GRC, Page 2

E4 – Storms on the Horizon – The Calm Before

Marty walked into the executive conference room and felt he had passed through a portal of luxury.  No battered pizza boxes in the trash cans.  No empty soda cans littering the table.  No crazy mess of networking cables running across the floor.  He was used to that type of working environment.  Instead, he saw an…

Introducing RSA Archer GRC 6 to Our Federal Community

Through the years, as federal information assurance professionals, we’ve seen a lot of adjustments and evolution. We had an arms race in buying newer and better firewalls, more secure networking devices, IDSs, IPSs, and SIEM tools. We bought generations of scanners and sensors. We watched several iterations of C&A and A&A methodologies come and go.…

Introducing RSA Archer GRC 6 – Inspiring Risk Management

There is no question organizations today are in a rapidly changing risk environment and the pressure to improve risk management practices is being driven top down from boards and executives. Managing a cultural shift from the reactive checking the box of compliance to a more proactive risk management model requires change and participation across the…

Looking Back, Looking Ahead: Why I Came to RSA

As I complete six months at RSA, I wanted to reflect upon a critical decision I made a number of years ago that eventually led me here. I had been at a large tech company and over the years fostered great relationships within the company allowing me to establish myself. As a whole, the company…

IT Compliance: All About That Base (Standard)

When it comes to IT risk management approaches, few things spark more debate than the use of standards. To explore this is to ponder another alphabetic quagmire of acronyms, categories, and random numeric designations. So which is the best? Is there even such a thing as “best”? If not, how do you choose otherwise? Or…

The Results are In…RSA Archer Won a Stevie Award

We’re very excited to share some great news – RSA Archer won a 2015 People’s Choice Stevie Award for Favorite New Product in the Software – Governance/Risk category. As you may know, the Stevies are premier awards as part of the American Business Awards – essentially the equivalent of the film industry’s Academy Awards.  This…

A Pivotal Year

For the past several years, the information security industry has been saddled with labels annually. 2013: year of the breach; 2014: year of the BREACH (we really mean it); 2015 year of the MEGA breach (its gotten worse!). And with those labels every year I hear the phrase ‘this is a pivotal year in the…

Blog Series: Building the First Line of Defense – Part 2

In the first post of this blog series, I used the analogy of a rocket lifting into space with the countdown, 3…2…1… equating to the Three Lines of Defense (LOD) model, and how an organization truly achieves “lift off” or success really comes down to the 1st LOD.  In this blog, I’d like to focus on…

LoD Blog Series: 3…2…1…Liftoff!

Prior to the launch of every spaceship that lifts high above the earth is a countdown that ends with 3…2…1…lift off! This signals the final moments before the spaceship takes off to fulfill its mission.  My blog is a play on the 3, 2, 1, liftoff analogy and how it relates to the “Three Lines…

Can businesses be resilient on their own?

Can businesses and organizations be resilient on their own? By this I mean is it enough for a business organization to build resilient internal processes, IT infrastructure, facilities, and even third party relationships and rest assured they’re prepared for the next big event that comes along. To answer this question, I think we have to…