Skip navigation
All Places > Products > RSA Archer Suite > Blog
1 2 3 Previous Next

RSA Archer Suite

355 posts

Summer – it’s finally here! (well, at least in the northern hemisphere) It’s warmer, people are going outside, planning vacations, having barbeques, and taking it easy. As much as we here at RSA Archer believe in taking some well-deserved summer vacation, we’re also hard at work planning the RSA Archer Summit, taking place in Nashville, Tennessee, from August 15 – 17. If you haven’t registered, here’s the link – don’t miss this great, RSA Archer-focused event!

 

If you have a role at any level in: integrated risk management (IRM), internal audit, business continuity, third party governance, IT security risk management, compliance or any other related function, you’ll want to attend the Summit, where you’ll learn about using RSA Archer to: 

 

  • Improve compliance testing across diverse functional teams through an enterprise-wide, consolidated quality control program
  • Create greater efficiencies for compliance teams and improve executive oversight
  • Move from a compliance mindset to a culture of risk management through continuous risk management
  • Avoid key cultural and communication pitfalls in implementing IRM
  • Help Internal Audit become an early adopter of IRM
  • Support business compliance and risk management goals and activities
  • Enable an agile approach to implement IRM while providing business value and remaining lean and fast
  • Adapt and mature your cyber security program

 

As you can see, there’s something for everyone – from compliance to risk management; from business to IT; and for each of the three lines of defense. Everyone can benefit from attending the Summit.

 

Another great aspect of the Summit is most of the speakers are RSA Archer customers, and there is an all-star lineup again this year from almost every industry you can imagine, and if all this didn’t pique your interest, then check out the working groups you can sign up for in the areas of:

 

  • IT and Security Risk Management
  • Regulatory and Corporate Compliance
  • Archer System Administration
  • Digital Risk Management
  • Integrated Risk Management
  • RSA Archer User Experience
  • Quantifying Cyber Risk

 

Finally, if you’re mainly coming for the networking, that’s ok because you’ll have plenty of time to get to know your peers, and the events each night are awesome!

 

Hey, it’s Summer – time to party! I hope to see you at the RSA Archer Summit!

Mathematical models are increasingly being used to inform business decisions and estimate risk in a manner that is often material to the organization. Because these models can have material impact on an organization's business strategies and financial statements, it is imperative that the models are accurate at all times. This means the models are constructed in a sound and logical manner, can accurately produce real-world predictions, and are subjected to strong change controls to ensure the integrity of the model's performance at all times.

 

A bad model can create material financial misstatements, constrain revenue opportunities, result in poor strategic decisions, create regulatory violations, fines, and sanctions, damage an organization's reputation among its customers, employees, shareholders, and regulators, and more, depending on the purpose of the model. 

Released on May 22, 2018, the new RSA Archer Model Risk Management app-pack helps organizations establish sound governance processes around the models they use to run their business on a day-to-day basis.

 

With RSA Archer Model Risk Management, you can:

  • Document your organization’s model inventory and model documentation
  • Track model and model inventory changes
  • Track model validation and approvals
  • Formally certify the model inventory is complete and up to date
  • Document validation findings
  • Analyze model performance indicators
  • Decommission models as needed

 

Organizations can benefit from:

  • A consistent and repeatable process for documenting, validating, and managing changes to models
  • Reduced unauthorized changes to the model
  • Improved accuracy of models
  • Reduced likelihood of outdated information in the model
  • Reduced financial penalties, financial losses, or unforeseen risks due to model inaccuracies or insufficient testing
  • Improved visibility into the health and status of the model inventory

Interested in learning more about the RSA Archer Model Risk Management app-pack? Join us for a Free Friday Tech Huddle on Friday, June 8 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller—or visit us at www.rsa.com.

Organizations often struggle with turning their corporate vision into reality, especially when change occurs that requires adjustment to strategies and plans. While organizational vision and mission are typically well-established and change infrequently, strategies and plans can change due to a wide variety of internal and external factors, requiring in a shift in an organization’s strategic direction.

 

Without a coordinated approach to manage strategies and plans, a breakdown in strategy execution can keep an organization from attaining its goals. We have seen organizations lack a consistent approach to managing its strategy, operational plans, and performance. Plans and performance are typically managed in silos on spreadsheets, documents, or emails, limiting visibility and accountability.  When changes occur, the organization is unable to determine the impact and provide clear strategic direction.

 

These challenges can be addressed with the new RSA Archer Strategic Planning app-pack, available now on the RSA Exchange on RSA Link. Released on May 22, 2018, the app-pack focuses on closing the gap between strategies formulated at the executive level and operational plans and tasks developed at the tactical level. The RSA Archer Strategic Planning app-pack establishes a consistent, centralized process for managing Strategic Planning to increase the consistency of development and execution of strategies and related plans.

 

With RSA Archer Strategic Planning, you can:

  • Simplify the process of developing and executing Strategies, Strategic Plans, Operational Plans and its activities
  • Provide an audit trail to capture who created, executed, and reviewed the Strategy, Strategic Plans, and Operational Plans
  • Track the performance of Strategies through metrics and periodic reviews
  • Provide role-based access control to restrict personnel to information and tasks necessary to perform their job
  • Reduce time associated with capturing the Strategy analysis, SWOT analysis, and financial information
  • Store all Strategy information in a centralized location controlled by access roles
  • Capture changes related to Strategy, Strategic Plans, and Operational Plans through change requests
  • Simplify the communication process via an automated notification process.

Organizations can benefit from:

  • A Structured Strategic Planning process that enables top down execution of Operational Plans
  • Increased likelihood of meeting objectives
  • Visibility into current state of business performance and Operational Plans
  • Increased likelihood the organization executes its strategies
  • A consistent method for evaluating performance across functional areas
  • Assurance that Strategies become an actionable Operational Plan
  • Achieving measurable actions within Operational Plans

 

Interested in learning more about the RSA Archer Strategic Planning app-pack? Join us for a Free Friday Tech Huddle on Friday, June 8 for a live demo.   Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller—or visit us at www.rsa.com.

As the excitement builds towards the RSA Archer Summit 2018, I am happy to announce nominations for the annual customer awards is now open.   Every year, we honor customers as they push the envelope, innovate and enable their Integrated Risk Management programs with RSA Archer.   Bringing GRC excellence to an organization is no simple task.  It requires hard work, commitment and a steady stream of progress.  The companies that have won these awards in the past have these traits down pat - not only addressing risk but providing business value as they help their organizations navigate the uncertainty and volatility in business today.   Our past winners include organizations of all sizes across all industries and represent the 'creme de la creme' of the risk management world.

 

I invite you to submit your organization for the award.  The process is simple - download the form and submit it to the RSA Archer team.  The only criteria for nomination is to be an RSA Archer customer.

 

The nomination form is available on the RSA Link Community along with instructions.  Don't delay - the deadline for award submissions is June 15, 2018.

 

I hope to see you at the RSA Archer Summit 2018!  The event promises to be a premier opportunity to learn and network with your peers.  Register today if you haven't already!

RSA Exchange Release R4 is now available! We’re excited to introduce two new app-packs and nine new integrations. Plus, we’re introducing the RSA Archer Content Library on the RSA Exchange.

 

As you’ve likely heard, the RSA Exchange helps you easily access and download best-practice App-Packs, Integrations, and Tools & Utilities. The RSA Exchange features offerings that leverage On-Demand Applications created by RSA and RSA SecurWorld Partners, known as App-Packs, via the RSA Link online community. It also highlights RSA Ready certified Integrations that enable you to pass risk data between the RSA Archer Platform and third party software, as well as Tools & Utilities to help administrators manage the Platform.

 

The newest RSA Exchange offerings in Release R4 include:

 

  • App-Packs - pre-built applications addressing adjacent or supporting GRC processes (e.g. niche, industry, geo-specific)

 

  • Integrations – pre-built data exchange configurations bringing data into and pushing data out of the RSA Archer Platform

 RSA Exchange Offering Types

 

Interested in learning more about these Release R4 offerings? Check out details on the RSA Exchange and join us for these upcoming Free Friday Tech Huddles:

  • May 25 – RSA Exchange Release R4 overview
  • June 8 – Introduction to the RSA Archer Strategic Planning and RSA Archer Model Risk Management app-packs
  • June 15 – Introduction to the Tableau Web Data Connector integration
  • June 22 – Introduction to the BigID integration
  • June 29 – Introduction to the Wolters Kluwer integration

 

Please note, Free Friday Tech Huddles are available to existing RSA Archer customers. If you are not yet a customer but interested in learning more, please contact your local representative or authorized reseller.

Hi RSA Archer Admins,

 

You've long asked for RSA University to offer training on topics found outside of the RSA Archer administrative interface: LDAP, SSO, how to perform an upgrade, SQL settings recommendations, and more. We've listened, and we're delighted to add the pilot of this new course to our lineup of courses offered just prior to the RSA Archer Summit in August!

 

This course is perfect for those who've been asked to support RSA Archer from a technology standpoint due to an enforced separation of duties.  It's also ideal for those admins in smaller organizations who need to know how to do more than configure applications and manage users. Bottom line, if you're interested in leveling up your skills as an all-around RSA Archer Admin, the brand new, 2-day, RSA Archer Infrastructure Administration course is for you!  Come join us in the days leading up to the Summit for our pilot course, offered at a 20% discount for this pre-Summit session only.

 

Please note that all of our training courses are limited in the number of students we can accommodate per course, do require pre-registration, and carry a cost that is separate from your conference fee. That said, these prices are at least 20% off list price, and as prior Summit and Charge events have shown, the available discounted training spots will go fast!

 

We strongly recommend you don’t delay and risk losing your chance to add even more value to your trip to Nashville for the RSA Archer 2018 Summit!

 

All of these courses will be held at the Sheraton Grand Nashville Downtown, a quick 3 minute walk from the main Summit hotel.  We commit that you’ll be out in time to join in the opening night fun on Wednesday, so make sure you register for the RSA Archer Summit as well if you haven’t already!

 

Visit the RSA Archer 2018 Summit website for registration and ongoing event information as we head toward the August 15-17 Summit event.

 

Links to register for pre-conference training are included below.

 

Aug  14-15 (Tues-Wed):

  • RSA Archer Boot Camp - $1600
    • In this consolidated, 2-day version of our 4-day Admin I course, students will gain knowledge of the key RSA Archer 6.x platform components such as applications, security management, and communication tools through presentations and hands-on practice.
    • Registration Link: https://education.emc.com/index_guestLogin.htm?id=778968095 
  • RSA Archer Infrastructure Administration - $1600 - NEW COURSE!
    • This brand new 2-day course offers Archer Admins and IT Teams instruction specific to the Archer Server and Server Side Functions. In this class you will learn how to configure LDAP Integration, SSO, SQL Maintenance, and Archer Control Panel Settings. You will also learn Packaging, installation of Archer Updates, Bulk Data Management, License Activation, and Troubleshooting tips and tricks.
    • Registration Link:  https://education.emc.com/index_guestLogin.htm?id=903357293


Aug 14 (Tues):
 

  • RSA Archer Advanced Workflow & Navigation - $800
    • This one-day workshop includes instructions for navigating the new interface introduced in RSA Archer 6, an overview of main differences between versions 5.x and 6, and extensive hands-on practice using the new Advanced Workflow feature.
    • Registration Link: https://education.emc.com/index_guestLogin.htm?id=822522965
  • RSA Archer Platform Fundamentals for Business Users - $800

 


Aug 15 (Wed):

  • RSA Archer Advanced Workflow & Navigation - $800 - NEARLY SOLD OUT!
    • This one-day workshop includes instructions for navigating the new interface introduced in RSA Archer 6, an overview of main differences between versions 5.x and 6, and extensive hands-on practice using the new Advanced Workflow feature.
    • Registration Link: https://education.emc.com/index_guestLogin.htm?id=822522965 
  • RSA Archer Platform Fundamentals for Business Users - $800

 

And if you just can’t get enough of our amazing RSA Archer instructors, during the conference itself, please be on the lookout for a lab room running multiple sessions of our popular Self-Guided Exploration Lab.  There, you can get hands-on practice with any of the RSA Archer Use Cases of your choice!

 

We look forward to seeing you this year in Nashville! 

 

All the best to you and yours,

 

Megan Olvera

RSA Archer Education Services Practice Lead

We have all heard it.  In one way or another.  The Yanny vs. Laurel sound clip is raging across the internet.  Mainstream media has thrown major fuel on the fire.  Jimmy Fallon spent considerable time debating on his show with Questlove throwing in his own version.  Which camp are you in?  It is amazing how an audio trick manipulating the pitch of a sound clip can get so much attention.  Clever?  Yes.  Earth shaking?  Not really, but a distraction from the normal day-to-day grind.  While not as hot of a topic – I doubt Ellen or The Today Show will pick up the story – risk management has its own Yanny and Laurel.

 

The term GRC has been in the industry for over 15 years and while it has been accepted and grown to represent a core business process in many organizations, it also has built perceptions around the feasibility and applicability of these programs.  In some organizations, GRC has taken hold and is an accepted term.  In other organizations, though, GRC represents a bureaucratic, complex concept requiring heavy operational processes resulting in little value.

 

Today, organizations are faced with a much more complex and fast moving challenge that GRC programs may, or may not, be equipped to address.  Many organizations are being overwhelmed by the magnitude, velocity and complexity of existing and emerging risks – struggling to respond to business risks, rather than seizing opportunities that drive the business forward.   The reason is that many organizations’ current risk management mechanisms are undeveloped, disconnected or ineffective.

 

Organizations must manage risk with more agility and integration than ever before.  The strategies driving business success – for example, technology adoption or market expansion –introduce more risk.  The interdependence of digital and business strategies have converged cybersecurity and business risks creating a complex set of problems.  Industry and government requirements fuel increased scrutiny by regulators.  Organizations have an increasing reliance on external parties including service providers, contractors, consultants and other third parties that complicate their business risks.  Executives and boards demandi the business manage risk without excessive costs affecting the bottom line.  The media is ready to pounce on any incident – from a data breach to a compliance failure to a corporate scandal.  Increasing reliance on technology exposes businesses to the explosion of dangerous cyber threats.  Any delay or setback in meeting business objectives can mean the difference between success and failure in today’s highly competitive market.

 

Integrated Risk Management (IRM) represents the next evolution of GRC.  IRM covers many of the same concepts as GRC but stresses the agility and flexibility needed by today’s modern enterprise.  IRM highlights the integrated nature of risk:

  • Horizontally – Risk management must integrate across risk domains (security, compliance, resiliency, etc.) since no risk today stands alone.  For example, a security issue can be a compliance issue, result in a business disruption, involve a third party and result in financial losses and reputational damage.   Establishing a common program to cross operational functions and foster a multi-disciplinary approach to risk management is the horizontal element of IRM.
  • Vertically – Risk management must connect operational risks to the business strategies and vice versa.  Taking that same security issue as an example, if you can articulate the business impacts of a security incident, you are creating a more relevant starting point for the business to understand what is going on.  As risk and security teams are being asked to protect the business, they must then understand the business they are protecting.  Connecting strategic objectives to operational events, risks and controls are the vertical element of IRM.

As risk management programs mature in these two directions – horizontally and vertically – the organization starts building a truly integrated view of risk and is better positioned to adjust risk management strategies to address the volatile nature of risk in today’s enterprise.

 

So which do you hear when your organization says ‘we need to deal with emerging issues and the uncertainty related to strategic business objectives”?  GRC?  Or Integrated Risk Management?  It’s unlikely this dispute will become fodder for late night talk shows, but it is worthy of a discussion in your organization today.  Now if we could only settle the Blue Dress/Gold Dress argument

With data breaches increasing at a record pace, an Information Security Management System (ISMS) has transformed from an IT buzzword into a necessity for most organizations. According to a report recently released by the Identify Theft Resource Center, there were nearly 1,600 data breaches reported in the United States in 2017. This represents an increase of 44% from figures reported in 2016.  More alarming is the average cost of a breach, estimated to be roughly $3.6 million per incident, according to a report conducted by Ponemon Institute. These numbers are only expected to increase in 2018, necessitating a proactive approach to cybersecurity.

 

To address the increasing occurrence of data breaches, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) published an updated version of ISO 27001 in 2013. Part of the ISO 27000 family of standards, ISO 27001 outlines the policies, processes, and procedures required to implement an ISMS. Regardless of organizational size or type, ISMS can be applied to secure information assets and manage information in all its forms. Organizations that meet these standards may pursue ISO 27001 certification following a successful audit. Not only is certification useful for protecting valuable data and information assets, but ISO 27001 covers many of the requirements necessary to adhere to the new General Data Protection Regulation (GDPR) that will be in effect May 25, 2018.

 

ISMS Dashboard

ISMS Dashboard

 

To account for updates to ISO 27001, we have released an enhancement to our Information Security Management System offering in version 6.4, released last week. Features new to the release include:

  • Automatic risk scoping that allows for the simultaneous generation of ISMS risk and control records.
  • ISMS Risks application that generates a snapshot of each risk facing ISMS assets at a point in time.
  • ISMS Controls application that catalogs all control procedures applied to risks.
  • ISMS Audit application that provides a taxonomy for reviewing risks and controls, generating findings, and applying exception requests.
  • ISO 27001 questionnaire that identifies key gaps in the organization’s risk posture.
  • Ability to apply ISO 27002 control procedures to mitigate inherent risks.
  • Personas and record permissions necessary to managing an ISMS and enforcing role-based access control.
  • Generation of a Statement of Applicability that can be provided to external auditors for ISO 27001 certification.

 General Information

ISMS General Information Section

 

There are three components crucial to managing an ISMS:   

  • Determining key organizational assets                               
  • Identifying potential risks
  • Applying mitigating controls                        

 

As an organizational ISMS continues to evolve, these components must be regularly evaluated and refined to ensure risks facing crucial assets are properly mitigated. The RSA Archer ISMS use case sits at the convergence of these components, allowing users to seamlessly scope assets and stakeholders, manage inherent risk, and apply mitigating controls from a library of ISO 27002 content.

 

With RSA Archer ISMS users can:

  • Protect the confidentiality, availability, and integrity of data
  • Reduce costs associated with information security
  • Provide a centrally managed framework for information security
  • Ensure that information in all forms are secured

 

Interested in learning more? Join us for our Free Friday Tech Huddle this Friday, April 27 to hear more about the offering and see a live demo. The Free Friday Tech Huddles are available to existing RSA Archer customers. If you are not yet a customer but interested in learning more, please contact your local representative or authorized reseller—or visit us at www.rsa.com.

A key to delivering a solid risk management program is the quality and performance of the processes fueling your organizations’ strategy. Getting solid results through efficient processes enables your program to achieve the reach necessary across the enterprise to address risk effectively. These two facets – quality and performance – were the key themes of our most recent release.

I am pleased to announce the general availability of RSA Archer Release 6.4. RSA Archer 6.4 delivers enhanced capabilities for RSA Archer Platform focused on improved data quality and feed performance and greater performance and serviceability.

Integration is critical in gathering the information for your risk program. RSA Archer’s integration capabilities are core to the platform and the 6.4 release enhances the data feed capabilities in RSA Archer with more ability to transform inbound data before it is brought into the RSA Archer Platform. Release 6.4 also improves the performance of data feeds by batching records and calculation improvements.

In addition, there are some fantastic new features that improve the user experience and make life easier for administrators. The ability to embed reports on application forms and calculate cross-references based on data filters are two new capabilities that will improve how users view data and how administrators can streamline data input.   For easier serviceability of the RSA Archer Platform, a new permissions investigation console has been added to simplify the role and group access control troubleshooting. Additionally, the expansion of advanced workflow capabilities captures advanced auditing insight and logging workflow history within the History Log field.

RSA Archer Release 6.4 also introduces new capabilities for RSA Archer IT & Security Risk Management use case offerings:

  • The new RSA Archer Cyber Incident and Breach Response use case is designed to align security to business risk. It provides a consistent measure of control efficacy and centralizes the process for responding to business impacting security incident.
  • New capabilities for the RSA Archer Information Security Management System (ISMS) use case enable users to automate scoping of ISMS resources, conduct a gap analysis, and generate a Statement of Applicability.

These are just some of the highlights of the release.   With the release of 6.3 in October 2017 and this release, we continue on our journey to make RSA Archer the system of engagement and insight and help your organization implement high quality, high performance risk management processes.

For more information, see the Product Advisory.

In my previous blog about cyber risk quantification and privacy, I suggested that there is a role for assessing risk using cyber risk quantification and assessing risk from a privacy orientation.  Let me explain further.  Cyber risk quantification is hugely important to an organization!  Cyber risk quantification is used to answer these kinds of questions:

  • What would be the monetary impact on the organization, if it experienced a cyber breach?
  • How much, in monetary terms, is risk reduced if a particular control is implemented?
  • What’s the monetary value of implementing this control over that control?
  • How much cyber insurance should be purchased to cover the organization’s cyber risk (what should be the dollar limit of the insurance policy on a single and aggregate loss basis)?

These are extremely important questions that every organization needs to answer.  When these questions can be answered in monetary terms, it is much easier for executives and the board to prioritize the allocation of scarce human and capital resources in the management and transfer of risk.

Privacy laws change the orientation of risk assessment from the impact of a cyber incident on the organization to an assessment of how the cyber incident would impact an individual.  Originally, privacy laws were very prescriptive about the obligations to individuals, as can be seen in these two regulatory obligations:    

  • The Australian Privacy Principles state that an “entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, as well as unauthorized access, modification or disclosure.”
  • Section 501 of the U.S. Gramm-Leach Bliley Act states that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.

Contrast these rather prescriptive requirements with the EU General Data Protection Regulation, effective this May.

  • The EU-GDPR was designed to “protect [the] fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”

The EU General Data Protection Regulation broke from the older, more prescriptive, requirements of the Australian Privacy Principles and the U.S. GLBA, and expanded the scope to include “fundamental rights” of EU citizens.  In the United States, this would be analogous to equating GLBA with the Declaration of Independence, where you might end up with a privacy statement like “institutions have an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information so as to not infringe upon the individual’s unalienable right to life, liberty, and the pursuit of happiness.”

As I said, The EU-GDPR was designed to “protect [the] fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”  There happen to be fifty fundamental rights identified in the Charter of Fundamental Rights of the European Union.   Not all 50 of these fundamental rights could be infringed by poor information security but a thorough risk assessment requires the assessor to evaluate the likelihood and impact that an information security incident could have on the individual’s fundamental rights.

The change in orientation from assessing the impact of a breach to the organization to one of assessing the impact on the individual ultimately influences an organization’s cyber risk appetite too.  An organization may have an appetite for $10 million in cyber breach-related costs but zero tolerance for an information security breach that could compromise the life and safety of employees.  Both risk appetite statements are perfectly logical. However, to assess the risk requires two different but complimentary approaches: Cyber Risk Quantification and Privacy Risk Assessment.

I have been obsessing over the question of whether cyber risk quantification, as we understand it today, can serve as a reasonable proxy in assessing risk associated with privacy regulations such as the EU General Data Protection Regulation.  The EU-GDPR says the obligation of companies is to “protect[s] fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”  Article 6 of the Charter of Fundamental Rights of the European Union states that one “fundamental right[s] is the right to Liberty", which encompasses the concept of self-determination.

 

I am not at all confident that traditional cyber risk quantification is a suitable proxy for an individual’s privacy risk related to this fundamental right.  For example, a company might perform a quantified risk assessment of non-compliance with the EU-GDPR that concludes there is an 80% probability of a fine of 4% of global revenue + 10 million Euros of customer litigation.  This is a great approach if you need to understand the potential monetary impact to the organization for non-compliance but, if your intent is to truly comply with the law, it seems to me that you may have to take an individual-focused approach to risk assessment. 

 

In short, what is the risk to an individual's fundamental rights if they are subject to psychographic profiling by a company like Cambridge Analytica, for the purpose of manipulating public opinion that undermines the individual's right to self-determination?

 

After pondering this with a number of people, I think the answer is that different risk assessment approaches must be employed.  In those circumstances where you want to understand the monetary impact to the organization, you would use cyber risk quantification.  In those circumstances where you want to understand the impact to an individual, you must do the assessment from the individual's perspective.  This bifurcated approach will no doubt leave many organizations faced with circumstances where they have determined that the risk to the individual is great but to the organization, comparatively small.  

 

What do you think?

 

Hi RSA Archer fans,

 

Once again, your friends at RSA University have teamed up to bring you some exciting pre-conference training opportunities! Please note that these training courses are limited in the number of students we can accommodate per course, do require pre-registration, and carry a cost that is separate from your conference fee. That said, these prices are at least 20% off list price, and as prior Summit and Charge events have shown, the available discounted training spots will go fast!

 

Based on response and instructor availability, we may be adding more courses to this line-up as the event approaches, but we can’t promise that just yet.  We strongly recommend you don’t delay and risk losing your chance to add even more value to your trip to Nashville for the RSA Archer 2018 Summit!

 

All of these courses will be held at the Sheraton Grand Nashville Downtown, a quick 3 minute walk from the main Summit hotel.  We commit that you’ll be out in time to join in the opening night fun on Wednesday, so make sure you register for the RSA Archer Summit as well if you haven’t already!

 

Visit the RSA Archer 2018 Summit website for registration and ongoing event information as we head toward the August 15-17 Summit event.

 

Links to register for pre-conference training are included below.

 

Aug  14-15 (Tues-Wed):

  • RSA Archer Boot Camp - $1600
    • In this consolidated, 2-day version of our 4-day Admin I course, students will gain knowledge of the key RSA Archer 6.x platform components such as applications, security management, and communication tools through presentations and hands-on practice.
    • Registration Link: https://education.emc.com/index_guestLogin.htm?id=778968095 

 


Aug 14 (Tues):
 

  • RSA Archer Advanced Workflow & Navigation - $800
    • This one-day workshop includes instructions for navigating the new interface introduced in RSA Archer 6, an overview of main differences between versions 5.x and 6, and extensive hands-on practice using the new Advanced Workflow feature.
    • Registration Link: https://education.emc.com/index_guestLogin.htm?id=822522965
  • RSA Archer Platform Fundamentals for Business Users - $800

 


Aug 15 (Wed):

  • RSA Archer Advanced Workflow & Navigation - $800
    • This one-day workshop includes instructions for navigating the new interface introduced in RSA Archer 6, an overview of main differences between versions 5.x and 6, and extensive hands-on practice using the new Advanced Workflow feature.
    • Registration Link: https://education.emc.com/index_guestLogin.htm?id=822522965 
  • RSA Archer Platform Fundamentals for Business Users - $800

 

And if you just can’t get enough of our amazing RSA Archer instructors, during the conference itself, please be on the lookout for a lab room running multiple sessions of our popular “Choose Your Own Adventure” style lab.  There, you can get hands-on practice with any of the RSA Archer Use Cases of your choice!

 

We look forward to seeing you this year in Nashville! 

 

All the best to you and yours,

 

Megan Olvera

RSA Archer Education Services Practice Lead

In today’s connected world fueled by the digital transformation, the more digital the business, the more the differentiation between cyber risk and business risk disappears. As part of their fiduciary responsibility toward shareholders and customers, boards and executives are expected to incorporate cyber risk management as part of their business strategy. This adds considerable challenges to already overwhelmed IT risk and security teams in translating technical risks into business terms – namely financial impacts.  A key element to address these challenges is bridging the ‘gap of grief’ – translating IT and security risk into business terms. For IT and security teams to adequately communicate security threats to the business, the business must understand the risk in the context of the business.  Most often, cybersecurity is treated as a technical concern, and important business questions such as "are we doing enough?" and "are we spending too much or too little?" get unsatisfactory responses, if any.

 

I am pleased to announce RSA Archer's latest addition to our Suite of use cases - RSA Archer® Cyber Risk Quantification.  The RSA Archer Cyber Risk Quantification use case is designed to quantify an organization’s financial risk exposure to cybersecurity events. This new use case helps CISOs prioritize risk mitigation efforts based on business and financial impact and communicate the impact of cyber risk in financial terms to the board and senior management. Armed with this financial data, organizations can make more informed decisions regarding their risk and security investments or cyberinsurance coverage.

 

RSA Archer Cyber Risk Quantification utilizes a purpose-built platform that leverages the Factor Analysis of Information Risk (FAIR) methodology, a well known standard for quantitative risk assessment for IT and cybersecurity risk management. This new use case under the RSA Archer IT & Security Risk Management solution area provides a set of modular approaches to help organizations get started quickly, including mathematical simulations to build a risk profile with limited data. RSA Archer Cyber Risk Quantification utilizes a built-in risk calibration and analysis engine to “do the math” and a user interface and workflow to provide a user-friendly process for risk data collection and quantification.  On-demand risk analytics provide answers to questions on the fly, eliminating the need to create time-consuming and outdated reports.

 

RSA Archer Cyber Risk Quantification, delivered through a strategic partnership with RiskLens, enables businesses to quantify and communicate their cyber risk in the common business language of monetary terms. Armed with the understanding of cyber risk in financial terms, the business can calculate and demonstrate the value of cybersecurity initiatives.

 

Read the press release, visit the product page on RSA.com or contact your RSA sales representative for more information.

Are you doing cool and great things with RSA Archer but are too modest to tell anyone about it?  No need to keep it a secret any longer, come down to the RSA Archer Summit 2018, Aug. 15 -17 in Nashville and tell us all about it!

 

For the past fifteen years, the RSA Archer Summit has offered attendees a unique opportunity to learn from other RSA Archer customers and users new and innovative ways RSA Archer is being used in organizations to help achieve strategic business initiatives.  The RSA Archer Summit a great venue to share ideas, learn from peers, and develop friendships and business relationships that can help you and your organization excel.

 

This will be my fifth RSA Archer Summit, and in that time I have spoken to hundreds of customers, all doing amazing things with RSA Archer.  Many whom I have talked to would love to chance to talk about what they are doing with RSA Archer, but are not quite sure how to pull it together into a presentation or which track they should submit their submission to.

 

If this is you, don’t worry, submitting an idea for a topic, session or roundtable is easy to do!  And if you are not quite sure if your idea for a session is a good one, just ask us.  We can help you craft your idea into a great presentation or roundtable conversation that fellow Archer users will find helpful and informative.  You just have to ask…  We will help you make your session a success and walk you thru every step of the process.  It’s easy, you just need to take the first step.  Send us an email at RSAArcherSummit2018@rsa.com with your questions or ideas for a topic.  We would be happy to work with you on developing your ideas.

 

But don’t wait too long to send in your questions or session topics, submissions are due by March 30th, 2018

 

We have three main topic areas for this yeas RSA Archer Summit to make it easier for you to select the one that best fits your session.  Below is a brief overview of each topic area.  If you need more information on each topic area, make sure and read Steve Schlarman’s blog "Call for Speakers".

 

Topic Areas:

Business Risk Management

  • Sessions should focus on best practices in enterprise and operational risk management, IT risk management and security, operational risks, third party governance, compliance, business continuity risk or audit.  The audience for this track will be risk, security, compliance, audit and continuity professionals tasked with execution of these processes.

The RSA Archer Journey

  • Sessions should focus approaches, strategies and recommendations for the implementation of your business risk management program from an organizational perspective. The audience for this track will be individuals responsible for overall program execution, strategy, project managers, GRC champions or those tasked with getting a program up and running.

 RSA Archer Technical

  • Sessions should cover beginner to advanced uses of the platform, custom objects, data feeds, on demand applications, integrations, etc.   The audience for this track is RSA Archer administrators, developers, integrators or those tasked with operational support of the RSA Archer platform.

 

If you are contemplating submitting a session, know that this is a very rewarding experience.  And remember, we are here to help you, so send us your ideas, session and roundtable questions to RSAArcherSummit2018@rsa.com if you need some guidance.  Presenting at RSA Summit is not as hard as you think and can be a very rewarding experience.

 

The Submission process is simple:

  1. Download the form.
  2. Fill out the form completely.
  3. Send the form to RSAArcherSummit2018@rsa.com. Include “Speaker Submission” in the subject line.

 

If you have any questions or issues with the form, contact RSAArcherSummit2018@rsa.com.

 

MARK YOUR CALENDARS: The Call for Speakers ENDS MARCH 30, 2018.  

Selections will be communicated with speakers once the selection committee reviews all submissions.

Even if you aren’t looking to speak, don't forget to REGISTER.  Looking forward to seeing you in Nashville in August!

In the wintery cold of February, the summer heat of August seems like a distant dream. But planning for RSA Archer Summit 2018, Aug. 15-17 in Nashville, Tennessee, is already in full swing.

 

And we need YOU!

 

RSA Archer Summit 2018 Call for Speakers

 

The key to the success of the RSA Archer Summit has always been the active participation of our customers as presenters and panelists. Customer presenters offer a view into the work of GRC thought leaders -- people who are pushing the boundaries of what’s possible with RSA Archer and developing powerful use cases within their organizations and industries.

 

Are you ready to inspire others? Send us your speaker submission today!

 

Need a speaker submission form? Download it here.

 

Have questions? Please contact RSAArcherSummit2018@rsa.com.

 

Hurry! Don’t miss out. Plan ahead for summer and send us your speaker submission for RSA Archer Summit 2018 today. The March 30, 2018 submission deadline is just around the corner. And the RSA Archer Summit will be here before you know it!

Filter Blog

By date: By tag: