Organizations face a litany of threats in the modern digital business world. Managing IT security today requires a combination of technology controls, effective and efficient processes, and skilled, informed people.
Archer IT & Security Risk Management
Archer IT & Security Risk Management allows you to determine which assets are critical to your business, establish and communicate security policies and standards, detect and respond to attacks, identify and remediate security deficiencies, and establish clear IT risk management best practices.
See the Solution Brief for this Solution on Archer Community: https://community.rsa.com/docs/DOC-40093
|
Use Case |
Description |
Prerequisites |
|---|---|---|
|
Archer IT & Security Policy Program Management enables you to document external regulatory obligations and establish a systematic review and approval process for tracking changes to those obligations, understanding the business impact, and prioritizing a response. |
None |
|
|
Archer IT Controls Assurance provides the ability to assess and report on the performance of controls across all IT assets, and automate control assessment and monitoring. You can implement a centralized system to catalog IT assets for compliance reporting and establish a system of record for documenting IT controls. Streamlined processes and workflow for testing of IT controls allow you to deploy standardized assessment processes for manual controls and integrate testing results from automated systems. Issues identified during compliance assessments are centralized, enabling you to track and report on compliance gaps. Remediation efforts for gaps can be documented and monitored to ensure compliance variances are addressed in a timely manner. |
Issues Management |
|
|
Archer IT Security Vulnerabilities Program takes a big data approach to helping security teams identify and prioritize high-risk threats. You can proactively manage IT security risks by combining asset business context, actionable threat intelligence, vulnerability assessment results, and comprehensive workflows. IT assets can be cataloged with a full business context overlay, allowing you to better prioritize scanning and assessment activities. This consolidated vulnerability research platform enables IT security analysts to implement alerts, explore vulnerability scan results, and analyze issues as they arise. A powerful and flexible rules engine highlights new threats, overdue issues, and changing business needs. This ability to correlate known vulnerability risks with an applied business context helps prioritize response and remediation efforts, to speed the rate of closure of significant gaps and reduce costs. |
Issues Management |
|
|
Archer Cyber Incident and Breach Response enables you to centrally catalog organizational and IT assets, establishing business context to drive incident prioritization and implement processes designed to escalate, investigate and resolve declared incidents effectively. |
IT Asset Catalog Business Asset Catalog |
|
|
With Archer IT Risk Management, you can catalog organizational elements and IT assets for IT risk management purposes. This use case includes a risk register to catalog IT risks, pre-built risk assessments for IT, a pre-built threat assessment methodology, and a catalog to document IT controls. Archer Issues Management is also included for managing gaps and findings generated from risk assessments. Gaining clear visibility into IT risk enables you to streamline the assessment process, accelerate the identification of IT risks, and establish timely reporting. The linkage between risks and internal controls eases communication and correlation of IT control requirements to reduce compliance gaps and improve risk mitigation strategies. This agile risk management framework enables you to keep up with changing requirements within the business and focus resources on the most impactful IT risks. |
Issues Management |
|
|
Archer IT Regulatory Management provides the necessary tools and capabilities to document external regulatory obligations that impact your IT and sensitive data environments. This forms the basis for an agile policy framework that allows your organization to keep pace with changing business and IT compliance risk. You can establish a systematic review and approval process for tracking changes to regulatory obligations, understand the business impact, and prioritize a response. Accurate guidance can then be quickly delivered to senior management and the IT organization on regulatory and other compliance requirements to which the business must adhere. By improving the linkage between IT compliance requirements and internal controls, gaps are reduced and senior management gains better insight into IT related issues that impact the business. |
Issues Management, IT & Security Policy Program Management |
|
|
The Archer Information Security Management System allows you to quickly scope your information security management system and document your Statement of Applicability for reporting and certification purposes. You can also catalog individual resources related to your information security management system (ISMS), including information assets, applications, business processes, devices and facilities, and you can document and maintain related policies, standards, and risks. This centralized view of your information security management system makes it easier to understand asset relationships and manage changes to the infrastructure. Issues identified during assessments can be centrally tracked to ensure remediation efforts for gaps are consistently documented, monitored, and effectively addressed. |
Issues Management, IT & Security Policy Program Management |
|
|
Archer PCI Management allows you to streamline the Payment Card Industry (PCI) compliance process, automate assessments, and reduce the effort required to comply. You can jump start your PCI compliance program with an organized project management approach, efficiently conduct continuous assessments, produce structured reports, and gain the visibility needed to manage and mitigate risk. PCI Management fully integrates with other Archer solutions, allowing customers to implement an efficient, sustainable PCI compliance program and easily roll up results to inform broader enterprise risk and compliance performance metrics. |
Issues Management, IT & Security Policy Program Management |