Subscribe to the RSA blogs and podcasts for the latest posts and security updates!
Steve Schlarman is an eGRC Solution Manager for RSA, The Security Division of EMC. With deep compliance, security, audit and IT management expertise, Mr. Schlarman is responsible for product design and architecture for RSA Archer eGRC Solutions, in addition to content management processes. Prior to joining Archer, Mr. Schlarman was the Chief Compliance Strategist for Brabeion Software where he led overall product strategy, product management and content management. Before Brabeion, he was a Director in PricewaterhouseCoopers' Advisory Practice, focusing exclusively on information security consulting and auditing. Mr. Schlarman received a Bachelor of Science degree in Mathematical Sciences from Southern Illinois University-Edwardsville. He holds both CISSP and CISM certifications. Subscribe to Steve's RSS feed
At EMC we want to empower you to grow your GRC program according to your organization’s unique governance, risk and compliance processes—and of course, help you get the best out of the RSA Archer Suite. So we’ve injected fresh energy into our online forums, the RSA Archer Community and Exchange, and moved them onto a [...]
One of the most refreshing moments one can experience is the reminder that things long ago learned and forgotten are still valuable and relevant. It is the realization that “I learned everything I needed to know in kindergarten”.
Earlier this month was one of the highlights of the “Archer calendar year” – the RSA Archer GRC Summit. As always, this event brought our customers together to engage in deep discussions on security, governance, risk management, compliance and a whole host of interesting topics. This is exactly why my blog on this year’s event is about…Harry Potter.
There has been a great deal of talk about making business processes more transparent. While I think gaining visibility across complex business operations or complicated IT infrastructures is a very important concept, I think there is another concept that is just as important yet is sometimes overlooked. When it comes to truly seeing something for what it is, the dimensions of an object allow us to more clearly define it.
On the first day of 2010 my big boss gave to me: a project called G-R-C.
On the second day of 2010 my big boss gave to me: two BCPs and a project called G-R-C.
On the third day of 2010 my big boss gave to me: Three new laws, Two BCPs and a project called G-R-C.
On the fourth day of 2010 my big boss gave to me: Four calling auditors, Three new laws, Two BCPs and a project called G-R-C.
On the fifth day of 2010 my big boss gave to me: FIVE LOSS EVENTS…Four calling auditors, Three new laws, Two BCPs and a project called G-R-C.
To date we’ve held 18 of our scheduled 20 eGRC Roadshows, and we couldn’t be happier with how things have played out. This is my second round of eGRC Roadshows with RSA Archer, and the thing that always strikes me about these events isn’t so much the level of customer participation as it is the willingness of all of these folks to take time out of their busy schedules to share their Archer experiences with each other, all in the interest of making those around them better at what they do. My wife likes to tease me because I like to throw out very well-worn clichés, but I can’t help but think that, in this case, the whole of the Archer Community is truly greater than the sum of its parts.
The “team sport” theory can be applied to a company’s control environments as well. The classical “defense in depth” approach quickly comes to mind. Controls always depend on a collection of activities. As Risk and Compliance professionals, we all know the “single point of failure” is a verboten persona non gratis.
IT people have always been the metaphorical sort. Turning technology issues and solutions into real-life oriented allegories allows us to express esoteric or complex ideas in simple, relatable terms. Metaphors help us turn the 1s and 0s, the bits and bytes, into tangible examples that allow us to communicate the complex ideas. Information Security has traditionally taken many of its metaphors from the military world – defense in depth, bastion hosts, DMZs, honey pots… ok, well honey pots are more of a Winnie the Pooh thing but you get the point. The fact remains that Information Security professionals have always looked to this universe of conflict and war to get its metaphors.
I just participated in the first ever RSA Conference China, so while I am taking a moment for my Peking duck to digest, I wanted to tell you about the experience and relate some of my thoughts coming out of the event. Presenters from all over the world, including some from China’s government ministries, covered topics including cloud computing, core information security, fraud and virtualization. The well-attended event was another indicator of the global nature of business and created much buzz in the local industry. I had the honor and privilege to present on enterprise governance, risk and compliance as a core business philosophy and its importance in achieving strategic business objectives.
This week, the industry celebrates one of the most influential and explosive technologies influencing the world of information systems: Virtualization. At VMWorld 2010, the focus on virtualization across the enterprise and cloud computing highlights some of the most interesting and impactful technologies that our industry is utilizing. We have had…
