Upload
buianh
View
237
Download
1
Embed Size (px)
Citation preview
THE RSA ARCHER
®SUITE
The Proven Path to Take
Command of Risk
2@RSAsecurity
@RSA_Archer
THE RISK CHALLENGE
EXECUTIVE PRIORITIES
4
Technology
initiatives are
second priority
Growth
is the highest
priority
From Gartner’s report “The 2017 CEO Survey: ‘CIOs Must Scale Up Digital Business’, March 2017 (Graphic created by
RSA based on Figure 1. CEOs’ Top Business Priorities for 2017 and 2018.)
31%58%
Risk
Complexity increasing
Velocity of risk
increasing
Magnitude of risk
increasing
6
MANAGING RISK IS A
BUSINESSAND A
TECHNOLOGYCHALLENGE
Technology risk
The Technology
perspective…
The Business
perspective…
Business risk
• What is the important data?
• Where is the important data?
• What are the most critical applications?
• How important is this part of the infrastructure?
• What does this security event impact?
• Where are we vulnerable?
• Who are the 3rd parties the business rely on?
• What happens if IT services are disrupted?
• What part of the business strategy is
the most critical?
• Where are our biggest risk areas?
• What is our risk appetite and tolerance?
• What are our regulatory obligations?
• What are the most valuable pieces
of our business?
• How bad could it be?
• Are we effectively managing our risks to
achieve our objectives?
7
THE WEDGES IN THE GAP…
Lack of ownership
Outdated reporting
Manual processes
Inconsistent controls
Information silos
Limited risk visibility
8
…LEAD TO RISK IN THE BUSINESS
Unresolved issues
Inaccurate insights &
misinformation
High costs & inefficiency
Holes & gaps
Disconnected data & lack of
context
Poor business decisions& missed
opportunities
9
WHAT’S NEEDED TO CLOSE THE GAP?
INSPIREEVERYONE
TO OWNRISK
11
Cross business lines &
organizational boundaries for
Collaboration
A STRATEGY TO MANAGE BUSINESS RISK
12
Define & enforce risk
ownership through
Accountability
Automate processes for
Efficiencies
Consolidate data and
enable risk Analytics
& Visibility
INTRODUCING THE RSA ARCHER ® SUITE
13
Breadth
Depth
Adaptability
Ecosystem
Track record
Strategic value
BREADTH TO ADDRESS ALL DIMENSIONS OF RISK
15
DEPTH TO IMPLEMENT BEST PRACTICES
16Use Case list as of August 2017 (subject to change)
• IT and Security Policy Program Management
• IT Controls Assurance
• IT Risk Management
• Security Incident Management
• Security Operations & Breach Management
• IT Security Vulnerabilities Program
• IT Regulatory Management
• PCI Management
• Information Security Management System (ISMS)
• Risk Catalog
• Bottom-up Risk Assessment
• Key Indicator Management
• Loss Event Management
• Top-down Risk Assessment
• Operational Risk Management
• Third party Catalog
• Third party Risk Assessment
• Third party Engagement
• Third party Governance
• Issues Management
• Audit Engagement & Work Papers
• Audit Planning & Quality
• Plan of Action & Milestones (POA&MS)
• Assessment & Authorization (A&A)
• Continuous Monitoring
• Business Impact Analysis
• Incident Management
• Business Continuity and IT Disaster
Recovery Planning
• Crisis Management
• Corporate Obligations Management
• Policy Program Management
• Controls Assurance Program Management
• Controls Monitoring Program Management
ADAPTABILITY TO EVOLVE
17
Maturity-driven approach
Flexible &
configurable platform
Multiple integration capabilities
ECOSYSTEM TO SUCCEED
20
Vibrant practitioner community &
RSA Link
Certified RSA Archer experts & a
broad partner network
RSA University
TRACK RECORD IN ANALYST REPORTS
22
A Leader in Gartner Magic Quadrant reports for:• Operational Risk Management Solutions in 2014,
2015 and 2016
• IT Risk Management Solutions in 2015, 2016 and 2017
• IT Vendor Risk Management in 2014, 2016 and 2017• Business Continuity Management Program Software,
Worldwide in 2012, 2014, 2016 and 2017• Enterprise Governance, Risk and Compliance
Platforms in 2012 and 2013
A Leader in Forrester GRC Wave in 2012, 2014
and 2016
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology user to select only those vendors with the highest ratings or other designation. Gartner
research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purpose.
Most recent reports:• Gartner Magic Quadrant for Operational
Risk Management Solutions (13 December
2016)
• Gartner Magic Quadrant for IT Risk
Management Solutions (29 June 2017)
• Gartner Magic Quadrant for Business
Continuity Management Program Software,
Worldwide (12 July 2017)
• Gartner Magic Quadrant for IT Vendor Risk
Management (29 June 2017)
• The Forrester Wave™: Governance, Risk,
And Compliance Platforms, Q1 2016 (22
January 2016)
STRATEGIC VALUE FOR OUR CUSTOMERS
28
‘With one tool and one central location, now we can maximize efficiencies.’
– Melissa Taylor, Berkshire Bank
‘As other people in our department learn about the Archer tool and its ease of use and flexibility,
they are asking us to undertake other use cases. It’s been extremely successful.’
– Nancy Rainosek, Texas Dept of Information Resources
‘Without RSA Archer, it would have required more expenditure to reach the [ISO 22301
–Business Continuity] certification level.’
– Thorsten Scheilbel, DZ Bank
‘…the strategy that we now have around GRC [after implementing Archer] really does make a
difference in terms of Shell getting into new organizations, new adventures and new joint
ventures.’
–Keith Herndon, Shell
Quotes taken from RSA Leader’s Program.
See https://w ww.rsa.com/en-us/customers for full videos and testimonials
STRATEGIC VALUE FOR OUR CUSTOMERS
29
‘The users rated Archer higher than every other solution.’
– Jan Jans, Rabobank
‘RSA Archer has helped us evolve from an organization where we're constantly trying to chase
data and information and the resulting frustration and inefficiency that stems from that. Now we
have a source of record where employees can access data and more quickly consume it and
make decisions based on it.’
– Reid Stephan, St. Luke’s Health System
‘…it doesn't matter whether it's incident response, cyber operations, or operational risk
management: all the information and business processes flow through Archer.’
– Roland Cloutier, ADP
‘With Archer… the risk analysis [is] being performed in a much faster and more efficient way
than we could previously have done.’
– Kreshnik Halili, Raiffesisen Bank
Quotes taken from RSA Leader’s Program.
See https://w ww.rsa.com/en-us/customers for full videos and testimonials
THE PROVEN PATHTO TAKE COMMAND OF RISK
TAKE COMMAND OF YOUR JOURNEY
31
SiloedStreamline compliance, Build business context & reporting
MeetCompliance requirements
Transition
Risk
ManagedExpand risk focus, Improve
analysis & metrics
Addressknown & unknown Risks
RiskBusiness
AdvantagedConnect risk and the business with cross functional processes
Enablenew business Opportunities
Transform
The Maturity Journey
Ma
turi
ty
Time
IDC REPORT ON RSA ARCHER ROI
34
These graphics were published by International Data Corporation (IDC) in February 2017. as part of a larger research document
and should be evaluated in the context of the entire document. The IDC document is available upon request from RSA.
ROI of 496% was uncovered
after IDC conducted independent, in-
depth interviews with organizations that
have implemented RSA Archer and
found the ROI resulted by:
Reduction of organizational risk
More efficient and effective GRC
operations
Operational efficiencies
Reduction of staff time
THE RSA ARCHER®
SUITE GIVES YOU…
36
DEPTH
A single, unified solution to manage business risk
BREADTH
Integrated best practices to streamline implementation
ADAPTABILITY
Implement and adjust your risk processes to meet business needs
ECOSYSTEM
Resources to get on the right path–the first time
TRACK RECORD
Confidence in your business risk management direction
STRATEGIC VALUE
Demonstrable customer successes
RSA Archer customers
1,300+ GRC deployments
9 of the Fortune 10
38 of the Fortune 50
69 of the Fortune 100
10 out of 10 biggest U.S. banks*
Global operations
RSA Archer analyst
recognitionA Leader in:
• Gartner Magic Quadrant for Operational Risk
Management Solutions (13 December 2016)
• Gartner Magic Quadrant for IT Risk
Management Solutions (29 June 2017)
• Gartner Magic Quadrant for Business
Continuity Management Planning Software,
Worldwide (12 July 2017)
• Gartner Magic Quadrant for IT Vendor Risk
Management (29 June 2017)
• The Forrester Wave™: Governance, Risk,
And Compliance Platforms, Q1 2016 (22
January 2016)
~$1B revenue
2,700+ employees
1,000+ technology partners
30+ years of cybersecurity expertise
15+ years of risk expertise
* bankrate.com
37
AT A GLANCE
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology user to select only those vendors with the highest ratings or other designation.
Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as state ments of fact. Gartner disclaims all warranties, expressed or implied, with
respect to this research, including any warranties of merchantability or fitness for a particular purpose.
@RSAsecurity
@RSA_Archer
RSA PORTFOLIO
Training
Customer Support
Customer Satisfaction
Design & Implementation
Health Checks
Residency
METHODOLOGY
BUSINESS
OBJECTIVES
GAP
ANALYSIS
RISK
ANALYSIS
RESOURCE
ANALYSIS
PLANNING OPERATIONSEXECUTION
PROGRAM
STRATEGY
TRAINING &
ENABLMENT
DESIGN & IMPLEMENTATION CONTINUED
LEARNING
CONTINUED
GROWTH
ENABLING YOUR PROGRAM
Planning“Yes, I have a
plan”
Execution“Yes, I know what to do”
Optimization“Yes, I can do what needs to be done”
Knowledge Base“Yes, I do
understand”
Advanced Knowledge “Yes, I can do more with what I have”
Customer Maturity Curve
Strategy & Design Implement Operate
Business Objectives
GAP Analysis
Risk Analysis
Resource Analysis
Planning
Risk & Archer Strategy Archer Training
Planning“Yes, I have a plan”
Execution“Yes, I know what to do”
Optimization“Yes, I can do what needs to be done”
Archer Strategy & Roadmap (Blueprint)
Risk Mgmt Program Strategy
Archer Solutions
Overview & Solution Specifics
Archer Expert On Demand / Residency
Archer Use Case
Quick Launch
Archer full Implementation
Archer Application Design Best
Practices
Archer Solution Use Case Deep
Dive
Archer 6 Reporting & Navigation
ENABLING YOUR PROGRAM TEAMS
Archer Design & Implementation Continued Learning Continued Archer Growth
Archer Use Case
Minor Configuration
Customer Success
Manager
Archer Adv. Implementation
& Integration
Archer Optimization Assessment
Archer Upgrade Strategy
Knowledge Base“Yes, I do
understand”
Advanced Knowledge “Yes, I can do more with what I have”
Archer Platform
Fundamentals
Customer Support
RSA Risk & Cybersecurity Practice
RSA University
Professional Services
42
Archer Strategy Planning Archer Training
Planning“Yes, I have a plan”
Execution“Yes, I know what to do”
Optimization“Yes, I can do what needs to be done”
Archer Platform Installation
HW Sizing & Performance Guidelines
Archer GRC 6 Administration I
Archer Expert On Demand
Archer Use Case
Quick Launch Archer Full Implementation
Archer GRC 6 Adv. Workflow &
Navigation
Archer GRC 6 Administration II
Archer 6 Application Design Best
Practices
ENABLING YOUR TECHNICAL RESOURCES
Archer Design & Implementation Continued Learning Continued Archer Growth
Archer Use Case
Minor Configuration
Technical Account Manager
Archer Adv. Implementation
& Integration
Archer HW Sizing & Performance Health Check
Archer Upgrade
Knowledge Base“Yes, I do
understand”
Advanced Knowledge “Yes, I can do more with what I have”
Archer Designated
Support Engineer
Archer Infrastructure &
Maintenance Best Practices
Customer Support
RSA University
Professional Services
43RSA Risk &
Cybersecurity Practice