Upload
hoangdan
View
215
Download
0
Embed Size (px)
Citation preview
1© Copyright 2010 EMC Corporation. All rights reserved.
Active eGRC SeminarLearn to use risk to your advantage
2© Copyright 2010 EMC Corporation. All rights reserved.
Welcome!!
3© Copyright 2010 EMC Corporation. All rights reserved.
Agenda• 8:30 - Registration and Breakfast
• 9:00 - eGRC Overview
• 9:45 – Networking Break
• 10:00 - Breakout Sessions– Session 1: Security Management– Session 2: Information Governance
• 11:00 – Networking Break
• 11:15 – Round Table Discussion - Privacy Focus
• 11:45 – Closing Remarks/Next steps
4© Copyright 2010 EMC Corporation. All rights reserved.
Key Trends That Will be Covered
– Convergence of IT and business processes– The need for business context and collaboration– eGRC is about people, process AND technology…– Visibility and control is needed as organizations
make their journey to the cloud.– Audit can act as a bridge between IT and the
business– Enterprise risk as center to the eGRC story – Privacy is a top program across the enterprise
5© Copyright 2010 EMC Corporation. All rights reserved.
Not just about technology
Spans IT, Legal, Finance and Operations
Visibility & control across physical, virtual and hybrid environments
EMC Tenets for eGRC
Integration into existing processes and technologies
6© Copyright 2010 EMC Corporation. All rights reserved.
Consulting/Implementation Best Practices
The EMC eGRC Approach
Business Continuity
Management
Security Management
GRC Business Solutions
InformationGovernance
RSA Archer eGRC Management Platform
7© Copyright 2010 EMC Corporation. All rights reserved.
IT Operations Finance Legal/Compliance
The Common eGRC Theme: Enterprise Risk
Data Center
App Mgmt.
SDLC
InfoSec
IT Security
BCP
DR
Market Risk
Credit Risk
LiquidityRisk
Environmental
Health & Safety
Fraud
Financial Reporting
Litigation
HR
Liability
Privacy
Geo-PoliticalApplications
Security Management Business Continuity ManagementEnterprise Risk & Compliance
Information GovernanceTrusted Cloud
eGRC Solutions
8© Copyright 2010 EMC Corporation. All rights reserved.
Bringing in the Business Context
8
BusinessDomains
eGRC facilitates the processes, information, technology and people required to recognize
context that enables business decisions
BUSINESS DRIVERSOPERATIONAL
INFRASTRUCTURE
Applications
Databases
Devices
Workstations
Vendors
Information
Customers
Regulations
BusinessObjectives
Threats
Laws
Legal
IT
Finance
Operations
9© Copyright 2010 EMC Corporation. All rights reserved.
Visibility and Control See More. Act Faster.Spend Less.
EMC eGRC Solutions
10© Copyright 2010 EMC Corporation. All rights reserved.
Importance of eGRC to EMC
Drives Trust
in the Cloud
Beyond the Data Center
Integrate Disparate
Technologies
Emerging Market
11© Copyright 2010 EMC Corporation. All rights reserved.
Consulting/Implementation Best Practices
The EMC eGRC Approach
Business Continuity
Management
Security Management
GRC Business Solutions
InformationGovernance
RSA Archer eGRC Management Platform
12© Copyright 2010 EMC Corporation. All rights reserved.
RSA Archer eGRC Solutions
12
Compliance ManagementDocument your control framework, assess design and operational effectiveness, and respond to policy and regulatory compliance issues.
Policy ManagementCentrally manage policies, map them to objectives and guidelines, and promote awareness to support a culture of corporate governance.
Threat ManagementTrack threats through a centralized early warning system to help prevent attacks before they affect your enterprise.
Enterprise ManagementManage relationships and dependencies within your enterprise hierarchy and infrastructure to support GRC initiatives.
Risk ManagementIdentify risks to your business, evaluate them through online assessments and metrics, and respond with remediation or acceptance.
Incident ManagementReport incidents and ethics violations, manage their escalation, track investigations and analyze resolutions.
Business Continuity ManagementAutomate your approach to business continuity and disaster recovery planning, and enable rapid, effective crisis management in one solution.
Audit ManagementCentrally manage the planning, prioritization, staffing, procedures and reporting of audits to increase collaboration and efficiency.
Vendor ManagementCentralize vendor data, manage relationships, assess vendor risk, and ensure compliance with your policies and controls.
13© Copyright 2010 EMC Corporation. All rights reserved.
RSA Archer eGRC Platform
IntegrationSeamlessly integrate cross-departmental and enterprise data systems with the Archer SmartSuite Framework.
Application BuilderBuild and tailor on-demand applications and package them into solutions to solve business problems.
Reports and DashboardsGain a real-time view of your enterprise through actionable reports and graphical dashboards.
Access ControlEnforce access controls at the system, application, record and field level to ensure a streamlined user experience.
User ExperienceBrand the interface with your corporate colors, graphics, icons and text to facilitate end-user adoption.
NotificationsAutomatically notify users via email when content changes, tasks enter their queue or deadlines approach.
Business WorkflowDefine and automate business processes to streamline the management of content, tasks, statuses and approvals.
14© Copyright 2010 EMC Corporation. All rights reserved.
Quantitative risk analysis using a Calculation Engine to better evaluate impact and likelihood of the Enterprise Risk.
Business Solutions: Enabling Next Gen eGRC
1
Enable collaboration with international colleagues across the enterprise with common language and ERM Fraemworks
2
Risk and compliance visualization leveraging Map, Radar and Bubble Reports.
3
Schedule data publication for use with Business Intelligence tools and Analytics.
4
Implement continuous improvement of your ERM program into testing environment and deploy the updates quickly.
5
15© Copyright 2010 EMC Corporation. All rights reserved.
Auto-create audit workpapers and assign them to appropriate auditors for completion.
Business Solutions: Audit Management1
Complete review of audit workpapers using best-in-class Workflow and Notification capabilities.
2
Audit ProgramLibrary
Auditors can easily create their own Dashboards including a Calendar of their upcoming assignments.
3
Deliver business context by aggregating findings under entities across the business hierarchy.
4
Create professional Audit Reports automatically.
Business Hierarchy
Findings
5
Audit Workpapers
16© Copyright 2010 EMC Corporation. All rights reserved.
Consulting/Implementation Best Practices
The EMC eGRC Approach
Business Continuity
Management
Security Management
GRC Business Solutions
InformationGovernance
RSA Archer eGRC Management Platform
17© Copyright 2010 EMC Corporation. All rights reserved.
EMC INFORMATION GOVERNANCE
OFFERINGS
* SourceOne eDiscovery – Kazeon
* SourceOne Discovery Manager
* Documentum Retention Policy Services
* Documentum Records Manager
* SourceOne for File Systems
* SourceOne Email Management
* SourceOne for Microsoft SharePoint
* SourceOne File Intelligence
Making Information Governance Actionable
18© Copyright 2010 EMC Corporation. All rights reserved.
Consulting/Implementation Best Practices
The EMC eGRC Approach
Business Continuity
Management
Security Management
GRC Business Solutions
InformationGovernance
RSA Archer eGRC Management Platform
19© Copyright 2010 EMC Corporation. All rights reserved.
RSA Archer Approach to Business Continuity Management
Document Disaster Recovery Plans
Test PlansTrack Crisis Events
Perform Business Impact Analysis
Automate Plan Maintenance
Document Business
Continuity Plans
20© Copyright 2010 EMC Corporation. All rights reserved.
Systems fully recovered and pass all tests within 24 hours.
Business Continuity and Disaster Recovery
IT Systems fail and applications become inaccessible by employees and suppliers
1
Back-up and network recovery sites via 3rd
party allow the organization to continue processing financial transactions at another location and access the BC/DR plans housed in Archer.
2
Systems get back online via restoration from EMC VTL and application owners start recovery/testing procedures.
IT works with Business Units to ensure access is available and systems are operational using test ready plans and centrally tracks progress of recovery efforts
4
5
3
Any revisions in the recovery process can be updated and centralized for future use.
6
21© Copyright 2010 EMC Corporation. All rights reserved.
Consulting/Implementation Best Practices
The EMC eGRC Approach
Business Continuity
Management
Security Management
GRC Business Solutions
InformationGovernance
RSA Archer eGRC Management Platform
22© Copyright 2010 EMC Corporation. All rights reserved.
Sol. 1 Sol. 2 Sol. n
Views and Reports
Workflow
Context Policy
Detailed Controls
The Security Management Stack
Physical and Virtual IT Infrastructure
EventData
StateDataRSA Security Intelligence Platform
GRC Platform
RSA Archer
RSA enVision, RSA DLP, EFN Also: Qualys, nCircle, McAfee, Ionix, etc.
23© Copyright 2010 EMC Corporation. All rights reserved.
RSA Solution for Cloud Security and Compliance
Discover VMware infrastructure
Define security policy
Remediation of non-compliant controls
RSA Archer eGRC
Manage security incidents that affect compliance
Manual and automated configuration assessment
Over 100 VMware-specific controls added to Archer library, mapped to regulations/standards
Solution component automatically assesses VMware configuration and updates Archer
RSA enVision collects, analyzes and feeds security
incidents from RSA, VMware and ecosystem
products to inform Archer dashboards
RSA SecurBookSolution Documentation
23
24© Copyright 2010 EMC Corporation. All rights reserved.
GRC for Virtualization and CloudCurrently in planning for Vblock in 2011 • RSA Archer for orchestrating security of the Vblock
vSphere
Storage
Server blades
Networking
Virtual Machines
RSA Archer eGRC
Available now
2011
25© Copyright 2010 EMC Corporation. All rights reserved.
Security
EMC Consulting Focus Areas
Compliance
Resiliency ManagedAvailability
Security Management
with RSA’s eGRC Management
Platform, DLP, and SIEM
Business Continuity with
RSA’s eGRC Management
Platform and EMC’s Business Resiliency
Solutions
Cloud Trustwith RSA’s eGRC
Management Platform, VMWare
and Partner Relationships
Information Governance
with RSA’s eGRC Management
Platform, eDiscovery and
SourceOneSolutions
26© Copyright 2010 EMC Corporation. All rights reserved.
What is our end-to-end program and what do we need to invest in to achieve our goals?
eGRC Building Blocks
Strategy and Plans
Develop Program
Strategies
Leverage Maturity
Assessments
Build the Business Case
DevelopRoadmaps
Technologies
Implement Architectures
and Technologies
to Manage Risk and
Resilience
Policies, Standards and Compliance
Align policies and controls with procedures and process with best practices and frameworks
Take an information-centric approach to risk
Take a risk–centric approach to security
Enforce policies at point of use
Assessments
Conduct Focused Risk
and Compliance
Assessments
Controls
Implement Automated
Controls
Streamline Manual Controls
Governance
Implement Program
Governance and Risk Councils
Incidents
Improve Operations
and Incidence Response
How can we align business requirements with our policies and day-to-day operating processes?What is our real exposure and what controls need to be implemented to contain risks?How can we leverage technology to manage risk holistically across the enterprise?How can we govern our risk, resilience and security processes across silos and stakeholders?
27© Copyright 2010 EMC Corporation. All rights reserved.
Consulting Services
– Security Management – Business Continuity– Information Governance– Cloud Transformation
– Internal Audit Transformation– Enterprise Risk Management– eDiscovery Practice
– Security Management– Vendor Management
– Enterprise Risk Management– Business Continuity
28© Copyright 2010 EMC Corporation. All rights reserved.
eGRC Roadshows – Coming this Fall!
• 12-15 Cities Across the Globe
• Presentations Include– Hear from your peers on their eGRC use cases– System Integrator best practices – Round table discussions on key eGRC topics– Overview on product roadmap and strategy for EMC and RSA– Product Demonstrations and Integrations
29© Copyright 2010 EMC Corporation. All rights reserved.
Agenda
• 9:45 – Networking Break
• 10:00 - Breakout Sessions– Session 1: Security Management– Session 2: Information Governance
• 11:00 – Networking Break
• 11:15 – Round Table Discussion - Privacy Focus
• 11:45 – Closing Remarks/Next steps
30© Copyright 2010 EMC Corporation. All rights reserved.
THANK YOU