The Marriage of Legal and IT

In Dr. Larry Ponemon’s recent eGRC and Data Privacy study, the Ponemon Institute, LLC independently surveyed 190 Archer eGRC Community members to examine the challenges they face in meeting eGRC and data protection objectives. One of the challenges that Dr. Ponemon notes is the need for collaboration between the Legal and IT teams to handle incidents as well as validate compliance to ever-changing regulations.

Incident Management Brings It All Together

Incident Management is a broadly used term but in our world of network security, it is inherently defined as the process an organization uses to identify, investigate and remediate a potential or real threat to their network resources and users.

Putting Together the Pieces in Europe

I recently returned from Berlin after attending the EMEA RSA Channel Partner Council with the purpose of discussing RSA’s Security Management and GRC strategies within Europe. For many of the RSA channel partners, this was their first exposure to these concepts. Channel partners have a unique perspective because they are on the front lines selling products and providing implementation services Their success is directly influenced by RSA’s ability to provide the right training, messaging and tools to make them effective.

RSA’s Insight on Security Management

Welcome to one of Speaking of Security’s newest blogs completely focused on security management, something we’re calling Security Management Insights or SMInsights for short. I am honored to author the initial post in which should be a highly active and thought provoking forum for dialogue related to the challenges facing today’s information security professionals. This is a team blog so you will benefit from hearing from a multitude of product managers from the products and solutions which comprise RSA’s emerging Security Management Suite. We continuously receive the opportunity to interact with customers and analysts and will use this blog to share insights about organizations’ security challenges and strategies.

The Hogwarts of GRC

Earlier this month was one of the highlights of the “Archer calendar year” – the RSA Archer GRC Summit. As always, this event brought our customers together to engage in deep discussions on security, governance, risk management, compliance and a whole host of interesting topics. This is exactly why my blog on this year’s event is about…Harry Potter.

Planes, Trains and Nuclear Power Plants: Managing Risk in the Modern World

The first principle I think is important to convey is that complexity and scale are inherent in many of the systems we build, and they carry with them risk that grows with size, complexity and scope. In fact, many systems grow to such an extent that they rapidly outstrip the initial design considerations, as is evidenced by obvious examples like Y2K and the need for IPv6.

Asset Acuity: Let’s Talk About Dimensions

There has been a great deal of talk about making business processes more transparent. While I think gaining visibility across complex business operations or complicated IT infrastructures is a very important concept, I think there is another concept that is just as important yet is sometimes overlooked. When it comes to truly seeing something for what it is, the dimensions of an object allow us to more clearly define it.

GRC and Trust in the Cloud: The Right Tools for the Right Jobs

It’s been a year now, or a little more, since To The Heart of the Matter, and this year we’re stepping up the governance, risk and compliance (GRC) stakes in a big way with a new EMC/RSA initiative around enterprise GRC. At the same time, the race to the cloud continues; so it’s time to look at enterprise GRC in the context of Trust and in context of the Cloud anew for 2011. Before we dive into that subject, let’s start with a little more on tools and tasks though by looking at innovation in historical Japan.