GRC, Page 2

Great Things Come in 3s – EMC (RSA) Positioned in Leader’s Quadrant in Three Gartner Magic Quadrants

We have all heard the adage that great things come in threes. Stooges. Pigs. Blind Mice. The list goes on and on. I have am very pleased to announce another thrilling combination of three – Gartner Magic Quadrants. EMC (RSA) has been positioned in the leader’s quadrant in three Gartner Magic Quadrants: Operational Risk Management,…

RSA Via Lifecycle and Governance Named a ‘Leader’ in 2016 Forrester Wave: Identity Management and Governance Report

RSA is happy to announce that RSA Via Lifecycle and Governance has been recognized as a ‘Leader’ in The Forrester Wave™: Identity Management and Governance Q2, 2016 report!  (View and download the report here) Forrester evaluated 9 of the most significant Identity Management and Governance providers across 17 criteria, and recognized RSA Via Lifecycle and…

Announcing RSA Archer GRC 6.1

RSA Archer GRC 6 (6.0) was launched in November 2015 under the theme “Inspire Everyone to Own Risk.”  GRC 6 focused on providing organizations with an industry leading GRC platform to transform risk management by engaging everyone within an organization in the risk process. Today, organizations must implement the “three lines of defense,” making risk…

Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise

In April, I wrote two blogs (How Hungry… and Appetite and Exercise) on the concept of risk appetite. I highlighted the fact that organizations must take on risk to drive growth within the business. That risk must be balanced with activities to manage the risk within a tolerance that is acceptable to the organization. Some…

Governance is the Center of the Universe

We all know by now that granting access to our sensitive applications introduces all sorts of “what-ifs” in an organization. What if my accounts payable admin, disgruntled and upset, decides to abuse her access to my payment system to funnel funds outside of the company? Or what if she decides to plug in her USB…

How to Tailor a Continuous Monitoring Policy to Focus on Critical Assets

Many organizations want to implement a continuous monitoring policy, which combines processes and technology to ensure security systems are working efficiently and effectively. Continuous monitoring enables IT teams to identify issues that could introduce risk or lead to compliance violations. As such, a continuous monitoring policy not only makes good business sense but is increasingly…

Don’t Settle for Less than 5 Stars

Booking a vacation to the Caribbean? You would want to stay at a 5-star resort, right? Planning a celebratory dinner? A 5-star restaurant would be a great choice. So when it comes to aligning your business with a partner that can best suit your needs, why settle for anything less? CRN, part of The Channel…

Enabling the Advantaged Enterprise

I was in my 36th floor hotel room in Las Vegas one afternoon last week, after a day of presentations at EMC World, when I was startled by something banging the side of the building above my window. A man in a rope sling winched slowly into sight, swaying from side to side, twirling slightly.…

Third and Fourth Party Risk Management: Access-as-a-Risk

By now, we all know that vendor engagement is key to business sustainability. Organizations cannot focus on their core business without outsourcing non-critical functions to third parties. From a 20,000 foot view, third party management becomes an operational activity governed through contracts, engagement analyses and effective risk management. Where organizations fall short is in implementing…

Risk Appetite Limbo

The Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system, published “Principles for An Effective Risk Appetite Framework” in November 2013.  Regulations were finalized around these principles by some regulators including the Comptroller of the Currency in 2014.  Although the genesis is FI-related, there are a lot…