Skip navigation
All Places > Products > RSA Archer Suite > Blog > 2020 > February
2020

Designing the right processes, organization, and templates during the initial set-up of an Information Security Management System (ISMS) are challenges many organizations face. Rolling out an ISMS in a large organization is a completely different story: aspects like automating frequent manual steps, usability, easy reporting or access permissions to sensitive information become crucial for the ISMS’ success.

 

The NTT ISMS Control Assessment app-pack was introduced as part of the RSA Exchange Release R11 to enable organizations to achieve a streamlined classification and control assessment methodology when implementing and operating their ISMS. This app-pack allows organizations to leverage the first two steps in a flexible three step approach for the implementation and roll-out of an ISMS that has been successful among many of NTT’s clients. The methodology is derived from ISO 27005 and NIST Special Publication 800-30, as well as NTT’s many years of consulting experience assisting clients with their ISMS implementation process.The three steps of the methodology include:

 

  1. Classification
    Use a built-in questionnaire or derive classification from assets, such as business processes or information assets, when master data applications are integrated.

    RSA Archer Classification Step for NTT ISMS Control Assessment App-Pack

  2. Control Assessment
    Results from previous cycles are pre-filled and controls automatically selected based on three filter stages to ensure there are only controls for relevant assets in the assessment. This reduces the effort needed for assessment in the process.


    RSA Archer Control Assessment Step for NTT ISMS Control Assessment App-Pack

  3. Risk Assessment
    Threat events are automatically selected, results from previous cycles are pre-filled, and risks automatically calculated based on the results from the Classification and Control Assessment steps to derive a well-founded prioritization of measures.

    RSA Archer Risk Assessment Step for NTT ISMS Control Assessment App-Pack

 

NTT has developed two app-packs to provide RSA Archer customers with this methodology, including:

  • NTT ISMS Control Assessment app-pack
    • Includes the Classification and Control Assessment steps.
    • Prerequisite for the NTT ISMS Risk Assessment app-pack and currently available on the RSA Exchange.

  • NTT ISMS Risk Assessment app-pack
    • Includes the Risk Assessment step.
    • Currently in development and is a planned offering for a future RSA Exchange release.

 

With the NTT ISMS Control Assessment app-pack, RSA Archer customers can:

  • Evaluate the maximum impact resulting from a breach of a security objective (confidentiality, integrity, availability) based on a questionnaire or by inheriting from one or multiple assets
  • Assess compliance with relevant controls (filtered by asset category, classification and zone)
  • Define and track remediation plans
  • Assess assets with a streamlined process as part of the organization’s ISMS
  • Gain insight into compliance violations of internal or external policies
  • Improve overall compliance and security
  • Track measures using RSA Archer Issues Management

The NTT ISMS Control Assessment app-pack includes several useful features, including:

  • Workflow process graphics
  • Tooltips to efficiently provide all the necessary information to the user
  • Multi-language user interface, including content like controls and threat events
  • Automatically saved inline edit grids

 

Interested in learning more about the NTT ISMS Control Assessment app-pack? 
Register and join us for a Free Friday Tech Huddle on Friday, February 28, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

About the author(s):


Lars Rudolff
Lead Consultant, GRC Tools - NTT Ltd. 

Lars Rudolff works for NTT Ltd. as lead consultant for GRC Tools. Mr. Rudolff is responsible for the technical and strategic orientation of the GRC Implementation practice. He has experience in the area of GRC tools in general since 2005 and with RSA Archer since 2011. He has led implementation projects for many customers including the introduction of one of the largest RSA Archer environments in Europe at a German car manufacturer.

In addition, Mr. Rudolff accompanies the NTT’s Operations team for RSA Archer, which provides operational services for existing RSA Archer customers. This includes, among other things, 2nd and 3rd level support activities as well as maintenance services such as system upgrades or minor modifications of an existing implementation. He is also responsible for developing monitoring and automation tools for the RSA Archer platform.

 

Gloria Higley

Product Manager - RSA 

Gloria is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, the RSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, and Tools & Utilities that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

The adoption of Internet of Things (IoT) is transforming the way companies do business. With IoT, organizations can gather an abundance of data for analytics to improve their product offerings. A simple case would be the addition of IoT to automobiles to improve safety for consumers. Not only can businesses use IoT to improve their product offerings, they can use IoT to improve business operations, to gather data from manufacturing machines and equipment in order to identify areas to improve productivity. With increased usage of IoT, data privacy and security are among the top concerns. Once devices are connected to the Internet, they become vulnerable to possible attacks which increase the risk for the organization. 

 

The first step is understanding the impacts of implementing IoT within your organization. 

 

In RSA Exchange Release R11, we've introduced the RSA Archer IoT Project Readiness app-pack. This is our first IoT offering which helps you track IoT projects within your organization and provides visibility into all IoT projects and how they impact your organization. With this app-pack, you can document the IoT project, identify the risks prior to implementation and ensure a plan is in place to address the risks so that your IoT projects are ready to implement. 

  

RSA Archer IoT Project Readiness allows you to:

  • Gain visibility into all IoT projects by documenting and tracking IoT projects within your organization
  • Minimize impacts of IoT projects to your organization by identifying project risks and monitoring project status and remediation plans
  • Proactively address risks by developing mitigation strategies prior to implementation

 

Interested in learning more about the RSA Archer IoT Project Readiness app-pack? Join us for a Free Friday Tech Huddle on Friday, Feb. 28 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

 

RSA Archer IoT Project Readiness

IoT Project Owner Dashboard

 

 

RSA Archer IoT Project Readiness

IoT Project Approver Dashboard

With today's launch of RSA Exchange Release R11, we're excited to share new offerings to enable you to expand your IT & Security Risk Management processes. It's important to have a complete picture of technology and security-related risks in order to make decisions. What's more, the alignment of security policies and regulatory and business requirements is critical for success.

 

One of our new offerings, the RSA Archer IoT Project Readiness app-pack, enables organizations to prioritize their IoT projects around business goals and needs.  Our partner, NTT, has created the NTT ISMS Controls Assessment app-pack to help with the challenges that organizations face when setting up an Information Security Management System (ISMS).

 

We're excited about our partner integrations like the AWS IAM Access Analyzer which will provide a consolidated view of unauthorized access findings from multiple AWS accounts, prioritize and take action on critical devices, save time analyzing resource policies for public or cross-account accessibility, and continuously monitor and refine permissions. Our new Cysiv Command Integration provides an ongoing management of incidents and security posture using RSA Archer, while allowing Cysiv to provide SOC-as-a-service and SIEM-as-a-service. The Panaseer integration computes metrics that measure control deployment and control performance. Our Rapid7 Nexpose integration enables organizations to catalog network devices discovered on the network. Finally, the ThreatWatch integration enables organization to access near real-time vulnerability intelligence along with continuous impact assessment of organizational assets.

 

We're also introducing a wide range of content that provides best-practice policies, control standards, legal and regulatory requirements, industry standards, and assessments such as the CCPA Regulation that was passed in June 2018 and went into effect on January 2020.

 

To learn more about each of these new and updated offerings, start by reviewing the Product Advisory. Also, please join me on Friday, February 21 for a Free Friday Tech Huddle for an overview of the RSA Exchange Release R11 offerings.

 

And last, but not least, there is a wealth of documentation, downloads, and more on the RSA Exchange on RSA Link.  I recommend that you bookmark the listing of all RSA Exchange offerings. And if you have new ideas for the RSA Exchange, please submit them on RSA Ideas

Filter Blog

By date: By tag: