Protecting Your Organization with RSA Archer’s updated Cybersecurity Framework Management App-Pack

EMC logo


With the increase in Cybersecurity threats in today’s world, organizations that are considered a part of our national critical infrastructure pose a much greater risk of being attacked which can place national security, the economy, and public safety at risk.  The National Institute of Standards and Technology (NIST) created the Cybersecurity Framework (CSF) as a standard and best practices in which government agencies and private sector organizations can utilize to manage their cybersecurity risks.  NIST CSF has become even more widely adopted by all types of organizations across the U.S. and worldwide.

 

The RSA Archer Cybersecurity Framework Management app-pack, released in August 2017, provides organizations with the methodology to assess and measure their cybersecurity posture, address gaps and report on cybersecurity.  The app-pack enables profile owners to catalog the current state, prioritize and core profile elements, and define their desired or targeted state outcomes for the organization’s cybersecurity program.  Assessors can then evaluate these profiles against the NIST CSF categories.  Previous assessments can be archived for comparison with a Current Profile and measure progress.  Reports and dashboards provide clear insight into the cybersecurity current state and progress being made toward the desired cybersecurity state. 

 RSA Archer CybersecurityFramework  Profile Owner Dashboard

Based on customer feedback, the RSA Archer Cybersecurity Framework Management app-pack has been enhanced and incorporates the newest version of the NIST Cybersecurity Framework that was released in April 2018.  With the updated version, customers can now automate the scope for their cybersecurity assessments based on the selected business process and analyze the Current Profile against the Target Profile not just by the NIST functions but by the NIST category or business processes.  The RSA Archer Cybersecurity Framework Management app-pack will now track the NIST Cybersecurity Framework versions for cybersecurity assessments and related authoritative sources.  In addition, Cybersecurity Profiles can now be approved using electronic signature capabilities.

 

Interested in learning more about the RSA Archer Cybersecurity Framework Management app-pack? Join us for a Free Friday Tech Huddle on Friday, September 21 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller—or visit us at www.rsa.com.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

GDPR and Business Resiliency

EMC logo


Global businesses with an online presence know that customers from any part of the world can opt in for their services and provide their personal information. As good for business and innocuous as this may seem, it opens up these businesses to regulation – the most visible right now being the General Data Protection Regulation (GDPR) which went into effect on May 25, 2018. GDPR will impact any business, whether based in the European Union (EU) or not, that processes the personal data of EU residents.  While GDPR may seem like “old news”, the regulation provides a opening to talk about how your company’s resiliency efforts are affected by privacy requirements.

 

To comply with GDPR, organizations will have to review their approach to data and privacy management to evaluate how they control data as part of their business continuity (BC), IT disaster recovery (ITDR), crisis management and resilience planning systems and processes. Because GDPR rules are applicable to backup and DR systems and practices as well as production systems, these key requirements include:

 

  • the ongoing confidentiality, integrity, availability and resilience of processing systems and services
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

 

Recovery planning has long been subject to Data Protection legislation, but the wider remit within GDPR is something organizations will need to look at to ensure they can comply with the new rules. The following are a few areas and examples:

 

  • Data privacy has often been the responsibility of the Compliance or Legal group, however, where a Data Protection Officer (DPO) is appointed, there must be proper alignment between the DPO and BC/DR programs to ensure they look at GDPR compliance holistically and coordinate their efforts accordingly
  • Recovery Time Objective (RTO) and Recovery Point Objective (RPO) take on greater importance and have to very closely align internally (between business process and IT system recovery)
  • If your DR provider is non-compliant with GDPR it could render you non-compliant, so RTO and RPO between your organization and the DR provider also have to be aligned. Questions need to include: where is the customer data held? Will customer data be accessible and available according to RTOs? Does your DR provider perform regular testing and evaluation to ensure they can achieve the RTOs and RPOs?
  • Breaches that are deemed to be high risk have to be reported by a data controller within 72 hours of becoming aware of such breach and may also require crisis management response. Therefore, IT risk and security processes must align with crisis response and management.

 

In summary, the disparate parts of the organization that manage data privacy management and business resiliency, internally and externally, must better coordinate their efforts to enable compliance with GDPR.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

RSA Archer Summit Award Winner Recap

EMC logo


Greetings RSA Archer Community!

 

On behalf of the entire RSA Archer Team, I’d like to once again thank everyone for attending the 2018 RSA Archer Summit in Nashville recently.  I’m always amazed at the camaraderie the attendees exhibit at this event – something that began 15 years ago at the first Summit in Phoenix is not only still alive and well, but stronger than ever.

 

This year we were excited to not only set record attendance for a Summit event, but also receive more award nominations than we have ever recieved!  While we’d love to be able to give an award to everyone who submitted their success story, we ultimately issued twelve awards and another twelve honorable mentions.  We encourage everyone to take a few minutes to review the fantastic stories these winners had to share this year, and encourage you to join us in congratulating them for such an outstanding honor.

 

RSA Archer Community Advocate Award:

Karl Bender:  Vice President and Program Manager, Citizens Bank

Karl has been an RSA Archer user for nearly 10 years, serving in a variety of roles – from practitioner to business analyst to technical SME to the risk management program director.  Karl is an inaugural member of the RSA Archer Champions Network and an active participant in user groups and working groups. He led the effort to highlight their RSA Archer initiatives within their corporate annual report.  Congratulations Karl!

Karl Bender

 

RSA Archer Global Alliance Partner of the Year Award:

EY:

EY has been a strategic partner with RSA for more than 10 years, delivering RSA Archer solutions globally to many of our largest joint customers.  This past year was significant for the partnership, as EY developed new solutions on the RSA Archer platform like NERC CIP compliance for Power & Utilities, GDPR and hosted/managed RSA Archer delivery to Public Sector clients.  As a strategic alliance partner, RSA and EY team up to jointly provide the best solutions around Digital Risk Management and Risk Transformation to meet the needs of our clients.  Congratulations EY Team!

EY 

 

 

RSA Archer Excellence Awards:

Discover Financial Services

Discover utilizes RSA Archer for business resiliency, enterprise and operational risk, regulatory and corporate compliance management, and third party risk management. With RSA Archer, they have created business unit specific dashboards that make everything a one-stop-shop for all critical users. End users love the experience and all 3 lines of defense have clear accountability.  Congratulations Discover Financial Services Team!

Discover 

 

Highmark Health:

Highmark Health utilizes RSA Archer for audit, business resiliency, enterprise and operational risk, IT and security risk management, regulatory and corporate compliance and third party risk management. With RSA Archer, they have centralized their risk and compliance functions across the entire organization. Within 2 years, Highmark has saved $350,000 + in ancillary tools and licensing costs alone.  Congratulations Highmark Health Team!

Highmark 

 

Mitre:

Mitre utilizes RSA Archer for regulatory compliance, policy management, and third party risk management. With RSA Archer, Mitre has quickly and effectively managed compliance against DFARS and NIST with more compliance programs underway. RSA Archer has saved Mitre an estimated 2.5 FTEs and $375,000.  Congratulations Mitre Team!

Mitre 

 

VOYA:

Voya utilizes RSA Archer for business resiliency, enterprise and operational risk, IT and security risk management, regulatory and corporate compliance and third party risk management. With RSA Archer, Voya has implemented a creative approach to address phishing using on-demand applications that allow any employee to view their own phishing test results.  Congratulations VOYA Team!

Voya 

 

Microsoft:

Microsoft utilizes RSA Archer for audit, business resiliency, enterprise and operational risk, IT and security risk management, regulatory and corporate compliance and third party risk management. Microsoft’s digital security and risk engineering teams put together a vision to build out a comprehensive risk management solution for the entire organization. They realized success by building a solution that was generic enough to meet everyone’s needs. Microsoft has achieved an overall 40% efficiency improvement by employing this central risk management solution.  Congratulations Microsoft Team!

Microsoft

 

Marathon Petroleum Corporation:

Marathon utilizes RSA Archer for audit, business resiliency, enterprise and operational risk, IT and security risk management, and regulatory and corporate compliance. Marathon has built a comprehensive SOX and audit program with RSA Archer.  The speed in which they could deploy their program has allowed Marathon to implement 11 use cases in 9 months.   Congratulations Marathon Team!

Marathon 

 

NASA:

NASA utilizes RSA Archer for IT and security risk management using the RSA Archer Assessment and Authorization use case. NASA has standardized and coordinated their entire A&A process using RSA Archer, allowing the leadership tier to see all security plans and make sound risk-based decisions via an automated process. The project has also allowed NASA to work closely with the Department of Homeland Security to improve reporting for FISMA.  Congratulations NASATeam!

NASA 

 

HSBC Europe:

HSBC Europe uses RSA Archer for third party management. HSBC Europe has established a global third-party program to provide support, process and monitor the full contract lifecycle.  Congratulations HSBC Team!

HSBC 

 

Rio Tinto:

Rio Tinto utilizes RSA Archer for enterprise and operational risk management, IT and security risk management, and regulatory and corporate compliance. Rio Tinto began their RSA Archer journey with a long-term roadmap effort to establish and improve the risk management framework and process.  They have moved all business, functional and major project risk information from legacy systems into RSA Archer. User adoption, especially at the management level, has doubled and continued to grow due to the great data quality and reporting.  Congratulations Rio Tinto Team!

Rio Tinto 

 

RSA Archer Excellence Award Honorable Mentions:

  • Citizens Bank
  • CVS
  • Delhaize
  • The Hartford
  • Equifax
  • State of Indiana
  • Northrup Grumman
  • Sony
  • Vanguard
  • US Bank
  • BASF
  • Raiffeisen Bank

 

RSA Archer Best in Show Award:

Mathew Hancock, Rio Tinto:

Every year, based on input from attendees, we present an award for “Best in Show” for this year’s most impactful presentation. The sessions this year were full of great insights and experiences from across the RSA archer community – making this award highly competitive.  This year, Mathew Hancock from Rio Tinto is this year’s award winner.  Mathew presented on Rio Tinto’s approach to integrated risk management across their enterprise, providing valuable advice from their journey.  The feedback from his session was overwhelmingly positive, and we’d like to thank Mathew for doing such a great job presenting on a critical topic.  Congratulations Mathewon this great honor!

Rio Tinto 

 

Again, thanks to everyone for attending this year’s Summit and making it such a great experience.  See you next September at RSA Charge 2019!

 

Cheers,

Garrett Miller


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

It’s Now Possible to Run Unified Storage in the Cloud with Dell EMC Unity VSA Cloud Edition

EMC logo


All customers, large or small enterprises, firmly established or relatively new, are deploying storage and servers in new and innovative ways; far differently than a just few years ago.  Today, most IT environments are highly virtualized and leverage the cloud for cost-optimized data placement. For Midrange customers, our new Dell EMC Cloud Edition software helps drive new flexibility with the cloud and virtualized infrastructures. With even more features for the cloud, and more options to deploy Dell EMC Unity as SDS (Software Defined Storage), converged systems, or as traditional hardware, Dell EMC Unity is the ideal … READ MORE



ENCLOSURE:https://blog.dellemc.com/uploads/2018/08/AdobeStock_98956746-600×356.png

Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

Introducing the new Dell EMC ECS EX-Series

EMC logo


One of the favorite parts of my role at Dell EMC is that I get to speak to our incredible customers almost every day. It is apparent from these conversations that data is playing an increasingly important role in determining whether organizations will thrive in a digital-first world or not. To truly unlock the value of their data, however, organizations need a fundamentally different approach to IT, as traditional infrastructure was not built to handle the magnitude of data that is generated by businesses today. This is precisely why we built Dell EMC ECS, the modern … READ MORE



ENCLOSURE:https://www.dellemc.com/resources/en-us/asset/presentations/Draper_with_Dell_EMC_ECS_Foundation_for_Innovation.mp4

Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

New to CloudIQ: PowerMax, VMAX, SC Series and XtremIO; Instantly View Your Dell EMC Storage Health – From Anywhere

EMC logo


The CloudIQ team has been working hard to delight our customers by delivering a smarter, cloud-enabled storage health management system for Dell EMC customers, partners, and support teams.  Customers love it because there’s no subscription, no software to install, and therefore no hassles. Thousands of customers are using CloudIQ today to analyze and gain instant insights into their storage health – it’s like a fitness tracker for Dell EMC Storage. We’re collecting millions of data points per day to aggregate, analyze and share what we’re learning from the world’s largest storage install base. Today we’re happy … READ MORE



ENCLOSURE:https://blog.dellemc.com/uploads/2018/08/AdobeStock_172919928-600×356.png

Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

Making HCI Network Fabric Design Fast, Easy and Reliable

EMC logo


In a world that is increasingly software-defined, hyperconverged infrastructure (HCI) is a fast mover. Analysts expect adoption to accelerate at a 42% CAGR from 2016 to 2023, reaching $17B. Done right, it’s an IT dream because it makes deploying private cloud services much easier, faster and more reliable. But if you don’t get the most overlooked part right – the network design – it quickly becomes a nightmare. According to IDC, “While considerable emphasis was placed on the compute and storage capabilities of HCI systems, less attention – and sometimes none at all – was accorded … READ MORE



ENCLOSURE:https://blog.dellemc.com/uploads/2018/08/networking-fabric-600×356.jpg

Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

VxRail—Simpler. More Powerful. More Protected.

EMC logo


It has been two-and-a-half years since we launched VxRail. In that narrow window of time, hyper-converged infrastructure (HCI) has redefined what is possible for IT and the businesses it supports. According to a 2017 ESG report1, HCI usage has more than doubled since 2015—and it’s no mystery why. Why is HCI growing so rapidly? For starters, deploying HCI solutions reduces (or eliminates) reliance on more rigid, siloed technologies; increases IT operational speed and efficiency while reducing TCO; empowers digital transformation by transforming IT; I can go on and on… and so can Dell EMC and VMware, … READ MORE



ENCLOSURE:https://blog.dellemc.com/uploads/2018/08/buildingcloud-600×356.jpg

Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

Inspired by OEM Customers, Dell EMC is First to Market with 1U Rack Workstation

EMC logo


Inspired by OEM Customers, Dell EMC is First to Market with 1U Rack Workstation

In my book, delivering a great customer experience is all about listening and responding. You’re never done and dusted – you have to keep your ears wide open and stay tuned as each customer’s needs keep evolving. For example, some of our OEM customers told us that while they loved the power of our Precision 7920, a 2U rack, dual-socket platform was often more than they needed in terms of performance, scalability and price. Bottom line, they felt that they were paying for functionality they didn’t always need. Size matters for OEM customers Size also matters. Unlike … READ MORE



ENCLOSURE:https://blog.dellemc.com/uploads/2018/08/3930_Ron_Pugh_Blog_image_1000x500-600×356.jpg

Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

RSA Archer Summit 2018 Retrospective

EMC logo


They say ‘It ain’t over, until it’s over’. Even though the RSA Archer Summit 2018 came to a close last Friday, we know the challenges of the risk landscape will remain. Last week, we welcomed over 1200 customers and partners to the country music mecca of Nashville in the 15th anniversary version of the RSA Archer Summit. Over the course of 2 ½ day event, we hosted 6 working groups, a customer advisory board, 5 keynotes, over 55 learning sessions, a ‘Choose your own adventure’ lab and an ‘Ask the Expert’ room that was busy the entire conference, and more networking and community celebratory events than you can shake a banjo at.

Risk Management Perspectives

Seeing so many practitioners present best practices, lessons learned and tips and tricks always provides key insights into the state of the risk management. Some key takeaways I heard:

  • Digital initiatives are impacting security and risk management in many different ways. From addressing expanded privacy concerns related to customer facing digital products and services to adjusting risk and compliance efforts around emerging technology, companies are faced with changing requirements and continue to strive towards integrated strategies that cross functional and operational teams. Watch Grant Geyer, VP of Product at RSA, describe the impact of the digital world on risk management.
  • The evolution of GRC towards Integrated Risk Management continues. Call it what you will – GRC or IRM – the emphasis of connecting risk disciplines and building a collaborative, risk based approach to security, compliance, resiliency, third party governance and audit is top of mind for all practitioners.
  • We heard a wide variety of customer stories highlighting tips for success. Engaging your stakeholders, building a strong foundation of both organizational and technical support and thinking strategically are keys to building a sustainable, high value program.
  • I also had a chance to catch up with Jack Jones from the FAIR institute on the future of risk management in the age of risk economics. It was great to get his perspective – watch the interview here.

The Future of Risk Management

Since this year’s Summit was a special anniversary edition, we celebrated the long history of RSA Archer in the risk management industry. Looking back at 2003, the first year of the Summit, stirred a nostalgic feel as we contemplated the past. In 2003, Sarbanes Oxley was only 1 year old and the Apple ITunes store was tech invention of the year according to Time Magazine.   Those ‘simpler’ times dropped hints at the coming challenges – regulatory mandates and shifting requirements, the importance of corporate governance and compliance, the glowing fuse of the digital explosion…

A highlight for me this year was the keynote address by David Houle that gave us a perspective on the future and the challenges across a wide spectrum of risks facing organizations today. I also wrapped up the event with my own evaluation of what risk management looks like as we face the evolution of our industry. Speed, automation, integrated approaches, the merging security and risk disciplines and preparing for a constant shift in both technology and culture make the future of risk management an exciting, and challenging, industry.

 

The 2018 RSA Archer Summit was just the kick off of the next chapter. RSA is in a unique position to help organizations bridge the worlds of Security and Risk Management as we span across these critical domains.   The strategic vision and the innovations previewed at the Summit for RSA Archer highlight how the solution is geared to help risk and security teams see around the corner and build that truly integrated approach. Through presentation after presentation, our customers articulated an incredible passion in bringing together functions, driving change and unleashing their organization’s potential.   I am happy to say I don’t think there is a company out there that is better suited than RSA to help them continue on their journey forward to the next 15 years.

Are you an RSA Link member? View the RSA Archer 2018 presentations here.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts