Skip navigation
All Places > Products > RSA Archer Suite > Blog
1 2 3 Previous Next

RSA Archer Suite

310 posts

With today’s ever growing threat landscape, the volume, sophistication, and potential damages of attacks is increasing. It is becoming increasingly harder to stop attackers from entering your system networks, isolating their motives, and most importantly removing them once they are there.  A typical security environment uses multiple disconnected technologies, supplying an immense amount of information.  Prioritizing a specific piece of data is important to responding quickly to attacks.  At a higher level, however, there is a need to understand if the security strategy is really effective for the business.  In summation, businesses need to change their security strategies.

 

The solution?  RSA provides a top down approach strategically linking business risk management with security events and priorities

  • Make security teams operationally more impactful
  • Strategically manage business risk

By bringing different practices together, linking security incidents with business context allows security teams to respond faster to protect what matters most.

The RSA suite of tools

  • Keeps the bad actors out, but allows entry to those that have legitimate need to easily access the system
  • Enables visibility and analytics to view the big picture to provide insights into specific attacks
  • Provides business context linked to contextual intelligence for a more informed approach
  • which can then be translated into action

The video in this eLearning discusses how RSA’s tools provide both the detailed information linked to the business context to protect the most sensitive assets.

 

https://community.rsa.com/docs/DOC-79242

We know you really want to join the more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017, Oct. 17-19 in Dallas. Now you have one final, limited opportunity to enjoy a $300 savings with our ‘throwback’ to the Early Bird Discount Rate of $645.

 

This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security strategy in an increasingly uncertain high-risk world.

 

Use the Throwback Thursday code 87CTHRWBCKJUL and save $300 on your attendee pass.

 

Need a little more convincing, in addition to the $300 savings? Well, we have this covered too!

 

Check out our latest Keynote Lineup, including

  • Marc Goodman, Global Security Advisor, and Futurist will explain how to cultivate informed workforce to create a human firewall, in what promises to be a highly engaging and humorous keynote presentation

 

Sneak Peek at our Upcoming Agenda of robust programming you can expect at RSA Charge 2017. Tracks include:

  • Taking Command of Your Risk Management Journey
  • Transforming Compliance
  • Managing Technology Risk in Your Business
  • Inspiring Everyone to Own Risk
  • Detecting and Responding to Threats That Matter
  • Secrets of the SOC
  • Identity and Access Assurance
  • Reducing Fraud, While Not Reducing Customers
  • RSA Archer Technical
  • RSA Archer Technical, Advanced

 

Don’t miss out on your chance to attend RSA Charge 2017 with the limited ‘Throwback Thursday’ event. Use code 87CTHRWBCKJUL to register.

 

Discount code expires Thursday, July 27, 2017, at 11:59 PM PST. Offer cannot be combined with any other promotional code.

 

For the third time in a row Dell RSA Archer is very excited and honored to be recognized by Gartner as a Leader in the 2017 Magic Quadrant for IT Risk Management!!

 

2017 Gartner Magic Quadrant - IT Risk Management

RSA Archer (Dell Technologies) was positioned as the IT Risk Management vendor with the highest rating for "Ability to Execute." We believe our understanding of the market, product innovation, and geographic reach are just a few of the highlights that earned us this well received recognition this year.

 

We humbly extend our sincerest gratitude to our customers for sharing their valuable insights and experiences working with RSA Archer with Gartner directly. While it isn't difficult to find vendors talking about the importance of their customers, here at RSA Archer our customers really do define our success. Our large, recognized community of active users is at the heart of how we drive our products forward.

 

Whether you're just beginning to explore GRC or you’re already managing a successful program, I encourage you to review Gartner's full report. Many valuable market insights can be found, along with important things to consider as you prepare to take command of your GRC journey.

 

Need help building a business case? Check out resources on the RSA Link Community for detailing the business value of RSA Archer and estimating ROI. We're also standing by, ready to answer your questions as we continue our mission to enable customers to know which risks are worth taking.

 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Dell Technologies.

Results of a recent Deloitte global survey on third party governance and risk management found that "87% of respondents have faced a disruptive incident with third parties in the last 2-3 years, of which 28% faced major disruption and 11% experienced a complete third party failure."

 

Clearly, the significance of third parties in business today – and the risk that comes with it -- can’t be overstated. With growing reliance on third parties and outside vendors in all aspects of business, now more than ever, organizations need the right tools to help them properly manage these critical relationships.

 

It is against this backdrop that we are pleased to announce that Gartner has named Dell RSA Archer as a Leader in the 2017 Gartner Magic Quadrant for IT Vendor Risk Management – the third consecutive time for this designation. The report evaluates and compares IT VRM software vendors with respect to competitive buying criteria.

 

 

We believe Gartner has once again recognized RSA Archer as a Leader in the IT VRM market based on the robust feature set of our solution and the configurability and workflow options our platform provides customers. We also think Gartner understands our use case approach that allows customers to deploy our solutions based on their current and expected levels of maturity without unnecessary overinvestment or complexity.

 
We’d like to sincerely thank our customers who participated in Gartner's assessment this year.  We know you are very busy, but your feedback is invaluable in helping to inform others of your experience with RSA Archer.

 

Please contact us if you would like additional information regarding any of our solutions, including RSA Archer Third Party governance. If you would like to receive a copy of the Gartner Magic Quadrant for IT VRM, click here.

 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Dell RSA.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose
.

I’m dating myself here, but I used to love to watch the Andy Griffith Show. I liked Andy’s calm demeanor as he tried to raise his son Opie while dealing with Barney Fife, his neurotic sidekick. I especially enjoyed this exchange between the two of them as they discussed raising kids:

 

Barney:  Well, today's eight-year-olds are tomorrow's teenagers. I say this calls for action and now. Nip it in the bud. First sign of youngsters going wrong, you've got to nip it in the bud.

Andy:  I'm going to have a talk with them. What else do you want me to do?

Barney:  Well, don't just mollycoddle them.

Andy:  I won't.

Barney:  Nip it. You go read any book you want on the subject of child discipline and you'll find every one of them is in favor of bud-nipping.

 

Nip it in the bud. In other words, deal with issues promptly and don’t let them linger. (Having raised a child or two, I’ll add the need for fair rules, love, and consistent treatment relative to the child and their behavior.)   This bud-nipping does help to some extent as younger kids turn into teenagers, but you still get that kid that’s just an unpredictable tsunami regardless.  However, for the most part it helps to have a plan with the younger ones so that when they get older the tsunamis aren’t devastating.

 

Apply this to incident management versus crisis management: incidents are like young kids and crisis events are like teenagers.  Incidents are typically small events that routinely occur in running an organization.  They could be safety-related, employee-related, or a manufacturing incident, depending on the type of organization. They’re usually not a big deal and are resolved fairly easily. Crises, on the other hand, are incidents that have gotten out of control. They’re bigger and oftentimes very nasty. Each crisis is unique, so we may not have all the details or information at the time on how to deal with them.

 

My point? Organizations need to spend more time putting solid incident management procedures in place – “bud-nipping” if you will -- to reduce the likelihood that incidents turn into crises. Here are three ways to do that:

 

  1. Keep it simple and consistent. Have a simple and consistent process for dealing with incidents. Make the process simple because on top of normal resolution procedures, you will also have unique incident types that will require different steps to resolve them. Simple incident resolution processes are more consistent and can be applied the same way. Simplicity also helps people better understand their roles in dealing with incidents.
  2. It takes a village. Just as the adage says “it takes a village to raise a child,” it also takes a village to handle incidents – and even more so if and when they become crisis events. Make sure your process for dealing with incidents includes the appropriate people, depending on the incident type. For example, if the incident is employee-related, include human resources. If the incident could result in public exposure, involve your public relations experts. And include them as needed, but sooner than later, which leads to my last point.
  3. Act quickly and early. If you’re going to make an assumption about incidents in general, assume any one incident has the potential to turn into a crisis and treat them accordingly. Some incidents are just a normal part of doing business, while others are more complex or subjective. For both types, keep in mind that an ounce of prevention is worth a pound of cure. Act quickly and early to resolve them.

 

Now, having said this, there will still be those incidents that turn into full-scale crisis events -- just like regardless of doing all we can to raise well-behaved kids, those unruly teenagers can still pop up from time to time. You must have plans to deal with crises, too, but that’s the subject of another blog, or a book or two. The main point I wanted to make today, similar to Barney Fife’s approach to “nip it in the bud”, is to treat incidents that occur in the normal course of business seriously.  Deal with them promptly and involve the right participants.  For more interesting conversation, email me at Patrick.potter@rsa.com.

 

 

Calling all RSA Archer customers!! RSA Charge 2017 (Dallas, TX, Oct. 17-19, 2017) will be here before you know it -- and NOW is the time to submit your nomination for the RSA Archer Awards.

 

This year, we will once again honor organizations that are implementing RSA Archer governance, risk, and compliance (GRC) solutions in innovative ways. The awards recognize customers that are building cutting-edge use cases and integrations using RSA Archer to support process automation, collaboration and reporting.

 

This year’s awards categories include:

  • Innovation Award
  • Return on Investment Award
  • Community Advocate Award
  • Excellence Awards

 

We invite and encourage all RSA Archer customers to submit an award nomination for their organization in any of these award categories. Simply download and complete the nomination form and tell us about your organization's approach to solving GRC challenges. Then email your completed nomination form to susan.jessee@rsa.com. The deadline is Monday, July 24, 2017!

 

If you have any questions regarding your submission, please contact your field sales and/or existing accounts manager.

 

We look forward to receiving your submissions. And good luck to all!

Following on a series of high-profile accolades, RSA Archer was recently recognized with two OperationalRisk Awards: Best Overall Provider of the Year Award; and Best Cyber Risk / Security Product Award.  These two awards represent an acknowledgment of the ongoing importance of cyber risk management within an overall operational risk management program and RSA Archer’s leadership as a business risk management solution.     

 

The RSA Archer Suite enables organizations to manage the breadth of operational risks that exist today.  As it relates to information security, in particular, the RSA Archer Suite helps organizations understand what information is important to protect, where it is located within the organization, the risk it poses, the risk treatments in place to mitigate and transfer risk, the means to document control design and effectiveness tests, manage policies, enforce accountability for outstanding issues, and enable collaboration between IT and the rest of the organization, transforming traditional technical discussions of cyber security into a Business Driven Security discussion.

When announcing these awards the publisher stated:

“The [RSA Archer] system has not only proven itself to be reliable and insightful, according to users, but it has also made the monitoring and control of cyber risk accessible to users across the enterprise, from non-security functions to the CISO. Sitting within the broader RSA Archer governance, risk and compliance platform, the system can be used to identify threats that may harm the entire enterprise.

‘Business continuity manages their risk. Compliance and control evaluations manage their risk. RSA Archer has enhanced our ability to bring these areas together, and we’re finding that linking business continuity to security and to vendor risk provides a more comprehensive risk picture,’ explains one user.

Whilst comprehensive, RSA Archer has also proven flexible in its application, so that institutions’ risk management frameworks have not had to be reconfigured in order to accommodate the platform. By avoiding a prescriptive approach, the system has even been accessible to firms with well-established methodologies.

Judges recognized RSA’s flexibility as well as the technical capabilities of the platform.”

We couldn’t be more pleased.  These awards provide validation that we are bringing the best solutions to market to fulfill the business needs of our customers; and our customers can be confident that they are using the best solution to address their problems around information security governance and operational risk management.

Full Story

RSA Charge 2017’s ‘Call for Speakers’ resulted in an unprecedented number of abstract submissions across all RSA product solutions – RSA Archer Suite, RSA NetWitness Suite, RSA SecurID Suite (including RSA Identity Governance & Lifecycle), and RSA Fraud & Risk Intelligence. The submissions from RSA customers and partners included the sharing of first-hand knowledge, advice, ideas, experiences, case studies, and even war stories that submitters wanted to share with their RSA product peers at the Charge event in October.

                          

Though the RSA Charge Program Selection Committee is thrilled by the high caliber of submissions, the Committee now faces the hard task of whittling down the list of submissions to 100 across all RSA products. Though no final decisions have yet been made, the Committee noticed that there were many submissions that had similar titles and themes, so they decided to allow you the opportunity ‘voice your choice’ from a small, random subset from the abstracts received.

 

And, for the first time, with a registered RSA Link account, you can vote on Tracks across the entire RSA product portfolio. That’s right, you can vote on any of the product Tracks listed, but you can only vote once ‘per abstract.’

 

So let your voice be heard - this is your chance to 'vote your choice' and have a say in this year's RSA Charge 2017 Agenda. To vote, simply click on the Proposal Abstracts and cast your vote across all RSA Product Tracks.

 

Thank you for the amazing ‘Call for Speakers’ submissions for RSA Charge 2017 – it’s going to be an event you will not want to miss. If you haven’t registered for RSA Charge 2017, be sure to do so today!  

 

Our worlds often consist of constant change, an overload of incoming emails, and what feels like a never-ending series of meetings.  With so much information coming at us, our ability to adapt to change really relies on our ability to quickly and easily find pertinent information, right when we need it.

 

Updating your RSA Archer environment is one such change that you may feel you’ve seen a wealth of information on, but now that you’re getting ready to move to the next build, where-oh-where can you find that information that is now lost in the shuffle?

 

That’s where the RSA Archer Navigator can help. By using the Focus filter of Release Notes and Advisories, you can immediately drill down into a complete list of all such documentation that’s been made available in recent years.  Add or change the filters to reference your Role of Admin, your Expertise level, add a Media Type of Documentation, or make other changes, and your results will adjust to display the data that’s important to you. 

 

Some examples of documentation available include a look at the RSA Archer Release 6.2 Upgrade Process, RSA Archer 6.2 and later Release Notes, and more.

 

No more needing to know just the right keyword in order to find the information you need – use the Navigator filters to define general categories, and let us do the steering for you!

 

Watch the RSA Navigator video to maximize your Navigator experience, and if you haven’t yet taken a drive over to our Navigator page, route your path today!

We heard you loud and clear - with the upcoming long Memorial Day weekend fast approaching, school classes ending in the Midwest for the summer, and a host of work-related commitments, you wanted more time to submit Call for Speakers (C4S) Abstracts.

 

We are pleased to tell you that the deadline for C4S submissions has been extended and is now EOD on June 9, 2017.

 

This is a hard deadline, however, and will not be extended again so we can meet all the time-sensitive event activities leading up to RSA Charge 2017.

 

All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit!

 

First, check out the webinar replay of 'What You Should Know Before Submitting Your Proposal' and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission Form. There are also FAQs to help you too. 

 

The Tracks for RSA Charge 2017 include:

 

(Governance, Risk & Compliance)

Inspiring Everyone to Own Risk

Managing Technology Risk in Your Business

Taking Command of Your Risk Management Journey

Transforming Compliance

RSA Archer Suite Technical

RSA Archer Suite Advanced Technical

 

(Security Operations, Identity, Anti-Fraud)

Detecting and Responding to the Threats That Matter

Identity Assurance

Reducing Fraud, while Not Reducing Customers

Secrets of the SOC

 

Complete Session details are also available.

 

With the extended deadline through June 9, we hope you will consider sharing your first-hand knowledge, advice, ideas, experiences, case studies, and war stories with your peers at Charge 2017. For the many who have already submitted proposal abstracts, ‘thank you’ and we look forward to seeing you in Dallas, Oct. 17-19.

In my previous blog, New Job Chapter One, I described an approach using RSA Archer to drive your Business-Driven Security strategy.  I want to emphasize a couple of points critical to an organization demonstrating their compliance with information security-related regulations like the EU-GDPR, GLBA, NY State Cybersecurity laws, etc.  Here, again, is the BizDS flowchart I introduced:

 

 

 

RSA Archer is used to capture the products and services, IT infrastructure and business processes of the organization (Applications, Servers, Databases, Data stores, devices, web-facing services, etc.).  The type, format (physical or electronic), criticality, and the amount of information handled by or through each business process and each piece of IT infrastructure is documented and the inherent risk of each is calculated.  You now have the information necessary to make decisions about where to apply technical controls (Identity, SEIM, Vulnerability scanners, Firewalls, etc.) and organizational controls (physical access, employee background checks, codes of conduct, SDLC management, training, third-party controls, resiliency, etc.).

 

As you move into the monitoring phase of your information security program, technical controls and organizational control indicators are generating a tidal wave of data, suggesting that there may be weaknesses in your protection of information.  Utilizing a Business Driven Security strategy, the data thrown off by technical controls and organizational control metrics is married back up with the information you have already evaluated about your business processes and IT infrastructure using Archer.  By combining this information you are able to effectively wade through the sea of technical information, understand its business context in terms that are meaningful to the business, prioritizing your response to the information based on its significance to your organization and the resources you have available to work the problems.  Sometimes you are overwhelmed with the number and significance of security gaps and issues to address.  A Business Driven Security strategy helps your technical teams to articulate these gaps and issues in a form the business understands so that they can make meaningful decisions regarding the allocation of additional capital and human resource investments to remedy the problems.

 

In summary, for an organization trying to demonstrate it's compliance with information security-related regulations  like the EU-GDPR, GLBA, NY privacy law, etc., it is essential to demonstrate you can answer these questions:

 

  • Does the organization know what, where, and how much regulated information is managed by the organization and how much risk it poses?
  • Have the technical and organizational risk treatments been implemented around those points where high-risk information is processed, handled, stored, or transmitted in some manner?
  • Are the technical and organizational controls operating effectively and are the events, vulnerabilities, warnings and exceptions generated being addressed in accordance with the business risk they represent?

 

A mature business-driven security strategy answers these questions and can help an organization demonstrate compliance with their regulatory obligations around information security.

 

We explore how to implement a Business Driven Security strategy in more detail in this white paper

RSA CHARGE 2017: CALL FOR SPEAKERS CLOSES MAY 26

It’s down to the final weeks for Call for Speakers (C4S) proposal submissions for the RSA Charge 2017 event.

 

If you are still on the fence, time is running out but there are some helpful aids to get you started. First, check out the webinar replay of ‘What You Should Know Before Submitting Your Proposal’ and then use the Offline Submission Form (for practice) before submitting your proposal using the Online Submission FormThere’s also FAQs to help you before submitting your proposal.

 

The RSA Charge 2017 GRC Tracks include:

  • Inspiring Everyone to Own Risk
  • Managing Technology Risk in Your Business
  • Taking Command of Your Risk Management Journey
  • Transforming Compliance
  • RSA Archer Suite Technical
  • RSA Archer Suite Advanced Technical

Complete Session details are also available

 

All of the information to help you submit your proposal can be found on the RSA Charge 2017 microsite, including Charge registration information – though RSA Charge ‘Speakers’ receive a complimentary pass to the Charge event – another solid reason to submit!

Overview of WannaCry/Wanna Decryptor

As you know, starting late Thursday and hitting mainstream over Mother’s Day there is a current outbreak of a ransomware threat known as “WannaCry” or “Wanna Decryptor”. Ransomware attacks like “WannaCry” are meant to be very visible in order to pressure the victim to pay the ransom. The scale of this attack, together with this specific ransomware family, is unique in that it has worm-like capabilities leveraging an exploit against vulnerable Microsoft Windows® operating systems. This exploit was recently made publicly available and appears to be associated with the “Shadowbrokers” release of nation state hacking tools. As of 5/15/2017 at 1pm ET, the associated income achieved is less than $50k the best we can estimate, less than 150 individuals or businesses impacted that were willing to pay.

 

While details are still emerging, RSA believes it follows a typical attack pattern where a malicious link is delivered through email as part of a phishing scam, whereby the malware installs itself. The malware can spread rapidly when an already infected computer is able to locate additional open and vulnerable computers with outbound internet connections. This malware can travel quickly through an internal network as a result of a core Windows networking function exploit. Microsoft issued a patch for this vulnerability under advisory (MS17-010).

 

The vulnerability exploited in this attack was made public in September, 2016. Microsoft released a patch in March, 2017. If an organization looks at their enterprise risk management with proper cyber hygiene, they may not have been vulnerable to this attack.

 

While mitigating attacks like this, which include host blocking, a robust backup strategy and comprehensive patch management, IT leaders should also be mindful that because of Microsoft’s patch support policy, any organization still running Windows XP, Windows 8 or Windows Server 2003 remain at high risk. Microsoft has issued specific guidance for this attack, which can be found here. This is not a new phenomenon and like in most major attacks, resistance is achieved with disciplined patching hygiene.

 

This latest wave of ransomware continues a trend with this popular attack method. Attackers are shifting away from stealing information for profit, rather taking advantage of the fact that data is critical to its victims for daily business operations.

 

Was RSA or Dell Technologies Impacted?

While we continue to monitor and validate, at this time there appears to be no impact to the internal networks of any of the major Dell Technologies networks.

 

Are RSA Products Impacted?

Individual alerts have been sent to clients using specific products. Because many clients leverage Microsoft OS and products as underlying components of RSA Products, there is a risk they could be impacted. That said, the actual product applications that RSA distributes are not impacted.

 

How RSA Can Help You?

You may be asking how RSA can help. First, recognize that ransomware threats, by design, are noisy and are obvious to the infected victim … this is part of the criminal’s objective and business model. RSA NetWitness® Suite is designed to help identify and provide visibility into a ransomware attack – but as part of this attack method, the victim organization’s data is being encrypted by the malware. This is the same for any advanced threat detection and response technology platform.

 

From a risk perspective, RSA Archer is designed to help automate risk management, prioritizing activities to reduce risk (i.e. Vulnerability Risk Management) to mission-critical systems, and consistently and effectively manage an actual incident.

 

From an investigation and readiness standpoint, RSA can provide strong visibility and expertise, helping users to reconstruct, analyze, and understand the attack for current and future identification of ransomware behavioral indicators and operational performance optimization. Analysts within Security Operations Centers (SOC) can see suspicious activities such as lateral movement of infected systems, and/or attempts to infect workstations and other network and critical business assets to more readily determine the overall operational, business continuity, governance, regulatory and compliance impact of the attack to their business. Lastly, RSA can help security programs and IT operational functions see the last known good state of the workstation to understand when the incident first began in order to measure “dwell time”, determine SOC visibility and detection, gaps and remediation requirements as well as the ability to restore from known good backup. This can help limit data loss and reduce the prospect of paying ransom to the attackers.

 

In a large-scale attack like this, expertise and experience in readiness, response, resilience and business risk management is imperative. RSA can help organizations in their response and readiness efforts and programs. These attacks can be contained and preemptive efforts can be taken to block similar attacks from occurring in the future, minimizing the impact and scale of ransomware campaigns.

 

For a deeper dive on using RSA Netwitness to improve you visibility and make decisive steps to reduce the impact on your environment, see WannaCry from the RSA NetWitness Suite's Perspective and Blocking WannaCry with Netwitness Endpoint.

 

Other RSA and Third Party References

Here are some additional resources if you’d like to learn more about the attack.

 

What's to Come?

New attacks are often followed by attack variants that use a similar infection vector with minor changes to bypass common defenses such as port and allowed path blocking. As such, four broad predictions:

  • Many organizations will not patch core systems, rather put in protective defensives such as AV, blocking ports and IP addresses, and other supplemental actions. Thus, future morphs of WannaCry will continue to impact customers.
  • After some minor reductions in volume of attacks we will see continued:
    • Increase in leveraging attack tool leaks to fuel new attacks. Increase in attacks that focus on incidents that demand immediate monetary payment. (i.e. DDOS, Ransomware, identity change, etc.)
    • Exploit of older vulnerabilities will continue to make headlines.
  • Industry and government regulatory bodies always respond to major cybersecurity events, thus you can assume there will be a continued tighten requirements around vulnerability management and patch hygiene.
  • Risk management will become more fundamental in the scheme of prioritizing resource allocation and spend. More alignment between business needs and underlying security activities are on the horizon … this is still a year of planning and early walks for most organizations.

 

In Summary

While newsworthy and certainly impacting organizations, the underlying issue for WannaCry is patch hygiene. Understanding the IT investments needed to be able to upgrade applications tied to OS changes (i.e. config, patches, etc.) must be a focus for organizations to better improve vulnerability to patch to deployment. Understanding major newsworthy hacking event, can reveal defensive commonalities that can have broad, risk reducing impacts to the organization short and long term.

 

These include:

  • Aligning business risk tolerance to a risk and cybersecurity plan
  • Prioritizing actions to reduce risk (less whack-a--mole)
  • Focus on the fundamentals that positively impact all threats:
    • Educating people
    • Business-driven risk reduction tied to an action-oriented plan
    • Continually test your environment for weaknesses
    • Strengthened identity and access assurance program
    • Assume all defenses will fail and that your understand of your environment isn't optimal.  Make sure you have expert visibility at the perimeter, inside the network, in the cloud and on attached mobile devices.  You must be able to monitor logs, packet traffic and what's actually happening on the endpoint. More importantly, you must have the expert capacity (people) to seek, monitor and respond to threats.
    • Automate your processes wherever possible. Very few organizations can invest at a level that provides enough people to adequately address the workload manually. The more organizations seek to enhance the efficiency and efficacy of their security teams, the greater the probability of success.

 

RSA’s Business-Driven Security solutions uniquely link business context with security incidents to help organizations manage risk and protect what matters most. The RSA Risk and Cybersecurity Practice, our expert professional services team, help organizations identify, assess, and close the gaps; and take command of their evolving security posture. Feel free to contact RSA for further detail or assistance.

 

Additional Resources

Join more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017. This year’s event will be held Oct. 17-19 in Dallas at the Hilton Anatole Hotel.

 

This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security strategy in an increasingly uncertain high-risk world.

 

To whet your appetite, check out Top 10 Reasons to Attend RSA Charge 2017 and Agenda at a GlanceFor those that are waiting for confirmation, the RSA Archer Working Groups will be held on Tuesday, Oct. 17 from 9:00 am – 3:00 pm with more information coming soon. RSA University will also once again be offering condensed training courses beginning Monday, October 16 and on Tuesday, October 17, with information available soon on the RSA Charge microsite.

 

Don’t miss this event - inspiring Keynotes, hands-on labs, strategic security sessions, technical deep-dives, and so much more; register today and save $300 now through June 30 with the Early Bird Discount

 

See you in Dallas!

 

In my last blog "Translating Security Leadership into Board Value" I introduced RSA's most recent Security for Business Innovation Council report along with the concept of Business Driven Security.  A business driven security strategy is of great value to existing CISOs, information security leaders and the organizations they serve.

 

To explore business driven security concepts a little more, imagine that you have just accepted a job at a different company, to be responsible for the company’s entire information security program.  You know very little about your new company except what you have read on their website, via Google searches, and from published financial statements.  You are very excited to start your new job and you know your first priority is to complete a preliminary assessment of information security in a very short period time. 

 

On day one, you know you don’t know:

  • The information most important to the organization;
  • The information security regulations imposed upon your organization;
  • How much important information needs to be protected;
  • Where the important information resides inside the organization and with third parties the organization does business with;
  • What technical and organizational measures the organization has in place to manage and monitor information risk;
  • Whether the technical and organizational measures that are in place are commensurate with the level of information security risk; and
  • Whether technical and organizational measures are designed and sufficient to tell you the potential impact to the organization should the measure fail, a vulnerability arise, or breach occur.

 

By utilizing RSA Archer and consistently applying risk management principles such as those outlined in ISO 31000, you are able to build the foundational elements of a business driven security strategy for just about any type of information that is important to the organization whether it is intellectual property; imposed by contractual obligation, such as PCI; or imposed by regulations such as GLBA or EU-GDPR.

 

The following diagram provides a condensed view of where RSA Archer would be used to enable a business driven security strategy.  RSA Archer is used to document the identification of information at risk, assess inherent and residual risk around the information, evaluate the acceptability of the risk; document the technical and organizational measures to mitigate risk; document decisions regarding the acceptance of risk; performing control tests; and to monitor the on-going risk profile, related key risk and control indicators, and outstanding risk issues to be remediated.  Lastly, RSA archer is used to capture vulnerabilities, incidents, and control gaps, provide insight into their business context and the amount of associated risk so that problems are remediated based on their priority and significance.

 

 

By utilizing RSA Archer as your foundation for Business Driven Security you are able to answer the questions you set out to answer.  You now know:

  • What information is most important to the organization;
  • What information security-related regulations are imposed upon the organization;
  • How much important information needs to be protected;
  • Where the important information resides inside the organization and with third parties
  • What technical and organizational measures the organization has in place to manage and monitor information risk;
  • Whether the technical and organizational measures in place are commensurate with the level of information security risk;
  • Whether the risk treatment measures are designed and sufficient to tell you the potential impact to the organization should the measure fail or indicate that a vulnerability or breach has occurred; and
  • Whether the information security risk profile is changing and why it is changing

 

All of this information informs your conversation with executive management and the board.  You are able to articulate the amount of risk in business terms, justify security expenditures, and state how much various breaches might impact the organization, should they occur.  Finally, with your documentation and methodical approach, you are able to demonstrate to all of your stakeholders, including regulators, that you have a sound, logical, and defensible risk-based approach to information security.

 

Learn more about how Archer can enable a business driven security strategy in your organization with this just released white paper: 7 Steps to Build a GRC Framework Aligning Business Risk Management for Business-Driven Security.