit Management, Business Resiliency, IT & Security Risk Management, Enterprise & Operational Risk Management, Regulatory & Corporate Compliance Management, Third Party Governance, and Public Sector Solutions. Each solution is designed based on best practices and industry standards, to build an integrated and effective risk and compliance program. Leveraging RSA Archer s long history in building enterprise class GRC solutions, organizations just starting their GRC journey can quickly implement proven methodologies, while those with more sophisticated processes can leverage RSA Archer s industry leading solutions to build even stronger programs. RSA recognizes that not all organizations have the same GRC needs or level of maturity. RSA Archer GRC solutions are built using an integrated use case approach to address an individual organization s specific needs. Each use case includes the necessary components to implement best practices while driving an integrated strategy. This approach enables you to focus on key processes that work together to mature your GRC program, allowing your organization s program to grow incrementally as your needs change. 5

RSA Archer use cases are segmented into three classes: Foundation use cases provide a starting point for organizations that are just beginning their GRC journey. These use cases target organizations in the Siloed stage, enabling the move away from spreadsheets to gain efficiency, accountability, and visibility in managing issues and risks. The Foundation use cases emphasize fundamental processes necessary for a basic GRC program managing issues and incidents, cataloging risks, cataloging third parties, and identifying critical business processes. Managed use cases drive maturity of your GRC program by enabling collaboration across several risk functions within the business, integrating multiple data sources, and building repeatable, consistent processes to raise risk visibility within the organization. These use cases build upon the Foundation use cases, adding more sophisticated capabilities to address a broader set of requirements. Advantaged use cases transform risk into a competitive advantage for the organization. These use cases allow your program to connect risks to business objectives, enabling an open dialog and the visibility necessary to move beyond managing risk to anticipating the business needs. These use cases combine Managed use cases with additional processes to optimize risk management efforts. INSPIRE EVERYONE TO OWN RISK Governance, risk and compliance programs are not as simple as a ttechnology implementation. GRC programs must revolutionize how a business approaches its strategies and meets its objectives. This is a cultural shift that starts with executives at the top of the organization and extends to the people on the first line of the business. The ttechnology underpinning these efforts must also inspire people to change the way they think and work.this is the driving force behind RSA Archer s vision to Inspire Everyone to Own Risk. Everyone in the organization has a role in addressing compliance and risk. RSA Archer can help you change the way you address compliance and risk and conduct business by providing your executives the insight they need to make better and bigger -- decisions. RSA Archer technology is designed to INSPIRE business managers to engage in the dialog to identify, assess and decision risk and view risk management as an enabler of the business, rather than a drag on the business. RSA Archer serves as the lynchpin in making risk and compliance processes understandable and actionable for all users, from front line employees and risk, ccompliance and security managers to executive management. RSA Archer addresses these needs through innovation from multiple angles from an intuitive interface and task-driven landing screens to flexibility and configurability of the RSA Archer GRC Platform and the RSA Archer solutions as your GRC program matures. 6

The second word in our vision EVERYONE - has multiple meanings. "EVERYONE" means every individual in the organization has a role to play in managing risk. RSA Archer s intuitive user interface highlights our commitment to help organizations engage the first, second and third line of defense and bring continuity to your GRC program. As the technology interface between risk data and the individuals making decisions, RSA Archer s ease of use, simplicity, reporting insights, and task management are critical parts of a successful GRC program. EVERYONE also speaks to the growing need forcompanies of all sizes and industries to improve their risk management. RSA Archer s use case approach driving an integrated strategy through a series of discrete implementations is core to enabling organizations implement risk management programs that are right sized for their business needs, with room to grow and mature. Ownership and accountability is critical in a GRC program., and TO OWN goes even deeper than that. RSA Archer wants to enable organizations to truly own risk that is, to CONTROL risk in order to do what propels the business and not let risk stand in the way of business opportunity. When you have that level of control, you can turn risk into a competitive advantage. RSA Archer provides a central, integrated platform and risk management solutions that drive informed business decisions. Using RSA Archer, our customers have cut months off risk assessment programs to launch new products, cut costs by rapidly responding to regulatory demands, and contained serious incidents before they escalated into full blown crises. RSA Archer continues to evolve GRC solutions by incorporating industry standards, leveraging lessons learned through open dialog with our customers, and a steadfast focus on improving time to value for every part of our technology. Above all, RSA Archer s vision is all about RISK. Our ultimate goal is to enable organizations to implement effective, efficient processes to identify, assess, monitor and report on risks across the enterprise and bridge the gap between business and cyber risk. The ability for an organization to clearly articulate a consolidated view of risk is invaluable in navigating today s turbulent market. Workflow is critical to risk management to get the right people involved in the process and is a constant within our product strategy. The ability to gather, interpret and report on data such as loss events, issues and findings, vulnerabilities and security events, or regulatory intelligence is an essential component of a future-looking risk program. The enterprise scale capabilities of RSA Archer GRC solutions give you the foundation for building the Risk Intelligence you need today. CONCLUSION GRC is not a challenge that can be solved simply with technology. It is a business imperative that must be addressed through a shift in focus, priority, and culture within a company that makes risk management an integral and proactive part of how the company thinks and acts. This is the Risk Intelligence that will drive your company s success. By driving better Results and broader Reach, your GRC program can demonstrate significant Value to your organization. This requires a GRC maturity journey to take risk and compliance efforts from Siloed approaches, to consistent Managed processes, to an enterprise class Advantaged program that provides the competitive advantages that come with harnessing risk. Technology plays a critical role in this maturity journey. With RSA Archer s innovative GRC platform and integrated solutions, you can take command of your organization s GRC journey and Inspire Everyone to Own Risk. 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback