Active eGRC Seminar - Dell EMC · Active eGRC Seminar ... BC/DR plans housed in Archer. 2. Systems get back online via ... Governance Implement Program Governance and Risk Councils

1© Copyright 2010 EMC Corporation. All rights reserved.

Active eGRC SeminarLearn to use risk to your advantage


Welcome!!


Agenda• 8:30 - Registration and Breakfast

• 9:00 - eGRC Overview

• 9:45 – Networking Break

• 10:00 - Breakout Sessions– Session 1: Security Management– Session 2: Information Governance


• 11:15 – Round Table Discussion - Privacy Focus

• 11:45 – Closing Remarks/Next steps


Key Trends That Will be Covered

– Convergence of IT and business processes– The need for business context and collaboration– eGRC is about people, process AND technology…– Visibility and control is needed as organizations

make their journey to the cloud.– Audit can act as a bridge between IT and the

business– Enterprise risk as center to the eGRC story – Privacy is a top program across the enterprise


Not just about technology

Spans IT, Legal, Finance and Operations

Visibility & control across physical, virtual and hybrid environments

EMC Tenets for eGRC

Integration into existing processes and technologies


Consulting/Implementation Best Practices

The EMC eGRC Approach

Business Continuity

Management

Security Management

GRC Business Solutions

InformationGovernance

RSA Archer eGRC Management Platform


IT Operations Finance Legal/Compliance

The Common eGRC Theme: Enterprise Risk

Data Center

App Mgmt.

SDLC

InfoSec

IT Security

BCP

DR

Market Risk

Credit Risk

LiquidityRisk

Environmental

Health & Safety

Fraud

Financial Reporting

Litigation

HR

Liability

Privacy

Geo-PoliticalApplications

Security Management Business Continuity ManagementEnterprise Risk & Compliance

Information GovernanceTrusted Cloud

eGRC Solutions


Bringing in the Business Context

8

BusinessDomains

eGRC facilitates the processes, information, technology and people required to recognize

context that enables business decisions

BUSINESS DRIVERSOPERATIONAL

INFRASTRUCTURE

Applications

Databases

Devices

Workstations

Vendors

Information

Customers

Regulations

BusinessObjectives

Threats

Laws

Legal

IT

Finance

Operations


Visibility and Control See More. Act Faster.Spend Less.

EMC eGRC Solutions


Importance of eGRC to EMC

Drives Trust

in the Cloud

Beyond the Data Center

Integrate Disparate

Technologies

Emerging Market




Business Continuity

Management

Security Management





RSA Archer eGRC Solutions

12

Compliance ManagementDocument your control framework, assess design and operational effectiveness, and respond to policy and regulatory compliance issues.

Policy ManagementCentrally manage policies, map them to objectives and guidelines, and promote awareness to support a culture of corporate governance.

Threat ManagementTrack threats through a centralized early warning system to help prevent attacks before they affect your enterprise.

Enterprise ManagementManage relationships and dependencies within your enterprise hierarchy and infrastructure to support GRC initiatives.

Risk ManagementIdentify risks to your business, evaluate them through online assessments and metrics, and respond with remediation or acceptance.

Incident ManagementReport incidents and ethics violations, manage their escalation, track investigations and analyze resolutions.

Business Continuity ManagementAutomate your approach to business continuity and disaster recovery planning, and enable rapid, effective crisis management in one solution.

Audit ManagementCentrally manage the planning, prioritization, staffing, procedures and reporting of audits to increase collaboration and efficiency.

Vendor ManagementCentralize vendor data, manage relationships, assess vendor risk, and ensure compliance with your policies and controls.


RSA Archer eGRC Platform

IntegrationSeamlessly integrate cross-departmental and enterprise data systems with the Archer SmartSuite Framework.

Application BuilderBuild and tailor on-demand applications and package them into solutions to solve business problems.

Reports and DashboardsGain a real-time view of your enterprise through actionable reports and graphical dashboards.

Access ControlEnforce access controls at the system, application, record and field level to ensure a streamlined user experience.

User ExperienceBrand the interface with your corporate colors, graphics, icons and text to facilitate end-user adoption.

NotificationsAutomatically notify users via email when content changes, tasks enter their queue or deadlines approach.

Business WorkflowDefine and automate business processes to streamline the management of content, tasks, statuses and approvals.


Quantitative risk analysis using a Calculation Engine to better evaluate impact and likelihood of the Enterprise Risk.

Business Solutions: Enabling Next Gen eGRC

1

Enable collaboration with international colleagues across the enterprise with common language and ERM Fraemworks

2

Risk and compliance visualization leveraging Map, Radar and Bubble Reports.

3

Schedule data publication for use with Business Intelligence tools and Analytics.

4

Implement continuous improvement of your ERM program into testing environment and deploy the updates quickly.

5


Auto-create audit workpapers and assign them to appropriate auditors for completion.

Business Solutions: Audit Management1

Complete review of audit workpapers using best-in-class Workflow and Notification capabilities.

2

Audit ProgramLibrary

Auditors can easily create their own Dashboards including a Calendar of their upcoming assignments.

3

Deliver business context by aggregating findings under entities across the business hierarchy.

4

Create professional Audit Reports automatically.

Business Hierarchy

Findings

5

Audit Workpapers




Business Continuity

Management

Security Management





EMC INFORMATION GOVERNANCE

OFFERINGS

* SourceOne eDiscovery – Kazeon

* SourceOne Discovery Manager

* Documentum Retention Policy Services

* Documentum Records Manager

* SourceOne for File Systems

* SourceOne Email Management

* SourceOne for Microsoft SharePoint

* SourceOne File Intelligence

Making Information Governance Actionable




Business Continuity

Management

Security Management





RSA Archer Approach to Business Continuity Management

Document Disaster Recovery Plans

Test PlansTrack Crisis Events

Perform Business Impact Analysis

Automate Plan Maintenance

Document Business

Continuity Plans


Systems fully recovered and pass all tests within 24 hours.

Business Continuity and Disaster Recovery

IT Systems fail and applications become inaccessible by employees and suppliers

1

Back-up and network recovery sites via 3rd

party allow the organization to continue processing financial transactions at another location and access the BC/DR plans housed in Archer.

2

Systems get back online via restoration from EMC VTL and application owners start recovery/testing procedures.

IT works with Business Units to ensure access is available and systems are operational using test ready plans and centrally tracks progress of recovery efforts

4

5

3

Any revisions in the recovery process can be updated and centralized for future use.

6




Business Continuity

Management

Security Management





Sol. 1 Sol. 2 Sol. n

Views and Reports

Workflow

Context Policy

Detailed Controls

The Security Management Stack

Physical and Virtual IT Infrastructure

EventData

StateDataRSA Security Intelligence Platform

GRC Platform

RSA Archer

RSA enVision, RSA DLP, EFN Also: Qualys, nCircle, McAfee, Ionix, etc.


RSA Solution for Cloud Security and Compliance

Discover VMware infrastructure

Define security policy

Remediation of non-compliant controls

RSA Archer eGRC

Manage security incidents that affect compliance

Manual and automated configuration assessment

Over 100 VMware-specific controls added to Archer library, mapped to regulations/standards

Solution component automatically assesses VMware configuration and updates Archer

RSA enVision collects, analyzes and feeds security

incidents from RSA, VMware and ecosystem

products to inform Archer dashboards

RSA SecurBookSolution Documentation

23


GRC for Virtualization and CloudCurrently in planning for Vblock in 2011 • RSA Archer for orchestrating security of the Vblock

vSphere

Storage

Server blades

Networking

Virtual Machines

RSA Archer eGRC

Available now

2011


Security

EMC Consulting Focus Areas

Compliance

Resiliency ManagedAvailability

Security Management

with RSA’s eGRC Management

Platform, DLP, and SIEM

Business Continuity with

RSA’s eGRC Management

Platform and EMC’s Business Resiliency

Solutions

Cloud Trustwith RSA’s eGRC

Management Platform, VMWare

and Partner Relationships

Information Governance

with RSA’s eGRC Management

Platform, eDiscovery and

SourceOneSolutions


What is our end-to-end program and what do we need to invest in to achieve our goals?

eGRC Building Blocks

Strategy and Plans

Develop Program

Strategies

Leverage Maturity

Assessments

Build the Business Case

DevelopRoadmaps

Technologies

Implement Architectures

and Technologies

to Manage Risk and

Resilience

Policies, Standards and Compliance

Align policies and controls with procedures and process with best practices and frameworks

Take an information-centric approach to risk

Take a risk–centric approach to security

Enforce policies at point of use

Assessments

Conduct Focused Risk

and Compliance

Assessments

Controls

Implement Automated

Controls

Streamline Manual Controls

Governance

Implement Program

Governance and Risk Councils

Incidents

Improve Operations

and Incidence Response

How can we align business requirements with our policies and day-to-day operating processes?What is our real exposure and what controls need to be implemented to contain risks?How can we leverage technology to manage risk holistically across the enterprise?How can we govern our risk, resilience and security processes across silos and stakeholders?


Consulting Services

– Security Management – Business Continuity– Information Governance– Cloud Transformation

– Internal Audit Transformation– Enterprise Risk Management– eDiscovery Practice

– Security Management– Vendor Management

– Enterprise Risk Management– Business Continuity


eGRC Roadshows – Coming this Fall!

• 12-15 Cities Across the Globe

• Presentations Include– Hear from your peers on their eGRC use cases– System Integrator best practices – Round table discussions on key eGRC topics– Overview on product roadmap and strategy for EMC and RSA– Product Demonstrations and Integrations


Agenda


• 10:00 - Breakout Sessions– Session 1: Security Management– Session 2: Information Governance


• 11:15 – Round Table Discussion - Privacy Focus

• 11:45 – Closing Remarks/Next steps


THANK YOU

Documents

Active eGRC Seminar - Dell EMC · Active eGRC Seminar ... BC/DR plans housed in Archer. 2. Systems get back online via ... Governance Implement Program Governance and Risk Councils