GRC, Page 2

E4 – Storms on the Horizon – Gathering Forces

Marty was getting use to his spot in the executive conference room.   He awaited the arrival of the host of the meeting – Howard Mentinger, the Chief Risk Officer of MagnaCorp.  The CRO had been with the company for many years and had held multiple roles in the business.  His analytical mind reduced business problems…

E4 – Storms on the Horizon – The Weather Turns Cold

Marty went through packet captures once more to make sure he wasn’t missing anything important.  He had pulled traffic logs and netflow data for the last few weeks specifically looking for anomalous activity.  His sixth sense was piqued by the vNextGen’s security team mentioning increased commotion on their network.  As he drilled deeper into the…

The Risks of Root Causes

I spoke recently at a workshop organized by the Alan Turing Institute in London to identify areas related to cyber security in which major research is needed. Though I focused on security analytics, I also talked about the need to develop more effective models for understanding and managing risk, citing the work that my colleagues…

E4 – Storms on the Horizon – First Winds

The Siren sat demurely in her corner booth at the café watching the patrons with an air of casual indifference.  A closer inspection of her after a few minutes though would reveal the intensity of a predator as her eyes smoothly moved from one customer to the next.  She surveyed every table for a few…

E4 – Storms on the Horizon – The Calm Before

Marty walked into the executive conference room and felt he had passed through a portal of luxury.  No battered pizza boxes in the trash cans.  No empty soda cans littering the table.  No crazy mess of networking cables running across the floor.  He was used to that type of working environment.  Instead, he saw an…

Introducing RSA Archer GRC 6 to Our Federal Community

Through the years, as federal information assurance professionals, we’ve seen a lot of adjustments and evolution. We had an arms race in buying newer and better firewalls, more secure networking devices, IDSs, IPSs, and SIEM tools. We bought generations of scanners and sensors. We watched several iterations of C&A and A&A methodologies come and go.…

Introducing RSA Archer GRC 6 – Inspiring Risk Management

There is no question organizations today are in a rapidly changing risk environment and the pressure to improve risk management practices is being driven top down from boards and executives. Managing a cultural shift from the reactive checking the box of compliance to a more proactive risk management model requires change and participation across the…

Looking Back, Looking Ahead: Why I Came to RSA

As I complete six months at RSA, I wanted to reflect upon a critical decision I made a number of years ago that eventually led me here. I had been at a large tech company and over the years fostered great relationships within the company allowing me to establish myself. As a whole, the company…

IT Compliance: All About That Base (Standard)

When it comes to IT risk management approaches, few things spark more debate than the use of standards. To explore this is to ponder another alphabetic quagmire of acronyms, categories, and random numeric designations. So which is the best? Is there even such a thing as “best”? If not, how do you choose otherwise? Or…

The Results are In…RSA Archer Won a Stevie Award

We’re very excited to share some great news – RSA Archer won a 2015 People’s Choice Stevie Award for Favorite New Product in the Software – Governance/Risk category. As you may know, the Stevies are premier awards as part of the American Business Awards – essentially the equivalent of the film industry’s Academy Awards.  This…