RSA Archer

Completing the Puzzle

In a previous blog I reviewed the real world pay back for being a risk leader.  Let’s say your company gets it, they know that good risk management increases the likelihood objectives will be fulfilled and profits improved, and now you’ve been given the assignment to start the risk management program to make your organization a…

Defining Your Cyber Risk Appetite

When a senior executive tells the board he or she wants to discuss the company’s risk appetite, usually the board’s interest is piqued. After all, understanding an organization’s risk appetite is critical to the decisions the board makes. So why should defining a company’s cyber risk appetite be so difficult? A CISO’s role is to…

Capture the Prize

Risk is the effect of uncertainty on objectives.  Managing risk well increases the certainty that objectives will be achieved.  Not surprisingly, organizations leading in risk management “capture the prize”.  According to a PWC Risk Review, organizations more frequently achieve their objectives, are more profitable and less likely to experience a negative profit margin than those…

The Business Value of RSA Archer

Implementing an effective governance, risk, and compliance program can be a costly and time-consuming effort: Hardware, software, and the active engagement of a lot of people in the first, second and third lines of defense.  Before implementing a program, and periodically throughout the life of the program, the question always arises from senior management: Is…

Risk Is a Reality, Make Sure Rewards are Too

Return on investment. Total cost of ownership. Productivity gains. Payback period? What am I – a financial wizard or a risk professional? If you are in the risk management profession today, you have to be both. Being a top notch security guru that can navigate SQL injection code or rattle off the NIST 800-53 control…

RSA Identity Governance and Lifecycle: An Executive View from KuppingerCole

When one of the leading independent analyst organizations in the identity space weighs in favorably on your approach to identity governance, that’s news worth sharing. In the KuppingerCole Report “Executive View: RSA® Identity Governance and Lifecycle,” analyst John Tolbert gets at the heart of RSA’s belief in the effectiveness of an integrated, comprehensive, end-to-end approach:…

Sydney CRO Summit: Cultivating a Resilient Risk Culture

If you knew that an action you were contemplating could conceivably cost your organization billions of dollars, permanently ruin its reputation and maybe get the CEO fired for good measure, would you risk it? I’m going to go out on a limb and say you probably wouldn’t. Yet people do it all the time. Why?…

Driving Resiliency Through Operational Risk Management

I recently had the pleasure of presenting with a panel of RSA Archer customers on the topic of “Building Resiliency Across the Value Chain” for a Disaster Recovery Journal webinar. Two key questions were posed to the attendees. The first question was: “Where is your organization on the business resilience scale?” The responses were: Recovery…

Business Impact Analysis Relieves “Tempest in a Teapot” Syndrome

Do you ever use the term, ‘you are creating a tempest in a teapot’? It means, don’t make a big deal out of something that isn’t. Doing a little research, I found other similar phrases I thought were entertaining. They are: ‘A storm in a teacup’ – Cicero; or ‘Billows in a ladle’ – translation…

Facing a Tsunami of Issues?

“Tsunami” is the Japanese term for a series of violent and recurrent waves in the ocean caused by the displacement of a large volume of water. Earthquakes, volcanic eruptions, landslides or other underwater explosions or man-made events are usually the cause. Unlike normal ocean waves that are generated by wind, or tides that are generated…