GRC

RSA Via Lifecycle and Governance Named a ‘Leader’ in 2016 Forrester Wave: Identity Management and Governance Report

RSA is happy to announce that RSA Via Lifecycle and Governance has been recognized as a ‘Leader’ in The Forrester Wave™: Identity Management and Governance Q2, 2016 report!  (View and download the report here) Forrester evaluated 9 of the most significant Identity Management and Governance providers across 17 criteria, and recognized RSA Via Lifecycle and…

Announcing RSA Archer GRC 6.1

RSA Archer GRC 6 (6.0) was launched in November 2015 under the theme “Inspire Everyone to Own Risk.”  GRC 6 focused on providing organizations with an industry leading GRC platform to transform risk management by engaging everyone within an organization in the risk process. Today, organizations must implement the “three lines of defense,” making risk…

Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise

In April, I wrote two blogs (How Hungry… and Appetite and Exercise) on the concept of risk appetite. I highlighted the fact that organizations must take on risk to drive growth within the business. That risk must be balanced with activities to manage the risk within a tolerance that is acceptable to the organization. Some…

Third and Fourth Party Risk Management: Access-as-a-Risk

By now, we all know that vendor engagement is key to business sustainability. Organizations cannot focus on their core business without outsourcing non-critical functions to third parties. From a 20,000 foot view, third party management becomes an operational activity governed through contracts, engagement analyses and effective risk management. Where organizations fall short is in implementing…

Appetite and Exercise

In my last blog post, I posed the concept of Cyber Risk Appetite as something that all organizations need to consider today.  I used the analogy of a balanced diet of risk – taking some risks to keep the business growing while avoiding so much risk that the business becomes bloated.   The objective is to…

How Hungry is your Organization?

As someone that tries to watch my diet, I know how hard it is to deal with your own appetite. Several things that are my weakness – fresh bread, cold beer, pizza, the list goes on – are definitely not the best elements for a balanced diet.  Most of the time I am able to deal…

The Wheel of Suffering: Don’t Be a Jerk to Your Future Self

Findings. Defects. Whatever you call them, your organization’s security posture is full of them. At RSA, we use the umbrella term “Issues Management”. So many organizations handle their vulnerabilities, misconfigurations, failed controls, and policy and process gaps the same way: the hard way. The hard way is the reactive way, the just-in-time way, and the…

E5 – The Flies and the Hornet – Insect Bites

A cool breeze whisked through the window causing the scrolls on the Wizard’s desk to rattle and tremor.  The wise man shifted a large scroll to weigh down some loose papers.  He reallocated a heavy paper weight to secure some more papers.  The weather had turned cold but the Wizard enjoyed the brisk air flowing…

Compensating for Control Issues

Whoa wait a minute…is this a psychology lesson? Well if so hopefully it’s no less comfortable than your favorite chair! Last week we kicked off a new blog series on Issues Management. Read Steve’s initial volley here which neatly frames up the problem of the “Issues Pit”. This week we’ll discuss the process of compensating for control…

Know your Gaps; Take Action

Issues – we all have them.   I should clarify that statement.   I am not talking about you personally or referring to the ‘lie on the couch, tell me about your relationship with your mother’ types of issues.  I mean – all organizations have issues.   Some are big and some are little but all organizations find…