1 / 37

RSA SecurWorld GRC: Product and Technology

RSA SecurWorld GRC: Product and Technology. SE Associate Security Management. Presales Process. Solutions. Product & Technology. Portfolio. Messaging. Instructions for Completing This Training. This training consists of: A self-paced learning format Intuitive UI Player controls

susans
Download Presentation

RSA SecurWorld GRC: Product and Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. RSA SecurWorld GRC: Product and Technology SE Associate Security Management Presales Process Solutions Product & Technology Portfolio Messaging

  2. Instructions for Completing This Training This training consists of: • A self-paced learning format • Intuitive UI • Player controls • Course continuation • Downloadable course slides and reference docs Note: these reference documents are RSA Confidential.

  3. Course Learning Objectives Upon completion of this course, you will be able to: • Describe the RSA Archer eGRC Suite architecture • Describe the deployment and integration options for RSA Archer

  4. Course Modules

  5. RSA Education Services Product and TechnologyModule 1: RSA Archer Product Architecture

  6. Module Objectives Upon completion of this module, you will be able to: • Explain the general platform architecture and functional components of the RSA Archer eGRC Suite • Understand the logical architecture of the major tier components

  7. RSA Archer eGRC Suite AnalystInterface RSA ArchereGRCPlatform Queries, Dashboards,Reports Business SystemData User Data (LDAP) Data Integration Governance/ComplianceData External Policy/RiskData

  8. RSA Archer eGRC Suite Click on a componentto learn more about it. Platform Components Solutions • Policy Management • Risk Management • Compliance Management • Enterprise Management • Incident Management Vendor • Management Threat Management • Business Continuity • Audit Management

  9. RSA Archer eGRC Suite Click on a componentto learn more about it. Platform Components Solutions • Policy Management • Risk Management • Compliance Management • Enterprise Management • Incident Management Vendor • Management Threat Management • Business Continuity • Audit Management

  10. Logical Architecture The architecture of the RSA Archer eGRC Platform is divided into three logical tiers: • ASP.NET pages (C#) • Separates presentation logic from business logic through the use of Code-Behind files • Invokes the Application Tier to retrieve and manipulate data Interface Tier • Collection of objects encapsulating the application business logic • Communicates with the database via a common database object • Not allowed to make direct SQL calls Application Tier • Collection of stored procedures that act upon the underlying data model • Utilizes Microsoft Search functionality for high-speed text searching • Requires Microsoft SQL Server 2005 SP3 Database Tier

  11. Module Summary Now that you have completed this module, you should be able to: • Explain the general platform architecture and functional components of the RSA Archer eGRC Suite • Understand the logical architecture of the major tier components

  12. RSA Education Services Product and TechnologyModule 2: RSA Archer Product Options

  13. Module Objectives Upon completion of this module, you will be able to: • Explain a customer’s deployment options for the RSA Archer eGRC platform • Describe integration options of RSA Archer with other data sources

  14. Deployment Options On-Premise Deployment • Licensed RSA Archer eGRC Platform deployed it a customer’s environment • Hardware, software and upgrades managed on-premise Software as a Service (SaaS) • Access to the RSA Archer eGRC Platform via the web • Avoids IT requirements associated with on-premise deployment Combined Deployment • Customer manages some applications on-premise and utilizes SaaSfor others Because all applications built on the RSA Archer eGRC Platform can be packaged and moved from one environment to another, a deployment strategy can be changed at any time.

  15. Integration RSA Archer is designed to integrate with cross-departmental and enterprise data systems • Challenges: • Data accumulated through diverse technologies create challenges for consolidation and reporting • eGRC initiatives require evaluation of data across inter-departmental as well as external systems • Solution: • Archer is vendor neutral and content independent – allowing a consolidation point for different data systems

  16. Integration Capabilities • Data Feed Manager • Flexible, code-free tool for collecting enterprise data • Web services API • Supports integration with other business systems through custom code • Data Publication Manager • Allows extraction of information from Archer and load it into external systems for data analysis and modeling • Data Import Manager • For infrequent data loads, such as a policy content import • LDAP and Active Directory Integration • Streamlines the management of user accounts and groups

  17. Module Summary Now that you have completed this module, you should be able to: • Explain a customer’s deployment options for the RSA Archer eGRC platform • Describe integration options of RSA Archer with other data sources

  18. Course Summary Now that you have completed this course, you should be able to: • Describe the RSA Archer eGRC Suite architecture • Describe the deployment and integration options for RSA Archer

  19. To complete your accreditation training, you are required to complete the assessment that includes the four Security Management Product and Technology courses. Under the course menu, select SE Associate in Security Management: Product and Technology Assessment to begin this assessment. It should take 20-30 minutes to complete the assessment. Product and Technology Assessment Note: A score of 80% is required to pass the course assessment. If you do not achieve 80% or higher, please review the materials and retake the test. It may take up to 24 hours for your score to be available in your personal training transcript.

  20. Thank You The Security Division of EMC

  21. RSA Archer eGRC Platform Return • Supports business-level management of governance, risk and compliance (GRC) activities for an organization. • Allows adaptation of various solutions to GRC requirements, building applications and integration with other systems without complex custom coding • Provides a foundation and uniform interface for operational components and solution modules

  22. Application Builder Return • Offers powerful tools and a user-friendly interface • Allows building and tailoring business applications with no programming required • Allows design of applications to capture and display any kind of data • Offers full control over the page layout • Can provide an intuitive experience for end users

  23. Reports and Dashboards Return Through the RSA Archer eGRC Platform, you can: • Generate actionable reports • Share data with other users • Track the status of various initiatives • Build graphical, role-specific dashboards to monitor metrics across business units

  24. Access Control Return Access controls can be created and enforced so that: • Data integrity is ensured • Users have a streamlined interface experience • Users can interact only with the information that is appropriate for their roles • Information access can be controlled at the system, application, record and field level

  25. Workflow Return • Business processes can be defined and streamlined • Allows automatic assignment of tasks based on data conditions such as: • Asset ownership • Issue priority • Escalation path • Content can be routed to defined reviewers for editing or authorization before sharing it with a broader audience

  26. Notifications Return • Users can be automatically notified via email when: • New information requires their attention • Tasks enter their queue • Nearing a deadline • Simple or complex notification rulescan be defined • Ensures the right users are alerted at the right time • Email notifications can include direct links to the content on whichusers need to take action or make a decision

  27. Integration Return • RSA Archer eGRC Platform is vendor neutral and content independent • It serves as a point of consolidation for governance, risk and compliance information of any type • Allows seamless integration of data systems without the need for additional software • Movement of data can be automated into and out of the Platform to support dataanalysis, process management and reporting

  28. User Experience Return • A simple interface for branding applications with a corporate look and feel • A company can use their company colors, graphics, icons and text to facilitate end-user adoption • Instructions can be embedded in the user interface to facilitate self-training and diminish the learning curve

  29. Policy Management Solution Return • Provides the foundation for a governance, risk and compliance program • Allows a comprehensive and consistent process for managing policy and exception lifecycle • Offers a centralized infrastructure for creating policies, standards and control procedures • Maps to corporate objectives, regulations, industry guidelines and best practices • Allows communication of policies across the enterprise • Tracks acceptance • Assesses comprehension • Manages exceptions

  30. Risk Management Solution Return • Enables a company to proactively address reputational, financial, operational and IT risks against corporate objectives • Delivers a central management system for: • Identifying risks • Evaluating their likelihood and impact • Relates them to mitigating controls • Tracks resolution • Pre-built risk assessments can be leveraged or created to deliver targeted risk assessments within a particular environment • Management of risk treatment processes is built in • Allows management of the full risk management lifecycle

  31. Compliance Management Solution Return • Provides a centralized, access-controlled environment for: • Automating enterprise compliance processes • Assessing deficiencies • Managing remediation efforts • Allows an organization to: • Document process and technical controls • Link controls to authoritative sources • Perform risk-based scoping • Execute design and operating tests • Respond to identified gaps • Assessment results and remediation activities can be reported to senior management and regulators • Real-time status dashboards • Results dashboards

  32. Enterprise Management Solution Return • Provides a central repository of information on an organization’s business hierarchy and operational infrastructure • Allows an aggregate view of organizational divisions • Determines the criticality of supporting technologies • Uses information in the context of eGRC processes • Risk and compliance stature for products, services and business processes can be: • Tracked • Associated with devices, applications,and information that support them • Related to technologies and facilities where they reside • GRC activities can be reported at the company, division and business-unit levels

  33. Incident Management Solution Return • Centralizes and streamlines case management lifecycle for cyber and physical incidents and ethics violations • Allows the capture of organizational events that may escalate into incidents • Evaluates incident criticality • Assigns response team members based on business impact and regulatory requirements. • Response procedures can be consolidated, investigations managed, and reports created on: • Trends • Losses • Recovery efforts • Related incidents

  34. Vendor Management Solution Return • Enables the automation and streamlining of ongoing oversight of vendor relationships • Facilitates three key activities as part of an effective vendor management process: • Risk-based vendor selection • Relationship management • Compliance monitoring

  35. Threat Management Solution Return • Provides a consolidated repository of threat data • Provides clear reporting of activities related to threat remediation • Offers a consistent and repeatable threat management process for an organization • Threat Management can: • Document geopolitical threats • Consolidate vulnerability, malicious code and patch information from security intelligence providers • Capture vulnerability results from scantechnologies into one consistent threatmanagement system

  36. Business Continuity Management Solution Return • Provides a centralized, automated approach to business continuity and disaster recovery planning • Allows swift response in crisis situations to protect ongoing operations • Combines business continuity, disaster recovery and crisis management into a single management system. • Helps an organization: • Assess criticality • Develop plans • Utilize automated workflow • Plan execution and communication can be managed in crisis situations

  37. Audit Management Solution Return • Allows control of the complete audit lifecycle • Enables improved governance of ongoing audit-related activities, data and processes without the limitations of manual or stand-alone solutions • Aligned with the Institute of Internal Auditors (IIA) standards • Provides an aggregate view of an audit program – including: • Planning • Scheduling • Risk-based prioritization • Staffing • Management of audit procedures • Tracking remediation efforts

More Related