HOW RSA CAN HELP WITH DIGITAL TRANSFORMATION
•Descargar como PPTX, PDF•
0 recomendaciones•276 vistas
Christian Ramos - Sr. System Engineer, Brazil & SOLA RSA
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a HOW RSA CAN HELP WITH DIGITAL TRANSFORMATION
Similar a HOW RSA CAN HELP WITH DIGITAL TRANSFORMATION (20)
Más de Cristian Garcia G.
Más de Cristian Garcia G. (20)
Último
Último (20)
HOW RSA CAN HELP WITH DIGITAL TRANSFORMATION
- 1. 1 HOW RSA CAN HELP WITH DIGITAL TRANSFORMATION Addressing the narrative of digital transformation and associated digital risks Christian.Ramos@rsa.com Senior System Engineer – Bolivia & Peru
- 4. 4 NEGOCIO: TRANSFORMACIÓN DIGITAL DE TI ¿Qué es la Transformación Digital de TI?
- 5. 5 TRANSFORMACIÓN DIGITAL - SIMPLIFICADA Operaciones de producción Productos y servicios Operaciones de negocio TI NUEVOS MODELOS DE NEGOCIO Generar eficiencia en todas las operaciones Experiencia del cliente y resultados ProveedoresCuartas partes • Reducir costos; mejorar el margen • Data mining para nuevas ideas • Optimizar las cargas de trabajo en la nube • Apoyar las estrategias de trabajo en cualquier lugar. • Apelar a la fuerza laboral moderna en la “gig economy" • Trabajar sin problemas a través de fronteras • Optimizar la cadena de suministro. • Ampliar la red de suministro • Utilizar habilidades especiales. • Entregar nuevos productos y servicios • Abrir nuevos mercados.
- 6. 6 TRANSFORMACIÓN DIGITAL - SIMPLIFICADA Operaciones de producción Productos y servicios Operaciones de negocio TI NUEVOS MODELOS DE NEGOCIO Generar eficiencia en todas las operaciones Experiencia del cliente y resultados ProveedoresCuartas partes CUSTOMER CENTRIC Fortalecimiento del Front Office DATA POWERED Analítica intensiva ‘SKYNET’ Automatización extensiva XTRA FRUGAL Alta eficiencia / bajos costos OPEN and LIQUID Basado en un ecosistema * Digital Operating Models as identified by the World Economic Forum
- 7. 7 TRANSFORMACIÓN DIGITAL - SIMPLIFICADA Operaciones de producción Productos y servicios Operaciones de negocio TI NUEVOS MODELOS DE NEGOCIO Nuevas eficiencias en todas las operaciones Experiencia del cliente y resultados ProveedoresCuartas partes FUERZA DE TRABAJO NUBE CIBERSEGURIDAD CUMPLIMIENTO RESILIENCIA RIESGO DE TERCEROS AUTOMATIZACIÓN DE PROCESOS PRIVACIDAD DE DATOS
- 8. 8 TRANSFORMACION DIGITAL AUME NTO DE L RIESGO DIGITAL AUMENTO DE LA SUPERFICIE DE ATAQUE ATAQUES MÁS SOFISTICADOS AUMENTO DE LAS PRESIONES DE CLIENTES Y DE LA REGULACION AUMENTO DEL IMPACTO EN EL NEGOCIO DADO EL AUMENTO DE OPERACIONES DIGITALES
- 9. 9 GESTIONANDO EL RIESGO DIGITAL NUBE TERCERAS PARTES AUTOMATIZACIÓN DE PROCESOS CIBER ATAQUES FUERZA DE TRABAJO CUMPLIMIENTO PRIVACIDAD DE DATOS RESILIENCIA DEL NEGOCIO
- 10. 10 ESTRATÉGICO Nos gusta este nuevo producto SaaS. Cómo lo accederán nuestros empleados facilmente? Nuestro proceso está totalmente automatizado pero depende de tecnología para mantenerse 24 x 7. Este proceso necesita ser respaldado y funcionando en 24 horas. Estamos dependiendo de terceros? Quién tiene acceso a la información personal? Necesitamos auditar una nueva aplicación y proceso de negocio. Cómo definimos el alcance si no sabemos dónde están los datos y hacia dónde van? Tenemos un Sistema comprometido y se filtraron datos. Estamos en problemas con el regulador? ¿ESTAMOS LISTOS?
- 11. 11 LA NUBE CREA NUEVOS DESAFIOS crea brechas entre "islas de identidad" V I S I B I L I D A D L I M I TA D A eso es conveniente para cualquier aplicación en la nube desde cualquier dispositivo A C C E S O N O L I M I TA D O son fáciles de comprometer y reutilizar sin ser detectados C O N T R A S E Ñ A S 12345678 !
- 12. 12 PROTEJA SU FUTURO DIGITAL con un enfoque unificado para operaciones de seguridad avanzadas y gestión integrada de riesgos RSA Archer Suite Proven Integrated Risk Management RSA NetWitness Platform Evolved SIEM & Advanced Threat Defense ACCESO SEGURO AL USUARIO Y PREVENCIÓN DEL FRAUDE en el mundo actual de conexión digital, multinube y omnicanal RSA Fraud & Risk Intelligence Suite Omni-Channel Fraud Prevention RSA SecurID Suite Secure Access Transformed CREAR UN PLAYBOOK A MEDIDA evaluar, cuantificar y madurar su programa de Riesgo digital a lo largo del tiempo RSA Risk Frameworks Roadmaps & Strategy for Digital Risk Maturity RSA Risk & Cybersecurity Practice Expert Consulting Services CÓMO LOS PRODUCTOS RSA ENCAJAN EN LA TRANSFORMACIÓN DIGITAL
- 13. 13 ¿Quién es el usuario? ¿Qué puede accesar? ¿Qué ataque o fraude conocido esta involucrado este usuario? ¿Cómo monitoreo si la cuenta es una posible amenaza? ¿Por qué debería importarme? ¿Existe algún riesgo para mi negocio? Lines of Business Risk/ FraudIdentity SOC Compliance IT/OPS CONNECTED SEC U R E AC C ESS TAKES A VILLAGE
- 14. 14 RSA PORTAFOLIO Single, Unified Solution To Detect And Respond To Evolving Threats Netwitness for Logs Netwitness for Network Netwitness for Endpoint Netwitness SecOps Manager Netwitness UEBA Netwitness Orchestrator Accelerate Business While You Mitigate Identity Risk SecurID – Authentication Manager SecurID Access – MFA Identity Governance & Lifecycle Centralized Cross Channel Fraud For Unified Detection And Mitigation Fraud Action Adaptive Authentication Adaptive Authentication for Ecommerce Proven Business Risk Management Suite To Confidently IT Security & Risk Enterprise & Operational Risk 3rd Party Governance Business Resiliency Public Sector Audit Management Regulatory & Corporate Compliance
- 15. 15 RSA NETWITNESS, LA EVALUCION DEL SIEM User Behavior Analytics Archiving Real-Time Detection CloudOnPremises Intelligence & Context Tagging Enrich Investigation Compliance Reporting Endpoint Analysis Session Reconstruction Incident Management Orchestration and Automation PACKETS LOGS NETFLOW ENDPOINT RSΛ LIVE VISIBILIDAD y Detección INVESTIGACIÓN y Evaluar el Riesgo ORQUESTACIÓN Acción y Respuesta
- 16. 16 RSA NETWITNESS, LA EVALUCION DEL SIEM • Una plataforma única y unificada para todos sus datos • Integración de amenazas y su contexto empresarial • Análisis del comportamiento del usuario automatizado • Inteligentes y rápidas investigaciones • Orquestación de acciones • Flexible y escalable en su arquitectura • Extremo a extremo en sus operaciones de seguridad
- 17. Cruzar líneas de negocio y límites organizacionales para la Colaboración ESTRATEGIA PARA GESTIONAR EL RIESGO DE NEGOCIO Definir y refozar la propiedad del riesgo a través de la Responsabilidad Automatizar procesos para lograr Eficiencia Consolidar datos y habilitar Análisis & Visibilidad del riesgo
- 18. AMPLITUD PARA ABORDAR TODAS LAS DIMENSIONES DEL RIESGO
- 19. AMPLITUD PARA ABORDAR TODAS LAS DIMENSIONES DEL RIESGO • Gestión del Programa de Políticas de TI y Seguridad • Aseguramiento de Controles de TI • Programa de Vulnerabilidades de Seguridad de TI • Gestión de Riesgos de TI • Gestión de PCI • Gestión de Incidentes de Seguridad • Gestión de Operaciones de Seguridad y Brechas • Gestión Regulatoria de TI • Sistema de Gestión de Seguridad de la Información (SGSI)
- 20. RSA ARCHER IT & SECURITY RISK MANAGEMENT IT Policies IT Control Standards Authoritative Sources Corporate Objectives Remediation Plans Exceptions Findings Regulatory Intel + Impact Analysis IT Control Procedures Test Results Manual Automated Testing Vulnerability Scans Vuln & Patch Information Risk Assessments IT Risk Register Metrics Threat Intel Threat Assessment Investigations Incidents BIA Breach Management SOC Management IT Policy Management IT Risk Management Security Incident Management Security Operations & Breach Management IT Controls Assurance IT Regulatory Management Issues Management IT Security Vulnerabilities Program Busines s Impact Analysis Devices Applications Business Processes Product/Services Facilities Information Business Hierarchy Contacts Risk Use Case list as of Q2 2016 (subject to change)
- 21. EMPOWER ANALYSTS WITH RISK & AUTOMATION RSA NetWitness Suite Respond enables Essential Incident Management actions for a SOC RSA NetWitness Orchestrator enables Advanced Incident Orchestration & Automation Needs RSA Archer Cyber Incident & Breach Response enables a Business response to declared Security Incidents
- 22. 750+ C Y B E R S E C U R I T Y E X P E R T S A C R O S S 24 C O U N T R I E S R S A C u s t o m e r S u p p o r t R S A R i s k & C y b e r s e c u r i t y A d v i s o r y S e r v i c e s R S A I n c i d e n t R e s p o n s e & C y b e r D e f e n s e S e r v i c e s R S A P r o f e s s i o n a l S e r v i c e s R S A U n i v e r s i t y ¿PORQUÉ RSA? UN VISTAZO A RSA GLOBAL 1,000 active projects on any given day 2,500 unique projects per year 48 of the Fortune 50 92 of the Fortune 100 370 of the Fortune 500 Global Services
- 23. El riesgo siempre ha sido visto como algo que temer que te detiene. Convirtamos el riesgo es oportunidades! La seguridad puede ser un acelerador para su organización que le permite adoptar la innovación y las nuevas tecnologías con confianza. La Seguridad es un acelerador! Siempre nos enfocaremos en autenticación, firewalls, cumplimiento y ciberdelincuentes. Pero ahora puede repensar lo que la seguridad y el riesgo significan para su organización. La Seguridad es una extensión y habilitador para el crecimiento empresarial. La Seguridad impulsa la innovación, aprovecha las oportunidades y permite a las organizaciones pensar de formas nuevas y estratégicas. ¡Adiós al perímetro, prepárate para la nube de confianza cero! Hagamosla juntos! PUNTOS PARA NO OLVIDAR!
- 24. 26 TRABAJEMOS EN EQUIPO COMO UN TODO PROCESOS TECNOLOGIA PERSONAS
- 25. 27 EN EL MUNDO REAL…. IMPORTA! https://www.infobae.com/america/deportes/2019/07/16/formula-1-el-increible-nuevo-record-en-una-parada-en-los-boxes/ Promedio 2,587 segundos Record anterior 1,92 segundos 2013 – USA, equipo RedBull 2016 – EUROPA, equipo Williams Nuevo Record 1,91 segundos 2019 – SILVERSTONE equipo RedBull
- 26. 28 Phishing C a l i m o c h o
- 27. 29 RSA Business-Driven Security Empowering organizations to manage digital risk with unparalleled visibility and insight ¿PREGUNTAS?
- 28. 30 RSA Business-Driven Security Empowering organizations to manage digital risk with unparalleled visibility and insight MUCHAS GRACIAS!
Notas del editor
- The term “Digital Transformation” has become part of our vernacular over the past several years. The Internet of Everything is transforming the way every business operates. Digital transformation is no longer optional, or even a differentiator… rather, digital transformation has become compulsory for every organization to remain relevant and competitive in today’s digital economy. Digitization is also changing our economics. With astronomical data growth, the analytics and byproducts of that data have become the new bloodstream of the global economy.
- Uber, el proveedor de transporte más grande del mundo, no posee vehículos. Facebook, el propietario de medios más popular del mundo, no crea contenido. Alibaba, el minorista más valioso, no tiene inventario. Airbnb, el proveedor de alojamiento más grande del mundo, no posee bienes inmuebles.
- Digital transformation in organizations is increasing digital risk. Digital risk can’t be viewed as a simple “increase of risk” but an exponential factor applied to traditional risk profiles. As organizations extend technology deeper into their day-to-day business operations, they introduce digital risk. Digital risk refers to unwanted and often unexpected outcomes that stem from digital transformation, digital business processes and the adoption of related technologies. These outcomes may include cybersecurity risk, third-party risk, business continuity risk, data privacy risk and others. These fast-moving and elusive outcomes may be more disruptive than the operational risks that businesses have historically managed. In fact, many organizations are finding that as digital adoption accelerates, Digital risk has become the greatest facet of risk that they face, and therefore must manage. While this gap seems intuitive, it is much deeper than a single dimensional view of the changing face of risk. 4 key problems organizations face with digital transformation that are creating more digital risk are: Expanding Threat Surface More sophisticated attacks Increasing regulatory pressure and consumer demands for more transparency from organizations regarding their data And…with more interconnected digital operations, the business impact due to a cyber attack is much greater.
- With the continued increase in the number of applications in use, it’s likely that your users are growing increasingly frustrated as they are forced to deal with different login experiences, different passwords and password policies. – across an increasingly divers set of applications. So while it’s absolutely not something recommended, you can hardly blame users if they simply resort to using the same password for everything. Since many of you might be guilty of doing this yourselves, it may not come as a total surprise that that almost half of us frequently use the same password across different websites. This of course can put the security of your entire organization at risk in the process. Also, when using several cloud applications from different cloud service providers, like Azure for Office 365, Salesforce and Workday, it's easy to end up with disparate identity information scattered across them. Without a centralized authentication authority, cloud accounts can easily become orphaned, remaining active and posing an ongoing danger for account hijacking and unauthorized use. And last but certainly not least, with the proliferation of cloud and mobile applications, users have grown accustomed to consumer simple experiences, that they now expect to get at work as well. There’s no question that the user experience has become increasingly important. And while employees may be more of a captive audience, a poor digital experience can limit business agility, reduce productivity, and damage morale. But how can you provide a consumer simple cloud experience that users want and get the level of security that your organization needs?
- SLIDE THEME: RSA has a wealth of knowledge and insights from our customer base and a legacy of being a security leader. RSA can help you develop a tailored roadmap for managing digital risk - Executing a mature risk-based strategy to your digital transformation requires expertise, time and a clear plan. Due to a lack of internal expertise in key areas of cyber risk management or an absence of the required processes and technology, many organizations are not always sure how to manage digital risk. [CLICK] RSA Risk Frameworks are designed to help organizations tackle some of the most complex and fastest-moving risks emerging from digital business practices. The service encompasses two main offerings: in-depth assessments of an organization’s risk management maturity plus a detailed roadmap for maturing an organization's practices across these domains. [CLICK] The RSA Risk & Cybersecurity Practice enables organizations to develop the skills, maps, strategies and solutions required to navigate the new environment of digital risk. RSA can help you chart your course and execute towards a risk-based, mature strategy aligned with your digital operations.
- Key points: This parts starts the discussion of going beyond the scope of IAM and adding more insights from other disciplines into the IAM world to make smarter decisions. Taking business intelligence and application criticality from RSA Archer, Threat intelligence beyond the scope of Identity systems from RSA NetWitness, and known fraud indicators from the RSA FRI suite. Next slides will include example use cases of archer and IGL integration, NW and SID Access integration and then the next steps is the business driven security concepts =========================================================== Transition – We discussed visibility and control across all access use cases with risk based identity and access assurance. This approach is very powerful, but what if we could take it to the next level and go beyond the scope of identity systems? [Click] With RSA SecurID Access, we gain insight into the user through identity and access assurance. This is done by looking at the user behavior in the past and comparing to current access request as well as looking at risky access violations in the context of the applications users access. But what if we could automate the business context and understanding of impact of rogue access on the business. [Click] Think about an HR or CRM application, for example. That classification of business criticality is already done within your GRC tools. Leveraging that classification from RSA Archer, we can learn about the criticality of the applications to make access decisions. [Click] Imagine we can leverage threat intelligence beyond the scope of the identity systems. For example, we can learn about an attempt to access an application from a device infected with malware, or we see traffic to a command and control center. This information can be taken into account when evaluating the risk of a current access request. That information is already available in your SIEM tools. Leveraging insights gained from RSA NetWitness, we are able to elevate the required levels of confidence to allow users to access applications. [Click] And finally, what if we could take additional fraud indicators into account, such as Ips involved in fraud attempts or device prints of criminal activity? That would help better secure access to application and data. This connected approach allows to continually make informed access decisions based on the business context and risk with a comprehensive view of the threat landscape.
- RSA NetWitness Platform evolved SIEM accelerates threat detection and response by providing unparalleled visibility to see threats anywhere—on endpoints, across the network, in the cloud and virtual environments. In addition, it combines essential business context with automation and machine learning capabilities to help pinpoint and respond definitively to the threats that matter most. Visibility, Analytics, Action The RSA NetWitness Platform provides pervasive visibility across a modern IT infrastructure, enabling better and faster detection of security incidents, with full automation and orchestration capabilities to investigate and respond efficiently. RSA NetWitness Platform takes security “beyond SIEM,” extending the traditional log-centric, compliance-focused approach to security to include state-of-the-art threat analytics, including user and entity behavior analytics (UEBA), and visibility into cloud, network and endpoints.
- RSA NetWitness Platform leverages advanced cybersecurity capabilities to help the entire organization, from the CEO and CISO to the security operations center, to protect themselves from known and unknown threats. Single, Unified Platform for All Your Data This is the only solution that combines threat detection analytics and automated response with network and endpoint telemetry, investigation and threat intelligence capabilities to defend against threats. Integrated Threat and Business Context By adding business context to analysis, organizations can prioritize threats based on the potential impact to their businesses. In addition, intelligence gathered from industry research and crowdsourced from our customer base and the organization’s own data is fully aggregated and operationalized at ingestion to better detect the unknowns that are prime indicators of compromise. Automated User Behavior Analytics Our fully integrated UEBA module looks for potentially malicious issues across disparate data sets as well as correlates data across full network packets and endpoints—all prime attack vectors for today’s advanced threats. By analyzing all these data sources together and searching for attack behaviors, and applying user and entity behavior analytics (UEBA), RSA NetWitness Platform can dramatically speed threat detection and response - extending the power of the RSA Evolved SIEM by targeting threats that manifest themselves in user and entity behavior. Rapid Investigations The RSA NetWitness Platform provides an advanced analyst workbench to triage alerts and incidents including an interface designed specifically for security investigations. Utilizing deep insight into data from across the infrastructure allows analysts to natively and visually reconstruct a network attack or data exfiltration in its entirety. The platform empowers analysts to connect incidents over time in order to expose and better understand the full scope of an attack. Automation and Orchestration Automation and orchestration enables security operations center (SOC) analysts to have consistent, transparent and documented threat investigations and threat hunting capabilities by leveraging playbook-driven automated response actions, automatic detection and machine-learning powered insights for quicker resolution and better SOC efficiency. Flexible, Scalable Architecture By offering a wide range of flexible deployment options, the RSA NetWitness Platform can scale incrementally according to an organization’s needs and security priorities. Whether deployed as a single appliance or dozens, partial or fully virtualized deployments, on-premises or in the cloud, RSA NetWitness Platform can support it all. End-to-End Security Operations The RSA NetWitness Platform unifies network telemetry, endpoint telemetry along with advanced threat intelligence, SOC playbooks and management to fully operationalize security operations programs from end to end.
- RSA helps organizations of all size and shape deal with these types of critical risks. Third-party risks, including security, resiliency, compliance and others need to be managed in tandem to reduce confusion, gaps and costs, while giving risk and security teams and executives the right level of visibility into the issues so they can make the best decisions and take action. [NOTE: The next two sections are designed to help you explain RSA’s approach to Manage Third-Party Risk. You have two options: Section 1 is a step by step explanation based on the three boxes on the slide. Section 2 is a product by product explanation.] SECTION 1: The first step in dealing with third-party risk is to (CLICK) UNDERSTAND HOW PREPARED YOU ARE TODAY. For small and large organizations, it’s important to evaluate your ability to deal with the third-party risks coming your way. The RSA Risk Framework for Third-Party Risk (CLICK) is a professional service offering from RSA Risk & Cybersecurity Advisory Services (RCAS) designed to help organizations develop a strategy to proactively manage third-party risk. In the example on the prior page, WHC was experiencing security risks possibly due to several reasons, such as: they had not done an adequate job understanding or evaluating their third parties; or had not done a good enough job assessing the risks these third parties posed and implemented appropriate controls and measures; or the organization had not properly evaluated the third parties’ need for access into their systems and data and managed the authentication accordingly: or finally, they likely were not adequately monitoring their network and systems for cyber or fraud threats and taking steps to mitigate the risk. With these gaps in mind, RSA recommends a phased and methodical approach to managing these and other third-party risks: The next phase is to(CLICK) UNDERSTAND AND EVALUATE your THIRD PARTIES, and (CLICK) MONITOR AND MANAGE them. This takes an integrated approach. The first step is to understand how and where third parties are used throughout your organization. All third parties need to be documented in a catalog or registry so they’re accounted for. (CLICK) (RSA Archer) Next, identify the risks your third parties pose to your organization. Then, assess, evaluate, treat and monitor the risks, including risks associated with your third parties’ third parties and their activities (RSA Archer Suite) Next, remediation activities usually result in what are called “findings” or “issues”, which are corrective steps that needs to take place and tracked to resolution. Track and monitor these findings and issues or you won’t know if the remediation activity took place and closed the gap. (RSA Archer Suite) Next, determine which third parties pose the most risk to your organization, and monitor and re-assess them accordingly (RSA Archer Suite) Next, govern the access needs of your third parties to your systems and data both at the inception and on an ongoing basis. (SecurID IG&L) Next, Monitor online activity to detect and respond to information security and fraud threats introduced by these third parties (NetWitness Platform and FRI Suite) (CLICK) Archer is the hero product because it provides the overall workflow for governance and risk management capabilities. It can ingest information from other RSA products to drive actionable items that 3PR, security, IT and risk teams can act on. The dashboards in Archer can provide teams with a single pain of glass to manage third parties holistically. (NOTE: If using the following section instead, click on all the animations to expose all the boxes and text first. Then start the narration below.) SECTION 2: RSA PRODUCTS RSA Archer® Suite: Is the hero product in third-party risk management. Archer is used to track each third party and their activities so you understand the criticality and risk of each in the context of your business. Assess the governance and controls that third parties have in place around the products and services they are delivering to your organization, and understand any residual risk and deficiencies that must be remediated. Monitor each third party’s performance by establishing metrics for each engagement and relationship. RSA NetWitness® Platform: allows you to monitor and respond to risk, compliance, information security issues and fraud attempts by collecting data across capture points and computing platforms utilized by third parties. Speed threat detection, investigation and mitigation by enriching log, network and endpoint data at capture time with threat intelligence and business context. Automate and orchestrate incident response to reduce the risk of security breaches and fraud attempts originating from third parties. RSA SecurID® Suite: Helps you protect critical internal systems, sensitive data and your consumer-facing digital channels by better governing third-party access with a risk-based, automated approach that certifies identities, assigns appropriate levels of access based on users’ responsibilities, and scales to meet the unique demands of authenticating third-party users. RSA® Fraud & Risk Intelligence Suite: Enables you to detect, monitor and respond to third party-related fraud threats in your consumer-facing digital channels with a combination of actionable fraud intelligence, real-time behavioral analytics and risk-based adaptive authentication. ----------- Summary: Security Transformation – the ‘What’ and the ‘Why’ Purpose: Make the case for Security Transformation as a key imperative for digital Transformation Talking Points: Digital Leaders have adopted a new mindset regarding security and business risk. Traditionally, security has been seen as putting the “no” in innovation while risk has been seen as something that holds you back, something to fear.. Security must become an accelerator for the organization and not something that slows them down. And risk must become something that can give an organization a competitive advantage. Security Transformation is about securing the full stack, from infrastructure to applications, and streamline operations, making security an essential part of business strategy. A transformative security strategy should be embedded within your overall business strategy. Security needs to be a priority, a part of every conversation; it needs to be connected to the people, process and technologies behind an organization. Because as we’ve already discussed, in the digital era, humans and data are becoming increasingly connected. And to ensure the success of that relationship, security must be incorporated as well. You’ll need to architect for intrinsic security to ensure that you simplify and orchestrate IT infrastructure and security policies and that your data and IT assets are secure, protected and available. When the relationship between security and IT is continuous and reciprocal, the benefits are powerful.
- Business risk management solutions enable organizations to improve business performance through reduced risk, as well as more informed and faster decision making. RSA Archer helps you reduce risk by: Enabling accountability for risk and compliance issues to define and enforce risk ownership; Building collaboration on risk issues across business lines and organizational boundaries; Consolidating data and enabling risk analytics across the organization and improving visibility; and Driving efficiencies by automating processes.
- BREADTH: The RSA Archer suite includes multi-disciplinary risk management solutions and use cases that address the most critical domains of business risk. A single platform that addresses the most critical domains of risk: IT and Security Risk Management Enterprise and Operational Risk Management Regulatory and Corporate Compliance Management Audit Management Business Resiliency Third Party Governance (With specific solutions for Public Sector organizations) 34 use cases across 7 solution areas, designed to drive maturity and integration across risk domains (# of use cases): IT and Security Risk Management (9) Enterprise and Operational Risk Management (7) Regulatory and Corporate Compliance Management (4) Audit Management (3) Business Resiliency (4) Third Party Governance (4) Public Sector (3) The ability to fully address IT and security risk – the #1 concern for organizations today – through RSA/EMC/Dell Integration with the RSA product portfolio to address threat detection and response and identity Archer is part of RSA’s strategic relationship with EMC/Dell Stability and resources of EMC/Dell
- BREADTH: The RSA Archer suite includes multi-disciplinary risk management solutions and use cases that address the most critical domains of business risk. A single platform that addresses the most critical domains of risk: IT and Security Risk Management Enterprise and Operational Risk Management Regulatory and Corporate Compliance Management Audit Management Business Resiliency Third Party Governance (With specific solutions for Public Sector organizations) 34 use cases across 7 solution areas, designed to drive maturity and integration across risk domains (# of use cases): IT and Security Risk Management (9) Enterprise and Operational Risk Management (7) Regulatory and Corporate Compliance Management (4) Audit Management (3) Business Resiliency (4) Third Party Governance (4) Public Sector (3) The ability to fully address IT and security risk – the #1 concern for organizations today – through RSA/EMC/Dell Integration with the RSA product portfolio to address threat detection and response and identity Archer is part of RSA’s strategic relationship with EMC/Dell Stability and resources of EMC/Dell
- General Description: The first iteration of the slide (no Use Cases) shows the major elements of the solution. Highlights include: Creating the business context for IT & Security risk via the Asset catalogs (on left) Policy and standards development and alignment of internal controls to external requirements (Authoritative Sources) Managing IT controls testing for compliance purposes Issues Management provides a central location to track gaps and remediation Managing an IT Risk program that cross the gap between general IT risks (IT Risk Register, Risk Assessments, KRIs) with security risks (threat intel, threat assessment) Managing the full lifecycle of security incidents (incidents, investigations, breaches, SOC) Incorporating the vulnerability program (identifying device level vulns) into the risk profile. BIA is included to show how business criticality can be defined and fed into the processes. The RISK arrow depicts the objective to roll up risk from the business and IT infrastructure (devices, facilities, applications, etc.) within the context of the business hierarchy. NOTE: Not all relationships are included using the arrows. Given the many interrelationships with Archer, it is impossible to include all relationships. Therefore, you may also need to discuss how elements are integrated/related via Cross References or other mechanisms within the use cases. Animations: 1st – Shows the Foundation Use Cases – Manage Issues and Security Incidents 2nd – Shows the Managed Use Cases – Establish Policies/Standards, Compliance Processes and Vulnerability assessments with BIA (to improve prioritization of issues) 3rd – Shows the Advantaged Use Cases – Implement IT Risk program and regulatory change processes
- General Description: The first iteration of the slide (no Use Cases) shows the major elements of the solution. Highlights include: Creating the business context for IT & Security risk via the Asset catalogs (on left) Policy and standards development and alignment of internal controls to external requirements (Authoritative Sources) Managing IT controls testing for compliance purposes Issues Management provides a central location to track gaps and remediation Managing an IT Risk program that cross the gap between general IT risks (IT Risk Register, Risk Assessments, KRIs) with security risks (threat intel, threat assessment) Managing the full lifecycle of security incidents (incidents, investigations, breaches, SOC) Incorporating the vulnerability program (identifying device level vulns) into the risk profile. BIA is included to show how business criticality can be defined and fed into the processes. The RISK arrow depicts the objective to roll up risk from the business and IT infrastructure (devices, facilities, applications, etc.) within the context of the business hierarchy. NOTE: Not all relationships are included using the arrows. Given the many interrelationships with Archer, it is impossible to include all relationships. Therefore, you may also need to discuss how elements are integrated/related via Cross References or other mechanisms within the use cases. Animations: 1st – Shows the Foundation Use Cases – Manage Issues and Security Incidents 2nd – Shows the Managed Use Cases – Establish Policies/Standards, Compliance Processes and Vulnerability assessments with BIA (to improve prioritization of issues) 3rd – Shows the Advantaged Use Cases – Implement IT Risk program and regulatory change processes
- RSA’s industry-leading products are complemented by a force of 750+ Cybersecurity and Risk Experts, located around the globe, with a single purpose of helping our customers realize the confidence and countless other benefits derived from Business Driven Security. Organizations inevitably need help in identifying and closing their gaps and optimizing their cybersecurity, risk, and compliance programs. They want the team with the most real-world experience and that is armed with the most proven tools in the business. Nobody is more battle-tested than the team at RSA® Risk and Cybersecurity Practice Why? We bring the most real-world field experience. Founded in 1982, RSA has worked with more organizations in more countries for more years than anyone else and have logged over 100,000 engagements. These battle-tested teams have tackled the most sophisticated and complex cybersecurity and compliance challenges. We come with the highest level of expertise: Our professionals are trained and certified in the most advanced technologies and methodologies and are thought leaders through leading research, conferences, publications, education and training programs. We use the best tools in the business. RSA’s comprehensive suite of tools cover the full range of Identity, Security Operations, and Risk Management. These best-in-class tools have received top awards and ratings from analysts, such as the ‘leader’ designation in seven Gartner Magic Quadrants. We apply the most rigorous processes. We dig deeper to uncover unknown threats and apply the most detailed and authoritative use cases for the intersection of IT and security risk with all other major business and compliance functions, tailored to your unique requirements.