RSA Archer Risk Intelligence

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "RSA Archer Risk Intelligence"

Transcription

1 RSA Archer Risk Intelligence Harnessing Risk to Exploit Opportunity June 4, 2014 Steve Schlarman GRC Strategist 1

2 Risk and Compliance Where is it today? 2

3 Governance, Risk, & Compliance Today 3

4 4 A New Risk World Global, Technology and Organizational factors have created significant risk landscapes for organizations. We must focus on building sustainable risk programs to address the rate and velocity of risk to navigate the risk landscape.

5 5 A New Compliance World Compliance can become a barrier to success or a competitive advantage. The path is decided by how well compliance processes are positioned for the future. Since new major regulations enacted $70 billion in costs In ,605 new rules 69 classified as major >$100 Million annual impact Source: Heritage Foundation In new rules enacted just by the EPA We must focus on priority, the flow of incoming regulatory obligations and automation to turn compliance into a competitive advantage.

6 Opportunity and Risk 6

7 Schrödinger s Cat 7

8 Globalization Risk or Opportunity? Big Data Regulatory Change Cloud Computing Risk AND Opportunity Mobile 8

9 The Opportunity Landscape What you are good at What your market wants Passion Opportunity What you want to do 9

10 The Compliance Burden Compliance Activities $216B 87M hours What you have to do Risks 83% 20% Got it Must covered? Haves Risk Maturity -11% +37% What you are What your good at market wants Passion Opportunity What you want to do Fuels growth but no time to execute 10

11 Risk Intelligence Compliance Activities $216B 87M hours Risks 83% 20% Risk Maturity -11% +37% What you are good at Got it covered? What you have to do Must Haves What your market wants Transform Compliance Passion Opportunity Harness risks Exploit Opportunity What you want to do Fuels growth but no time to execute 11

12 Change the Game Automate compliance, reallocate resources/budget to manage risk, and proactively exploit opportunity Governance Risk Proactive Compliance Reactive Today s GRC Focus Risk Intelligence 12

13 Risk Intelligence Harness risk for to exploit opportunities for competitive advantage through better visibility, enhanced analysis, and improved metrics to drive intelligent, stream-lined actions; enabling the business to move quickly and predictably. 13

14 Intelligence Driven GRC Intelligence driven actions gives you priority, results and progress. Visibility Analysis Visibility + Analysis = Priority Priority + Action = Results Action Metrics Results + Metrics = Progress 14

15 Harnessing Risks Core to Business; Vital to Success Market Table Stakes; Vital for Growth Reputation Ethics Safety Security Resiliency Everything else Safety Net What you are good at 4 Got it covered What you have to do 3 1 Must Haves 2 What you want to do Opportunity The HIGH RISK Wedge What your market wants 15

16 Exploiting Opportunity Obligated Differentiators: Build and support the Business Case Elective Differentiators: Freed up resources to build on core competencies Risk Frontier Obligated Differentiators The HIGH RISK Wedge Improvement Wedge: Streamline processes, free up resources, encourage and enable continuous improvement High Risk Wedge Drive through the Risk Frontier ( Must haves adjacent to what you are good at) with Quick Wins and steady progress Opportunity Landscape Protect the Innovation Frontier (Opportunities adjacent to what you are good at) through reduction of risk in new products, services and market initiatives What you are good at Elective Differentiators Improvement Wedge Innovation Frontier 16

17 The Journey Moving Towards Risk Intelligence 17

18 Building Risk Intelligence CISO CIO Board LOB Executives Business Operations Managers IT Business Security threats IT disruptions Poor misaligned IT practices Risk Intelligence Risks inherited from outside providers Harmful operational events Operational compliance failures Unknown, unidentified risks Significant business crises RSA Archer Regulatory violations and fines Business disruptions Poor misaligned business practices Poor internal controls and governance 18

19 Building Risk Intelligence Manage the lifecycle of 3 rd party relationships Independently review & assure management actions Poor internal controls and governance Inherited risks from external parties Security Threats Identify, assess & track emerging & operational risks Unknown, unidentified risks Poor misaligned business & IT practices Establish business policies & standards Operational compliance failures Regulatory violations & failures Business disruptions Establish IT policies & standards Implement and Monitor Controls Identify & meet regulatory obligations Identify & resolve security deficiencies Detect & respond to attacks Significant business crises Manage crisis & communications Harmful incidents & events Catalog & resolve operational incidents IT Disruptions Prepare for & recover from IT outages Identify & prepare business resumption strategies 19

20 Building Risk Intelligence Manage the lifecycle of 3 rd party relationships Independently review & assure management actions Identify & resolve security deficiencies Detect & respond to attacks Audit Third Party IT Security Risk Identify, assess & track emerging & operational risks Manage crisis & communications Operational Risk Business Resiliency Catalog & resolve operational incidents Establish business policies & standards Regulatory & Corporate Compliance Prepare for & recover from IT outages Establish IT policies & standards Implement and Monitor Controls Identify & meet regulatory obligations Identify & prepare business resumption strategies 20

21 Drivers Market Conduct Foreign Corrupt Practices Act (FCPA) Conflict Minerals Stakeholders Evaluation Audit Third Party Model Risk Legal Matters Operational Risk Privacy Program Code of Federal Regulations Regulatory & Corporate Compliance Regulatory Change Unified Compliance Framework Environmental Health & Safety Anti-Money Laundering ISMS Foundation Access Risk RedSeal Networks IT Security Risk Veracode Security Review Key & Certificate McAfee Vulnerability Manager Skybox Security Risk Control Business Resiliency Advanced Reporting & Governance for Authentication Manager PCI Compliance Qualys Guard WhiteHat Security Sentinel CloudPassage Rapid7 Nexpose 21

22 Persona-centric Manage the lifecycle of 3 rd party relationships Independently review & assure management actions Inherited risks from external parties Identify & resolve security deficiencies Detect & respond to attacks Audit Poor internal controls and governance Third Party IT Security Risk Threats Identify, assess & track emerging & operational risks Unknown, unidentified risks Significant business crises Manage crisis & communications Operational Risk Chief Risk Officer Harmful incidents & events Poor misaligned business & IT practices Business Resiliency Catalog & resolve operational incidents Establish business policies & standards Regulatory & Operational compliance Corporate failures Compliance Regulatory violations & failures Business disruptions IT Disruptions Prepare for & recover from IT outages Establish IT policies & standards Implement and Monitor Controls Identify & meet regulatory obligations Identify & prepare business resumption strategies 22

23 Issue-centric Manage the lifecycle of 3 rd party relationships Independently review & assure management actions Poor internal controls and governance Third Party Inherited risks from external parties Identify & resolve security deficiencies Detect & respond to attacks Audit IT Security Risk Threats Identify, assess & track emerging & operational risks Unknown, unidentified risks Significant business crises Manage crisis & communications Operational Risk Supply Chain Resiliency Harmful incidents & events Poor misaligned business & IT practices Business Resiliency Catalog & resolve operational incidents Establish business policies & standards Regulatory & Operational compliance Corporate failures Compliance Regulatory violations & failures Business disruptions IT Disruptions Prepare for & recover from IT outages Establish IT policies & standards Implement and Monitor Controls Identify & meet regulatory obligations Identify & prepare business resumption strategies 23

24 Benefits of a Risk Intelligence Approach Better, more predictable decision-making Greater business opportunity Comprehensive Business Context Prioritized Decisions Based on Impact Predictable Outcomes Embrace Known Risks to Exploit Opportunity Transition from Defense to Offense Better business performance Improved Allocation of Resources/Budget Align Risk Objectives to Business Grow Opportunities 24

25 Planning Your Journey Siloed compliance focus, disconnected risk, basic reporting Managed automated compliance, expanded risk focus, improved analysis/metrics Advantaged fully risk aware, exploit opportunity Reduce compliance cost Compliance Manage Gain resource known & & unknown risk visibility risks Risk Identify new business opportunities Opportunity 25

26 Siloed The CEO & CISO ride the elevator We rolled out the last Microsoft security patches in less than 30 days, we shut down 50 virus infections and we passed our quarterly vulnerability scan for PCI. Soooo.that s all good stuff. So how s security these days? 26

27 Managed The CEO & CISO ride the elevator We did an end to end review of customer record processing, found a few issues but resolved them. We also rolled out some special controls to support Project Barracuda which I know is one of your key objectives. So how s security these days? 27

28 Advantaged The CEO & CISO ride the elevator I have a great idea on how to give customers secure access to their information that will blow the socks off our competition. Let s talk about it over lunch. So how s security these days? 28

29 Enterprise Risk ERM & ORM Trends 29

30 30 Market Observations & Trends - ERM The level of maturity of ERM programs varies greatly by industry and by company within the same industry Agreement on taxonomy, framework, and approach remains a challenge Getting all silos / stakeholders on-board and working together is never ending process Regulated companies are under increasing pressure to demonstrate risk management capabilities

31 31 The Perfect World Liquidity Risk Operational Risk Market Risk Credit Risk Strategic Risk ORM Dashboard IT Risk ORM Risk Area #2 ORM Risk Area #3 ORM Risk Area #4 ORM Risk Area #5 ORM Risk Area #6 Third Party Risk Resiliency Service Levels Security IT Operations IT Compliance IT Risk Dashboard Network Security Application Security Physical Threat Intelligence Security Incidents Vulnerability IT Security Risk Dashboard

32 32 The Drive for Sophistication Desire to better anticipate and predict risk Historical event analysis alone not adequate future predictor What-if scenario analysis and black swan identification Growing use of metrics (breadth, collection speed, & governance) Identification of leading causal indicators Data trending (metrics, meta-data, unstructured data) Capturing changes in risk profile on on-going basis More sophisticated risk assessment Use of quantitative and qualitative risk assessment Advanced analytics

33 33 Key Archer Capabilities Questionnaires Target asset types and identify common risks across assets Risk Register Catalog risks and track inherent/residual risks KRIs and Metrics Issues and Control Compliance Calculated Residual Risk Loss Events and Incidents Rollups and Reporting Risk Specific Monitoring Security Operations Vulnerability Risk Resiliency Risk Compliance Risk Third Party Risk

34 34 RSA Archer and ISO:31000 Enterprise Dashboards and Reports Workflow and Notifications KRIs/Metrics Loss Events Questionnaires Risk Register Controls and Issues

35 Introduction to RSA Archer 35

36 36 RSA GRC Reference Architecture

37 RSA Archer Ecosystem Partners 50+ Partners Technology Advisory Service Solutions 100+ Use Cases Content & Reports Workflows Expert Services RSA Archer GRC Foundation Community Online Summit Executive Forums Solution Exchange Platform Data Exchange Business Fundamentals Business Logic 37

38 RSA Archer Foundation All key components required to lay a strong foundation for your enterprise wide GRC program Business Process Business Objectives Products & Services Facilities & Locations IT Infrastructure Applications Information Assets Organizational Hierarchy Organizational Units & Departments Visualization Branding Workflow GRC Foundation Central Repository Roles/Responsibilities Calculations Search & Reporting Questionnaires Mobile Access Core Modules Consolidated Data System Auditing Data Role Based Access Common Taxonomies Data Import Integration APIs Data Mapping Pre-built Data Connectors Multiple Transport Modes Scheduled Data Feeds Data Publication Business Context Solution Configuration Common Data Model Data Integration 38

39 RSA Archer Solutions Use Case Specific Solutions Environmental Health & Safety PCI Code of Federal Regulations Stakeholder Evaluations ISMS Anti-Money Laundering Regulatory Change Mgmt UCF Key & Certificate Mgmt Policy Incident Security Operations Core Modules Risk Vendor Vulnerability Risk Compliance Audit Business Continuity RSA Archer GRC Foundation 39

40 RSA Archer Solutions Manage the lifecycle of 3 rd party relationships Independently review & assure management actions Identify & resolve security deficiencies Detect & respond to attacks Audit Third Party IT Security Risk Identify, assess & track emerging & operational risks Manage crisis & communications Operational Risk Business Resiliency Catalog & resolve operational incidents Establish business policies & standards Regulatory & Corporate Compliance Prepare for & recover from IT outages Establish IT policies & standards Implement and Monitor Controls Identify & meet regulatory obligations Identify & prepare business resumption strategies 40

41 Extending Solutions Market Conduct Foreign Corrupt Practices Act (FCPA) Conflict Minerals Stakeholders Evaluation Audit Third Party Model Risk Legal Matters Operational Risk Privacy Program Code of Federal Regulations Regulatory & Corporate Compliance Regulatory Change Unified Compliance Framework Environmental Health & Safety Anti-Money Laundering ISMS Foundation Access Risk RedSeal Networks IT Security Risk Veracode Security Review Key & Certificate McAfee Vulnerability Manager Skybox Security Risk Control Business Resiliency Advanced Reporting & Governance for Authentication Manager PCI Compliance Qualys Guard WhiteHat Security Sentinel CloudPassage Rapid7 Nexpose 41

42 RSA Archer Partner Ecosystem 50 + Partners for data transfer, content and services 42

43 RSA Archer Community GRC Summit Online Community Exchange 120+ sessions Annual event since ,000+ Archer members Interactive online community Access to GRC content Certified new apps 800+ GRC practitioners F2F access to product experts Access to expert content Ideas, requests and more Plug-ins and integrations Services, ideas and more Roadshows Peer best practice sessions Peer to peer networking Available at a city near you Annual event since 2007 Customer Advocacy Working Groups Executive Forum Key Finding Reports Birds-of-a-feather groups Periodic meet ups Customer Advisory Council Influence product roadmap Facilitated by Archer and / or interested customers 43

44 Critical Criteria TCO Time to Value Ecosystem Automation of tasks Code-free configuration Flexible deployment Out-of-the-box functionality Start small grow fast Mature service offering Technology partners Solution libraries Customer advocacy Communities 44

45 Industry Leadership Leader in egrc MQ for 2013 Leader in BCM MQ for 2013 Leader in IT GRC MS for 2013 Leader in Forrester GRC Wave Quoted as the most mature offering in many occasions customers 43 + countries 50 Fortune 100 companies 25 + industries 45

46

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business

More information

Metrics that Matter Security Risk Analytics

Metrics that Matter Security Risk Analytics Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

IT Security Risk Management

IT Security Risk Management IT Security Risk Adding Insight to Security Gennaro Scalo April 2, 2014 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity Data Breaches Damage

More information

How RSA has helped EMC to secure its Virtual Infrastructure

How RSA has helped EMC to secure its Virtual Infrastructure How RSA has helped EMC to secure its Virtual Infrastructure A new solution, the RSA solution for Cloud Security and Compliance, has been developed and is now available to all of our customers. Luciano

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet

More information

FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER

FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER As a board-level discussion topic at all financial institutions (FI) today, operational risk is real and public disclosure of significant

More information

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user

More information

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS

More information

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

IT Risk Management Life Cycle and enabling it with GRC Technology

IT Risk Management Life Cycle and enabling it with GRC Technology IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?

More information

Accenture Cyber Security Transformation. October 2015

Accenture Cyber Security Transformation. October 2015 Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting

More information

Changing the Enterprise Security Landscape

Changing the Enterprise Security Landscape Changing the Enterprise Security Landscape Petr Hněvkovský Presales Consultant, ArcSight EMEA HP Enterprise Security Products 2012 Hewlett-Packard Development Company, L.P. The information contained herein

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

Rethinking Your Finance Functions

Rethinking Your Finance Functions Rethinking Your Finance Functions Budgeting, Planning & Technology BDO Canada Daniel Caringi ( dcaringi@bdo.ca ) September 25th, 2014 A journey of a thousand miles must begin with a single step. - Lao

More information

Risk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance.

Risk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance. Risk Calculation and Predictive Analytics: Optimizing Governance, Risk and Compliance. Prevari makes organizations safer by providing instrumentation for managing risks to information. Prevari solutions

More information

ISE Northeast Executive Forum and Awards

ISE Northeast Executive Forum and Awards ISE Northeast Executive Forum and Awards October 3, 2013 Company Name: Project Name: Presenter: Presenter Title: University of Massachusetts Embracing a Security First Approach Larry Wilson Chief Information

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

SECURITY RISK MANAGEMENT. FIRST 2007 Seville, Spain

SECURITY RISK MANAGEMENT. FIRST 2007 Seville, Spain SECURITY RISK MANAGEMENT FROM TECHNOLOGY VISION TO MARKET REALITY Avi Corfas, VP EMEA Skybox Security FIRST 2007 Seville, Spain Topics The Risk Assessment Challenge What Is IT Security Risk Management?

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and

More information

Business Data Authority: A data organization for strategic advantage

Business Data Authority: A data organization for strategic advantage Business Data Authority: A data organization for strategic advantage Collibra Data Governance Software Company Reference Customers Business Data Growth and Challenge TREND Exploding volume, velocity and

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Beyond risk identification Evolving provider ERM programs

Beyond risk identification Evolving provider ERM programs Beyond risk identification Evolving provider ERM programs March 2016 At a glance PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many

More information

The Evolution of Application Monitoring

The Evolution of Application Monitoring The Evolution of Application Monitoring Narayan Makaram, CISSP, Director, Solutions Marketing, HP Enterprise Security Business Unit, May 18 th, 2012 Rise of the cyber threat Enterprises and Governments

More information

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25

More information

RSA Identity Management & Governance (Aveksa)

RSA Identity Management & Governance (Aveksa) RSA Identity Management & Governance (Aveksa) 1 RSA IAM Enabling trusted interactions between identities and information Access Platform Authentication Federation/SSO Employees/Partners/Customers Identity

More information

RSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief

RSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief RSA SECURITY MANAGEMENT An Integrated approach to risk, operations and incident management Solution Brief THE PROBLEM WITH TACTICAL SECURITY MANAGEMENT What are your organization s most pressing IT security

More information

International Diploma in Risk Management Syllabus

International Diploma in Risk Management Syllabus International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Enterprise Security Governance, Risk and Compliance System. Category: Enterprise IT Management Initiatives. Initiation date: June 15, 2013

Enterprise Security Governance, Risk and Compliance System. Category: Enterprise IT Management Initiatives. Initiation date: June 15, 2013 Enterprise Security Governance, Risk and Compliance System Category: Enterprise IT Management Initiatives Initiation date: June 15, 2013 Completion date: November 15, 2013 Nomination submitted by: Samuel

More information

API Management: Powered by SOA Software Dedicated Cloud

API Management: Powered by SOA Software Dedicated Cloud Software Dedicated Cloud The Challenge Smartphones, mobility and the IoT are changing the way users consume digital information. They re changing the expectations and experience of customers interacting

More information

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Mike O Neill Managing Director Graeme McGowan Associate Director of Cyber Security

More information

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management Prevent cyber attacks. SEE what you are missing. See Your Network MAPS. Prevent cyber attacks. [RedSeal] is meeting our expectations and is playing an integral role as it feeds right into our overall risk

More information

The Core of V3 Service Strategy

The Core of V3 Service Strategy Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich

More information

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Communications Company One Company s Supply Chain Transformation Journey INTERVIEWS Senior Manager Supply Chain Operations Strategy Manager Procurement

More information

Security Services. 30 years of experience in IT business

Security Services. 30 years of experience in IT business Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3

More information

GRC Program Best Practices & Lessons Learned

GRC Program Best Practices & Lessons Learned GRC Program Best Practices & Lessons Learned Steps to Establishing and Maturing a GRC program Carl Sawicki, American Express Kathleen Randall, RSA Archer 1 Abstract In today s world, few organization s

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

Dynamic Service Desk. Unified IT Management. Solution Overview

Dynamic Service Desk. Unified IT Management. Solution Overview I T S E R V I C E + I T A S S E T M A N A G E M E N T INFRASTRUCTURE MANAGEMENT Dynamic Service Desk Unified IT Management Achieving business and IT alignment requires having insight into hardware and

More information

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management Prevent cyber attacks. SEE what you are missing. See Your Network MAP. Prevent Cyber Attacks. Driven by the need to support evolving business objectives, enterprise IT infrastructures have grown increasingly

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

State Governments at Risk: The Data Breach Reality

State Governments at Risk: The Data Breach Reality State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

Cybersecurity Strategic Consulting

Cybersecurity Strategic Consulting Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with

More information

Panel: SwA Practices - Getting to Effectiveness in Implementation

Panel: SwA Practices - Getting to Effectiveness in Implementation Panel: SwA Practices - Getting to Effectiveness in Implementation (EMC s Evolution of Product Security Assurance) Dan Reddy, CISSP, CSSLP EMC Product Security Office Software Assurance Forum Gaithersburg,

More information

IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE. Copyright 2012, SAS Institute Inc. All rights reserved.

IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE. Copyright 2012, SAS Institute Inc. All rights reserved. IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE ABOUT THE PRESENTER Marc has been with SAS for 10 years and leads the information management practice for canada. Marc s area of specialty

More information

Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw

Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw Andrzej Kleśnicki, CISM Technical Account Manager for Central Eastern Europe!! Qualys at a Glance Software-as-a-Service

More information

ORACLE HYPERION DATA RELATIONSHIP MANAGEMENT

ORACLE HYPERION DATA RELATIONSHIP MANAGEMENT Oracle Fusion editions of Oracle's Hyperion performance management products are currently available only on Microsoft Windows server platforms. The following is intended to outline our general product

More information

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

Improving Network Security Change Management Using RedSeal

Improving Network Security Change Management Using RedSeal SOLUTION BRIEF Mapping the Impact of Change on Today s Network Security Infrastructure Improving Network Security Change Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom

More information

EMC HYBRID CLOUD FOR SAP

EMC HYBRID CLOUD FOR SAP White Paper EMC HYBRID CLOUD FOR SAP Centralize compliance information into a single repository Automate application control verification Integrate RSA Archer with SAP EMC Solutions Abstract This White

More information

Bringing A New Operational Discipline to Network Security

Bringing A New Operational Discipline to Network Security Bringing A New Operational Discipline to Network Security Transforming today s labor-intensive efforts of guesswork into predictable, automated, risk-driven business processes. Christofer L. Hoff Chief

More information

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance

More information

Project Management through

Project Management through Project Management through Unified Project and Portfolio Fluent User Interface Management Built on SharePoint Server 2010 Time Reporting Enhancements Project Initiation & Business Case Exchange Server

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

MassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management

MassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management MassMutual Cyber Security University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management Position Title: Threat Intelligence Intern Job Location: Boston, MA Timeframe:

More information

ARIS 9ARIS 9.6 map and Future Directions Die nächste Generation des Geschäftsprozessmanagements

ARIS 9ARIS 9.6 map and Future Directions Die nächste Generation des Geschäftsprozessmanagements ARIS 9ARIS 9.6 map and Future Directions Die nächste Generation des Geschäftsprozessmanagements Dr. Katrina Simon ARIS Product Management 2014 Software AG. All rights reserved. ARIS @ Software AG 2M END

More information

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent

More information

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education RSA Archer Training Governance, Risk and Compliance Managing enterprise-wide governance, risk and compliance through training and education www.emc.com/rsa-training 1 RSA Archer Training Table of Contents

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

SNOW SOFTWARE. Fredrik Spolén Country Manager Sales Director. Norway Denmark Finland

SNOW SOFTWARE. Fredrik Spolén Country Manager Sales Director. Norway Denmark Finland SNOW SOFTWARE Fredrik Spolén Country Manager Sales Director Norway Denmark Finland AGENDA FOR TODAY Introduction to SAM and Snow 4 th Generation SAM Snow SAM Platform Questions and Answers LACK OF SAM

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation RSA Via Lifecycle and Governance 101 Getting Started with a Solid Foundation Early Identity and Access Management Early IAM was all about Provisioning IT tools to solve an IT productivity problem Meet

More information

RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures

More information

Security Trends. The Case for Intelligence-Driven Security. Copyright 2013 EMC Corporation. All rights reserved.

Security Trends. The Case for Intelligence-Driven Security. Copyright 2013 EMC Corporation. All rights reserved. Security Trends The Case for Intelligence-Driven Security 1 Attack Surface and Threat Environment ¼ ZETTABYTE 2 40-60? ZETTABYTES ZETTABYTES 2007 2013 2020 Digital Content 2 Attack Surface and Threat Environment

More information

Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business

Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business The move from internal premises-based apps to the cloud is transforming the way organizations work and how they

More information

Improving Financial Advisor Productivity through Automation

Improving Financial Advisor Productivity through Automation Wealth Managment the way we see it Improving Financial Advisor Productivity through Automation How wealth management firms are embracing change by developing next generation advisor platforms Contents

More information

Bringing Continuous Security to the Global Enterprise

Bringing Continuous Security to the Global Enterprise Bringing Continuous to the Global Enterprise Asset Discovery Network Web App Compliance Monitoring Threat Protection The Most Advanced Platform 3+ Billion IP Scans/Audits a Year 1+ Trillion Events The

More information

My Experience. Serve Users in a Way that Serves the Business.

My Experience. Serve Users in a Way that Serves the Business. Infrastructure Services the way we do it My Experience Serve Users in a Way that Serves the Business. A Smarter Strategy for Empowering Users IT has entered a new era, and CIOs need to perform a delicate

More information

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

Attack Intelligence: Why It Matters

Attack Intelligence: Why It Matters Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization 1/22 As a part of Qlik Consulting, works with Customers to assist in shaping strategic elements related to analytics to ensure adoption and success throughout their analytics journey. Qlik Advisory 2/22

More information

Enterprise Data Management

Enterprise Data Management Enterprise Data Management - The Why/How/Who - The business leader s role in data management Maria Villar, Managing Partner Business Data Leadership Introduction Good Data is necessary for all business

More information

RSA Identity and Access Management 2014

RSA Identity and Access Management 2014 RSA Identity and Access Management 2014 1 Agenda Today s Enterprises and IAM Customer Challenges IAM Requirements RSA IAM Our Competitive Advantage Leading The Pack RSA Views on Identity Management and

More information

Information Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC

Information Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC Information Risk Management Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC Agenda Data Breaches Required Capabilities of preventing Data Loss Information

More information

FireScope + ServiceNow: CMDB Integration Use Cases

FireScope + ServiceNow: CMDB Integration Use Cases FireScope + ServiceNow: CMDB Integration Use Cases While virtualization, cloud technologies and automation have slashed the time it takes to plan and implement new IT services, enterprises are still struggling

More information

Trusted Geolocation in The Cloud Technical Demonstration

Trusted Geolocation in The Cloud Technical Demonstration Trusted Geolocation in The Cloud Technical Demonstration NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation Trusted Geolocation in the Cloud Business Business

More information

CONSULTING IMAGE PLACEHOLDER

CONSULTING IMAGE PLACEHOLDER CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization

More information