Skip navigation
All Places > Products > RSA Archer Suite > Blog > 2016 > October

What a week! This pre-Halloween week, we held RSA Charge 2016 in New Orleans, the most haunted city in America – and what a phenomenal turnout! We’re thrilled to have more 2,000 attendees join us this week to share best practices for GRC, security and business risk management and to gain invaluable insights from their peers and subject matter experts alike. And the stories shared at RSA Charge are just a small sampling from the more than 1,300 organizations who have implemented Archer.


The spirits of RSA Archer gatherings past – this being our 13th year – give us this opportunity to look at how much the industry has grown and how GRC is shifting. Risk and compliance management is out of the shadows, transitioning from a functional role to an enterprise-wide strategic perspective. Looking at the “Ghosts of GRC Past, Present and Future” helps provide perspective on the continuing growth and transformation of this increasingly business-critical practice.


The “Ghost of GRC Past” had organizations trying to keep up with new regulations and emerging compliance requirements.  GRC was anything but a strategic program for the business, focusing on very discrete problems and a few, select processes. Archer was there in 2000 at GRC’s beginning, as companies began investigating technology enablers.


The “Ghost of GRC Present” has companies formally adopting practices based on industry and international standards, implementing combined strategies to tie together data and consolidate processes, and instituting frameworks to guide procedures. While technology is a cornerstone of risk management strategies, many organizations still have “skeletons in their closet” pockets of disconnected risks that can cause serious damage.


The “Ghost of GRC Future” shows growing emphasis on determining how risks impact your company’s overall performance. The very strategies that fuel your company’s growth are the same initiatives that introduce more risk into your organization. GRC can no longer be considered separate from business strategy and objectives, and evolves to become Business Risk Management.


Business Risk Management is more than connecting dots – it’s anticipating where the next dot will be. That means gathering the right information from the right sources to get the complete risk picture you need to analyze and predict your risk landscape, rather than merely survey it. Clearly, it’s time for the “Ghost of GRC Past” to be laid to rest. It’s time to evolve to beyond GRC to Business Risk Management.

Whether attending the 2016 RSA Charge event in New Orleans, or back at your office, you can now view and/or download any or all of the 60+ customer Use Case presentations starting today, October 25. (Please Note: several will be posted by EOD today)


This year's presentations represent 6 tracks: 

  • GRC - Taking Command of Your GRC Journey
  • GRC - Where Cyber Risk Meets Business Risk
  • GRC - Transforming Compliance
  • GRC - Inspiring Everyone to Own Risk
  • GRC - Archer Technical
  • GRC - Archer Advanced Technical


The 2016 presentations promise to be some of the best submissions we've received to date. , I know, we say that every year, but Archer customers continue to amaze us with their willingness to share their best practices and learnings and even some of the war stories, with other Archer customers.



We want to help you be successful, whether you are fighting the latest security threat or mitigating business risk. Our industry-leading products help you fight those battles, but we know that buying and installing our products are just the beginning of your journey.

RSA offers many resources to help you achieve time to value with your Archer investment. It could be participating in our classroom or on-demand training through RSA University.  Or, it could be learning about Archer via our comprehensive user documentation.  It might also be taking advantage of the discussions with RSA subject matter experts, our partners, or your GRC counterparts on RSA Link…the largest GRC Community in the world.  And, engaging with your peers at events such as RSA Charge provides an incredible learning opportunity.

There is a wealth of information out there to help you begin your Archer journey.   But with so much information at your fingertips it can be overwhelming to know where to begin.

The RSA Team is dedicated to helping you take charge and power your path to Archer success.  On October 25th, we are introducing the RSA Archer Navigator to simplify the process of finding information on RSA Link.   You can identify learning assets by your role and level of expertise with links to take you directly to the information you need. And you’ll find details like the duration of various assets and the associated Continuing Professional Education (CPE) units that can be earned by leveraging these learning tools. 

RSA is committed to continually adding valuable content and enhancing the Archer Navigator tool so that your RSA Archer journey continues to be a smooth ride!

If you are attending RSA Charge, come to Room 225 to see a demo!

        • Wednesday, Oct. 26:    11:15 - 12:00 Noon
        • Wednesday, Oct. 26:      3:45 - 4:30 pm
        • Thursday, Oct. 27:        11:15 - 12:00 Noon

If you are unable to attend RSA Charge, look for the Archer Navigator banner on the Archer GRC Community for access to the Tool. 

Marshall Toburen

Ready to Be Sued?

Posted by Marshall Toburen Employee Oct 7, 2016



If you are a financial services company (bank, insurance company, asset manager) of reasonable size doing business in New York, this blog’s for you! Yesterday, I attended a meeting regarding the proposed New York State Cybersecurity Requirements For Financial Services Companies  In this meeting, Counsel from the Robinson+Cole - Cybersecurity and Privacy Practice woke me up to the breadth and significance of this regulation. By June 30, 2017, all financial services companies doing business in NY State have to be in compliance with this regulation and in 2018 must begin annually submitting the following signed certification to the NY State Department of Financial Services:


Here is the abbreviated list of what you are going to need to do (please read the regulation for the complete, unabbreviated list):

• Within 5 years of enactment, have your data at rest encrypted
• Within 1 year of enactment, have data in transit encrypted
• Have the ability to reconstruct all financial and accounting records for at least six years should a cyber security event occur
• Designate a qualified Chief Information Security Officer (CISO) with responsibility for compliance with this regulation
• Employ sufficient cybersecurity personnel to manage risks and perform core cybersecurity functions, providing on-going training to these personnel to keep their skills up to date.
• Have multifactor authentication in place around internal systems and external networks
• Have a litany of policies and procedures in place around electronic and physical security, risk assessment, training, third parties, incident response, business continuity, and data destruction
• At least bi-annual reporting to your board of directors regarding the confidentiality, integrity, and availability of your organization’s information systems, policies and procedures, cyber risks, effectiveness of the cybersecurity program, exceptions to policies and procedures, and cyber security events that have occurred.

For the 1,900 or so organizations impacted by this regulation, you will find these requirements to be more proscriptive than the EU General Data Protection Regulation, Gramm-Leach Bliley Act, and Payment Card Industry rules. However, there is a substantial amount of overlap between these regulations. Organizations that have been effective in addressing these other rules and regulations using RSA Archer should be well on their way to demonstrating compliance with this NY State regulation and minimizing the risk of litigation from non-compliance.

With only a couple of weeks left before the largest gathering of GRC and Security professionals in the world happens in New Orleans Oct. 25-27, 'Throwback Thursday' is making a comeback.


Register by Oct. 10 using code: 8C6TBTSOCIAL to save on the RSA Charge 2016 microsite



We know that there is an enormous amount of content on the Archer Customer/Partner Community, 3800+ pieces to be exact, and it grows every single day. Now add the 40 RSA University training courses, and it can be a daunting task figuring out what is relevant content based on your role within your organization, and your level of Archer experience.


We knew we had to do something to make you successful with Archer training and implementation. You’ve told us so much; and we listened, and acted.


We are pleased to announce that on October 25, at RSA Charge 2016, and also on the Archer GRC Community, we will be launching the new Archer NAVIGATOR Tool.


This NAVIGATOR Tool is the FIRST step in an ongoing 3-step campaign to make it easier for Archer customers like you to find relevant training and documentation, plus helpful support content, based on your role within your organization – Archer Admin, Archer Tech Admin, Business User, or End User, and your knowledge level of Archer - from Getting Started (1-2 years), to Expanding (3-4 years) to Advanced (5 years+). 


Phase 2 will start right after Charge, and Phase 3 of the NAVIGATOR Tool will launch in Q1 2017.

There is a dedicated team of Archer employees, across different business units to help you take charge and power your way to Archer success. The team is focused on building upon each Phase of the NAVIGATOR Tool to make a significant improvement over the prior version. And, we will count on your feedback to help us reach this goal. Our endgame at the conclusion of Phase 3 will be to deliver you an automated solution to manage our informational assets, helping you be an Archer success.


Over the next several weeks, leading up to Charge 2016, you will see blogs from Kathy Coe, Education Services/RSA University; Anya Kricsfeld, Technical Support; Megan Olvera, Education Services/RSA University; Meg O’Neil, Engineering; Susan Read-Miller, Product Marketing; Amy Robertson, Solutions; Denise Sposato, Product Marketing/Communities; and Elizabeth Wenzel, Technical Publications.


If you are attending RSA Charge 2016, there will be 3 lab sessions in Room 225 that you can register to attend on the RSA Charge 2016 microsite, or just drop by. If you haven’t registered yet for RSA Charge 2016, do so today, or visit the RSA Charge microsite for full details.

  • Wednesday, Oct. 26:    11:15 - 12:00 Noon
  • Wednesday, Oct. 26:      3:45 - 4:30 pm
  • Thursday, Oct. 27:        11:15 - 12:00 Noon 


We are very excited to launch Phase 1 of the Archer NAVIGATOR Tool on October 25 – hope to see you at RSA Charge in New Orleans, or on the Archer GRC Community.


Take Charge! Power Your Path to Archer Success! 

Filter Blog

By date: By tag: