RSA CHARGE 2019: Call For Speakers Now Open For Submissions

EMC logo


It’s official – time to get your creative juices flowing as the RSA Charge 2019 ‘Call for Speakers’ (C4S) is now open and awaiting your submissions!

 

As you are aware, the RSA Charge events represent all RSA products and an increasing number of customers across solutions attend this one-of-a-kind event each year. The RSA 2019 Charge promises to be the biggest event in our history of RSA Charge and Summit conferences. 

 

The RSA Charge event is successful in no small part because of the stellar customer submissions we receive each year. We invite you to submit your presentation brief(s) for consideration.(That’sright, you may submit more than one submission brief!)

 

This year for the first time the ‘8’ Tracksfor RSA Charge 2019 are identical across all products and represent all RSA solutions. We are pleased to present the them to you:

 

Transforming Your Cyber Risk Strategy– Cyber-attacks are at the top of the list of risks for many companies today.  Tell us how you are approaching reducing this risk utilizing RSA products.

 

Beyond the Checkbox: Modernizing Your Compliance Program – The regulatory landscape is always shifting.  How are you keeping up and what steps are you taking towards a sustainable, agile compliance program?

 

Aligning Third Party Risk for the Digital Transformation – Inherited risk from your business partners is a top of mind issue.  Third party risk must be attacked from multiple angles.  Share your strategy.

 

Managing Operational Risk for Impact–  Enterprise risk, operational risk, all things risk management.  Share your experience and strategy on how you identify, assess and treat risk across your business operations.

 

View from Above: Securing the Cloud – From security visibility to managing organizational mandates, what is your risk and security strategy to answer the “go to cloud” call.

 

Under the RSA Hood: Managing Risk in the Dynamic Workforce – The workforce has become a dynamic variable for many organizations – from remote users to BYOD to contractors and seasonal workers.  How are you addressing this shift?

 

Business Resiliency for the ‘Always On’ Enterprise – The world expects connectivity.  When the lights are off, the business suffers.  Tell us how you are ensuring your business is ‘always on’ – business continuity, recovery, crisis management and the resilient infrastructure.

 

Performance Optimization: RSA Product Learning Lab – Share your technical insights of how you use RSA products to meet your business objectives.  Extra points for cool ‘insider’ tips and tricks.

 

We know you have great stories to share with your peers, best practices, teachings, and how-to’s. We hope you consider submitting a brief and thank you in advance for your consideration. More information can be found on the RSA Charge 2019 website (scroll to bottom of page) including the RSA Charge 2019 Call for Speakers Submission Form. Submission should be sent to: rsa.events@rsa.com.

 

Call for Speakers ‘closes’ April 19. 


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

Inspire Everyone to Own Risk with the RSA Archer Speak Up App-Pack

EMC logo


What would you do if you heard an advertisement on the radio misrepresenting a product your company offered?  I’d like to share a true story and how RSA Archer helped this organization’s first line of defense own risk.

 

Sally was listening to the radio on her drive to work when she heard an advertisement about her company but the information was incorrect and misleading.  When she got to work, she didn’t know who to report the information to but knew that if she didn’t report it, it could cause huge impacts to their organization.  After approaching several people, she decided to call the IT help desk.  While the IT help desk typically “helps” many, they are typically a little further downstream from the risk evaluation process. After some digging, the IT help desk sent the request to the Risk Management team, who then connected Sally with the third party risk team to address the issue with the third party. 

 

When our customer approached RSA, we decided to provide a method via RSA Archer that not only addresses the problem but enables your organization to own risk.  But we took it a bit further than just a risk reporting tool. There are often brilliant ideas that could positively impact your organization. There may also be specific issues or incidents that conflict with your organization’s corporate policies and procedures and someone within your organization has the knowledge needed to help avert or mitigate those issues early on. 

 

The RSA Archer Speak Up app-pack provides a mechanism within RSA Archer for the first line of defense to communicate information to your management or risk management team while leveraging workflow to review and approve the information and get it to the right team to take action.

 

RSA Archer Speak Up allows you to:

  • Submit ideas to improve the business;
  • Report issues to responsible authorities or management team within the organization; and
  • Document concerns regarding potential ethics violations, incidents, breaches, issues with third parties, and more.

 

With the RSA Archer Speak Up app-pack, your employees are empowered to speak up and own risk.  And, your management team is empowered with accountability and a consistent governance process for addressing risks.

 

RSA Archer Speak Up Business User Dashboard

Interested in learning more about the RSA Archer Speak Up app-pack? Join us for a Free Friday Tech Huddle on Friday, February 8 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller—or visit us at www.rsa.com.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

RSA Archer Third Party Risk Management

EMC logo


What is Third Party Risk Management?

A third party is any entity with which your organization has an actual or implied contractual relationship for the receipt of goods and services.  Besides being called a third party, these relationships may also be known as vendors or suppliers.  An Engagement refers to the actual product or service being received by way of a contract with a third party. 

 

RSA Archer Third Party Risk Management provides organizations the capability to assess and manage the risks associated with their third party engagements.

 

Why is the proper management of Third Party Risk so important?

Organizations are increasingly using third parties to support their operations and deliver products and services to their clients. While it is possible to outsource many business activities to third parties, organizations retain the risks associated with their third party relationships. Many of these risks can be significant including regulatory compliance violations, customer and shareholder litigation, information security breaches, financial losses from errors, fraud and business interruption, reputation damage, and impediment to strategic objectives. Organizations need to understand the risks third party relationships pose to their organization and the adequacy of controls that their third party providers have in place to manage risk within acceptable boundaries.

 

RSA Archer Third Party Risk Management

RSA Archer Third Party Risk Management employs a series of risk assessment questionnaires to be completed by a third party to assess the third party’s internal control environment and collect relevant supporting documentation for further analysis. The results of these questionnaires are factored into a determination of the residual risk of each third party engagement across several risk categories (compliance/litigation, financial, information security, reputation, resiliency, strategic, sustainability, and fourth party risk).  Risk results are depicted for each engagement and are rolled up to the third party to depict their overall risk across all of the engagements they deliver to the organization. Risk assessment findings can be automatically captured and managed as exceptions and remediation plans can be established, assigned to accountable individuals, and monitored to resolution.

 

Key features include:

  • Consistent risk assessment and evaluation of third party controls
  • Capture and store supplemental documents such as SSAE-16s, financial statements, and PCI assessments, and monitor when refreshed documents are due
  • Capture declared critical fourth party relationships and understand the quality of governance your third party applies to their own third party relationships
  • Depiction of risk of overall third party relationship, across all engagements being delivered to your organization
  • Consolidated view into known issues
  • Organized, managed process to escalate issues
  • Visibility into known risks and efforts to close/address risks
  • Efficient program management and understanding of program status

 

RSA Archer Third Party Risk Management provides:

  • Methodical and standardized approach to risk assessment
  • Management and mitigation of identified issues and reduced time to resolution
  • Stronger, quicker response to emerging risks
  • Fewer third party related incidents and losses
  • Reduced program administration costs
  • Reduction of overall third party risk
  • Reduced repeat audit and regulatory findings
  • Better understanding of how third parties are used throughout the organization and the risks they pose

 

Today, organizations are faced with complex and fast moving challenges exacerbated by the very nature of rapidly expanding third party relationships.  RSA Archer Third Party Risk Management is one element of an effective Integrated Risk Management program.  Stressing the agility and flexibility needed by today’s modern organizations, integrated risk management brings together the various domains of risk across business activities (horizontally), connecting the activities to the strategies and objectives of the organization on an aggregated basis (vertically). This approach to risk management provides leadership with the most holistic understanding of risk facing the organization so they can make truly informed decisions about where to deploy limited capital and human resources to produce optimized returns for the organization.

 

As your company drives business growth through an extended business ecosystem strategy, your risk management program must evolve and manage risk more holistically, with more agility and integration than before. Managing third party risk and performance is one ingredient to showing real progress and improvement and decreasing business risk.  RSA Archer can help your organization better understand and manage its third party relationships on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.

 

For more information, visit RSA.com or read the Datasheet.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

RSA Archer Controls Monitoring Program

EMC logo


What do we mean by controls monitoring?

In today’s complex regulatory environment, organizations face a daunting task in maintaining compliance amidst constantly shifting obligations and requirements. As organizations attempt to keep pace and adapt control activities (controls) to changes in compliance requirements and operational risk scenarios, often times they are hamstrung by ad-hoc, disconnected compliance efforts that are implemented reactively across separate areas of the business. This severely limits the ability to maintain a real-time, aggregated view of risk and compliance impacts. Efficiency and scale also suffer as the volume of manual systems and processes overload the organization’s limited resources.

 

Implementing a program that includes a centralized inventory of assets, requirements, risks, and controls, coupled with a standardized approach to measuring control efficacy, is the key to ensuring diligence and completeness. This also provides the solid foundation necessary for enabling automation and improving the ability to continuously monitor key risk and control performance metrics as the organization adapts to changes in the business climate.

 

Why is a program approach to monitoring control activities so important?

Consolidating organizational compliance projects into a single platform offers business owners a unique level of visibility into critical risk and compliance information, enabling them to make fully informed risk based business decisions in support of organizational priorities. A single control universe can further align with extended corporate stewardship and responsibility goals and other strategic objectives.

 

RSA Archer Controls Monitoring Program Management

RSA Archer Controls Monitoring Program extends the foundation established with RSA Archer Controls Assurance Program Management, with a modernized approach to defining and managing separate compliance projects simultaneously. This includes tools to assess and report on the performance of controls across all enterprise asset levels and the ability to automate control assessments and continuously monitor ongoing compliance efforts. Customers can also enjoy seamless integration with other RSA Archer use cases designed to tackle all aspects of Integrated Risk Management in their unique environments.

 

Businesses that operate with disconnected, ad-hoc programs typically find themselves diverting more and more time and resources to compliance, only to see their overall risk levels continue to increase. Whereas organizations with optimized compliance programs are able to reverse that trend and return more resources to the business which can then be used to invest in future growth initiatives. An optimized program also serves to reduce overall operational risk and provide decision makers with a reliable means for exploring the opportunity landscape by enabling them to identify with confidence the business risks that are worth taking.

 

For more information, please visit RSA.com and review the Datasheet.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

RSA Archer PCI Management

EMC logo


What are the basics of PCI-DSS Compliance?

The Payment Card Industry Data Security Standard (PCI-DSS) defines a consolidated set of security best practices endorsed by major card brands, which are designed to reduce fraud risk associated with credit card processing. Organizations that fail to comply may lose their ability to accept credit card payments, which could greatly impact their ability to conduct business. However, with the continually increasing velocity and sophistication of new threats, maintaining an effective PCI- DSS compliance program has become an increasingly costly business requirement as well – and those costs can be substantial.

 

The PCI-DSS is considered one of the more prescriptive and technical compliance mandates that companies must typically deal with. This can be both good and bad. In contrast, many higher level government mandates like federal regulations are often written in broader terms that can be difficult to interpret into actionable specifics like precise internal control definitions. The more a company has to guess at what’s expected, the greater the chance of guessing wrong and either undercompensating (raising the inherent risk of running afoul of the regulation); or overcompensating, which can increase the internal costs and burden of compliance unnecessarily.

 

The benefit of PCI’s more prescriptive language is better clarity in terms of understanding what’s expected, how it will be audited, and specific reporting requirements. However, the other side of the coin with PCI is the extensive technical breadth and depth of its coverage. Encryption, network segmentation, multi-factor authentication, and external vulnerability scanning are a few areas where companies often struggle, either because of technical limitations or significant additional technology investments needed.

 

Why is a program approach to PCI Compliance so important?

Companies able to gain efficiencies by optimizing their operational compliance efforts will be more successful at reducing compliance costs and gaps. Consolidating organizational compliance initiatives into a single comprehensive view is the most effective way to identify and eliminate duplicate efforts and reduce overall compliance risk. The technical nature of PCI can often force companies to undertake process improvements, technical infrastructure overhauls, and even facility construction projects simultaneously. A streamlined program approach helps to keep things organized and drive consistent, successful outcomes.

 

RSA Archer PCI Management

RSA Archer Controls Assurance Program and RSA Archer Controls Monitoring Program provide a solid foundation for managing any organizational compliance initiative. However, PCI’s unique characteristics and pervasive global reach offer an opportunity to take things several steps further. RSA Archer PCI Management is designed to do just that, by enabling organizations to streamline the compliance process, simplify stakeholder participation, and reduce overall compliance effort and cost.

 

RSA Archer PCI Management guides merchants through identifying and defining cardholder data flows and environments, engaging the proper stakeholders, completing self-assessment questionnaires (SAQs), testing and gathering evidence for all required controls, and managing the gap remediation process.

 

Key features include:

  • Easy-to-use project workflows to manage CDE (cardholder data environment) scoping and multiple, ongoing compliance assessment projects.
  • Structured content libraries linking each discreet control requirement in the PCI-DSS to an extensive control testing repository ensuring full coverage across internal and external assessment activities.
  • Persona-driven dashboards and questionnaires that simplify the attestation and evidence gathering process and provide clear insight into compliance activity status.
  • Aggregated issues management functionality for tracking findings and gaps and managing the remediation process.
  • One-click reporting templates to assemble all required deliverables into a properly formatted Report on Compliance (ROC) for easy review and submission.

 

Customers can also enjoy seamless integration with other RSA Archer use cases designed to tackle all aspects of Integrated Risk Management in their unique environments. Organizational leaders with optimized programs in place have a distinct advantage for exploring the opportunity landscape, by enabling them to identify with confidence the business risks that are worth taking.

 

For more information, please visit RSA.com and review the Datasheet.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

Integrated Risk Management and Digital Risk

EMC logo


In their ongoing effort to clarify the concepts of integrated risk management (IRM) and digital risk management (DRM), Gartner has begun to discuss the interconnection of IRM and DRM with enterprise risk management (ERM).

 

 

Source: https://blogs.gartner.com/john-wheeler/irm-is-essential-for-digital-transformation-success/

 

I certainly agree with Gartner’s statement in their recent blog: “To keep pace with the increasing risk associated with digital transformation, organizations require an integrated approach to risk management. Not only is it essential to invest in integrated risk management (IRM) technology to enable this approach, it is also imperative to focus on the convergence of technology and operational risk. This convergence represents a key IRM use case called ‘digital risk management.’ Digital risk management (DRM) technology integrates the management of risks of digital business components — such as cloud, mobile, social and big data — and third-party technologies, such as artificial intelligence and machine learning, operational technology (OT), and the Internet of Things (IoT). DRM helps bridge the gap between the Chief Risk Officer (CRO), the Chief Information Officer (CIO) and the Chief Information Security Officer (CISO).”

 

ENTERPRISE RISK MANAGEMENT IS THE FOCUS

While Gartner introduced IRM and DRM concepts some time ago as part of operational risk management, what appears new in Gartner’s most recent IRM discussion is the explicit connection to ERM.  The ascendency of ERM as a business focus is not new.  In 2014, I reported on RIMS declaration that the practice of ERM had reached critical mass. This is borne out by our customers in the financial services industry, of whom 81% stated in a survey conducted last year that they were already using the RSA Archer Suite to support their ERM program!  That’s right, 81% of financial services customers surveyed are already integrating cyber risks with other kinds of operational risks, with their organization’s financial risks and risks to their strategies and objectives.  As RIMS stated in 2013 of ERM, “value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return, goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity’s objectives.”

 

THE FUTURE OF ERM?

I think it’s safe to assume, as with most things risk management-related, organizations vary in their approach to ERM.  We know that approaches to risk identification, risk assessment, risk evaluation and treatment, and monitoring all vary, as does the scope and granularity around the use of performance, risk, and control indicators.  And that’s fine. Everyone executes to their own unique risk management roadmap given the objectives of their management team, board of directors, and available human and capital resources.

Yet, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission (remember this is the group that drove the Sarbanes-Oxley Act?) has laid out their goal and roadmap for ERM, as well.  In their 2016 update to the COSO ERM framework, they represented the complex interrelationship between risk profile, performance, and risk appetite in this one graphic:

 

                                          Source: Figure 4.2, COSO ERM Public Exposure Draft, June 2016

 

I’ll leave a discussion of the relationship of each of these variables and how an organization might go about generating this kind of understanding for themselves in one graphical representation for another time. For now, I think it is enough to consider some of the questions that must be answered to achieve the goal laid out by COSO ERM 2016:

  • How do I come up with a risk appetite statement that consistently encompasses all types of risk?
  • If risk capacity is that level of risk that would put my organization out of business, which risks are those and how do I assess them in a way to compare them to my risk capacity?
  • How do I aggregate all of my risks to generate a risk profile?
  • How do I measure target performance?
  • How do I correlate risk profile to performance, let alone visually depict the relationship?

 

Please add a comment.  I would love to hear from you and how you think these questions can be answered.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

Assemble Third Party Contracts with RSA Archer Contract Clause Management

EMC logo


Managing Third Party contracts can be a daunting task, let alone tracking changes and approval during the negotiation process.  Between your legal department and the third party’s legal department, the changes and approvals are horrendous to track and inefficient for all parties involved.  What if you had standardized contract language that was pre-approved by your legal organization?  What if you could use RSA Archer to track the clause changes and the change approvals? 

 

RSA Archer Contract Clause Management is the solution for you.  We’ve developed a solution to address small to mid-sized companies who do not need an entire contract management suite to assemble contracts and manage their clauses while tracking changes and approvals.  This app-pack can help you establish standard clauses to utilize in contracts.  It also tracks and manages the development, changes, and approvals of the contract clauses used in your contracts. 

RSA Archer Contract Clause Management Clause Owner Dashboard

 

With the RSA Archer Contract Clause Management App-Pack, you will have a central repository for storing standard contract clauses and contract clauses that are used in agreements with third parties, have a consistent process for creating and approving the clauses while providing visibility into changes within contracts and clauses.

 

Interested in learning more about the RSA Archer Contract Clause Management app-pack? Join us for a Free Friday Tech Huddle on Friday, January 11 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller—or visit us at www.rsa.com.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

RSA Archer Third Party Catalog

EMC logo


What is a Third Party Catalog?

The RSA Archer Third Party Catalog provides organizations the capability to inventory all of the third parties with whom they do business and to document their third parties in accordance with their organizational structure (parent company, subsidiary, sub-subsidiary). Third party contacts can be documented and accountability for third party relationships can be established by named individual and by the business units that own the relationship. If you are utilizing the RSA Archer Third Party Engagement, Risk Management, and Governance solutions then risk and performance information can be rolled-up across all products and services delivered by the third party and depicted in aggregate at the appropriate third party organizational level.

 

Why is the proper management of Third Parties so important?

A third party is any entity with which your organization has an actual or implied contractual relationship for the receipt of goods and services.  Besides being called a third party, these relationships are also known as vendor or supplier relationships. 

 

Third parties may relate, to some degree, with every aspect of an organization.  They may impact your organization’s objectives and they support, in one way or another, the products and services an organization delivers.  They support business processes, introduce risk and affect and supplement the extended internal control environment of your organization.  They may provide assets and inputs to the organization such as hardware, software, physical space, and product inputs.  Acting as an agent of the extended organization, they are subject to your regulatory obligations and policies, and they may directly supplement your human resources through consultants and temporary labor, or extend your human resources by the nature of the services that they are providing.  You may have third parties that touch on every one of these elements. 

 

There are numerous reasons organizations choose to engage third parties.  These include competing better; benefiting from a vendor’s expertise that you don’t have in-house; optimizing resources, acquiring resources (often more cheaply), transferring risk such as under insurance, and expanding market share by capitalizing on the third party’s presence in a market where you don’t currently have a presence or by offering a more attractive product or service because of the third party’s contributions.

 

Third parties are an extension of your business and, in the end, third parties introduce the same risk to your organization as if you internalized the activities.  In most cases, it is impossible to eliminate the risk altogether.  The best you can do is understand it and manage it down to an acceptable level.

 

RSA Archer Third Party Catalog

RSA Archer offers the Third Party Catalog use case as the starting point to consolidate your third party dependencies.

 

Key features include:

  • Catalog suppliers, partners, service providers and other third parties
  • Capture important details related to third parties, including contracts
  • Map internal business units to third parties
  • Manage contacts with third parties
  • Efficiently manage your third party relationships
  • Establish accountability for each third party relationship
  • Track exceptions related to third party relationships

 

With RSA Archer Third Party Catalog, you can:

  • Obtain an awareness of all third party relationships throughout the organization
  • Reduce time identifying third party relationships and contracts
  • Establish Accountability for individual supplier relationships and quickly identify relationship owners
  • Track contract terms, including notification of key contract events such as contract obligations, and renewal and expiration dates 

 

Today, organizations are faced with complex and fast moving challenges exacerbated by the very nature of rapidly expanding third party relationships.  The RSA Archer Third Party Catalog is one element of an effective Integrated Risk Management program.  Stressing the agility and flexibility needed by today’s modern organizations, integrated risk management brings together the various domains of risk across business activities (horizontally), connecting the activities to the strategies and objectives of the organization on an aggregated basis (vertically). This approach to risk management provides leadership with the most holistic understanding of risk facing the organization so they can make truly informed decisions about where to deploy limited capital and human resources to produce the most effective return to the organization.

 

As your company drives business growth through an extended business ecosystem strategy, your risk management program must evolve and manage risk with more agility and integration than before. Managing third party risk and performance is one ingredient to showing real progress and improvement and decreasing business risk.  RSA Archer can help your organization better understand and manage its third party relationships on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.

 

For more information, visit RSA.com or read the Datasheet.

 


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts