How Top Targeted Industries are Using RSA Archer to Stop Cyber Fraud - Part 1: Banks

Posted by Lia Konieczny on Nov 29, 2016 5:00:57 PM


If you were a bank robber, you would target the largest bank around in order to secure the biggest prize possible in exchange for the risk associated with committing the crime, right? The same is true for cyber criminals. They specifically target organizations within industries that provide the most return for their crime. These unseen criminals, though they are not stealing physical cash, are stealing your personal information that can grant them access to more than just what is in your bank account. The prime targeted industries are those that house customer information in some form or another, examples would be banks, healthcare providers, and retailers, among others. Thankfully, our everyday institutions are fortifying their security against these cyber thieves by employing software solutions such as RSA Archer to aid in the prevention of theft of customer data and fraud from ever occurring in the first place by tracking threat behavior and analyzing patterns of risk.

Read More

Topics: eGRC, RSA ARcher

DIY GRC – Using Archer to Build Your Organization

Posted by Lia Konieczny on Aug 9, 2016 3:46:38 PM


Wouldn’t it be great if there were an “easy” button for developing your organization’s governance, risk, and compliance departments? There are several aspects to consider when building out each sector, such as, what kind of control assessments should we have and how often? What kind of approval chain should our policy documents be following? How should we conduct our business impact analyses? Where should we house our asset inventory? How do we tie all of these aspects together? Why is GRC even important?

Read More

Topics: eGRC, policy, RSA ARcher

Why GRC Platforms are Key for the Future of Cyber Security

Posted by Lia Konieczny on May 24, 2016 9:27:51 AM


In the ever evolving world of cyber security, one component remains both dynamic and widespread, risk itself. The flu virus, much like risk itself, is ever mutating and adapting to new environments and we as human beings are consistently trying to defend ourselves against it by getting our flu shot every year, washing our hands frequently, and trying the latest new prevention trends like Emergen-C and clean eating. Yet despite some of our best efforts, we often become infected with this virus year after year. Similarly, many organizations putting their faith in the “latest and greatest” next-generation firewall or anti-malware software, their margin of risk is only slightly narrowed – why?  As defense technologies perpetually adapt to new environments, attackers are doing the exact same thing with their arsenal. Just because we got our flu shot and maintained good hygiene, we were still impacted by the virus. Organizations face attacks on a daily basis no matter what method of prevention they employ.

Read More

Topics: eGRC

GRC: From the Top Down

Posted by Casey Lang on May 11, 2016 2:58:23 PM


The winds of change blow at gale force speeds when we talk about the IT industry and the need for information security that is becoming accepted as essential to doing business; recent high profile cases of large scale corporate hacks have shown how essential it is to have security programs in place. In this two-part post we will focus on Governance, Risk, and Compliance (GRC)- an increasingly important aspect of a mature information security program, and how you can begin to apply the concepts of GRC to your organization. First, we will discuss GRC at a high level, and how GRC should be applied from the top down in an organization, since governance, risk, and compliance ultimately falls on the executive team’s areas of responsibility. Next weeks post will provide information on three of the top GRC platforms, and will discuss the strengths and weaknesses of these products in supporting the automation and measurement of your information security capability.

Read More

Topics: eGRC

3 Things to Consider When Choosing RSA Archer for GRC

Posted by Eric Noonan on Mar 21, 2016 11:35:42 AM

3_Things_to_Consider_RSA_Archer_Blog_Post.jpgGovernance, Risk and Compliance (GRC) is an all-encompassing term that can cover an array of areas from business continuity through vendor management. Given the range of meaning, it’s important to understand what it means to you and your organization before selecting a platform like RSA’s Archer, which has many modules and even more use cases.

To help narrow down your selection of Archer modules and use cases as well as increase your likelihood of success in deployment and utilization, here are 3 things to consider before making your purchase:


Read More

Topics: eGRC

Improve Healthcare IT Security: 5 Actions You Should Take Now

Posted by Eric Noonan on Feb 3, 2016 12:22:45 PM

Erics_Healthcare5Actions_Blog_Post.jpgModern Healthcare recently reported that "Health insurer Centene Corp. is hunting for six computer hard drives containing the personally identifiable health records of about 950,000 individuals..." While this potential data loss doesn't come close to the monumental data breaches suffered by Anthem, Blue Cross and Blue Shield and others in 2015; it highlights 5 actions that companies of any size in the healthcare space should be taking now to optimize security.

Read More

Topics: Security, eGRC, Privileged Accounts, Security Assessment

A Risk Register is Not the First Step in Your Archer Journey

Posted by Mark Walsh on Jan 26, 2016 12:00:00 PM

Risk_Register_Blog_Post.jpgDue to the way the RSA Archer product is sold, customers often find themselves the proud owners of the Risk Management module.  Side-by-side with the Enterprise, Policy, and Compliance modules, Risk Management is marketed as a necessary and important module to tackle in the initial phase of the Archer journey.  As professional services providers, clients often ask CyberSheath to assist them with the creation of a risk register as their first step with Archer because it is something they have heard they need to do.

A Risk Register as a First Step is Not the Answer

The problem is that the majority of new Archer customers that we have partnered with are in the information security field, where actual threats and incidents consume every working hour.  The daily realities of malware, vulnerabilities, exception requests, business needs, and compliance requirements take up more than enough of a security team’s time each month for them to be prioritizing a risk register as their first GRC capability.

Read More

Topics: eGRC

3 Steps To Secure Your POS Systems

Posted by Ross Moir on Nov 10, 2015 9:54:25 AM

POS (Point of Sale) SystemsLet’s be clear – POS is an ill-termed acronym for Point of Sale.  As the collective giggles fade, it’s time to think about security in the retail industry.  With Black Friday fast approaching, stores preparing for the mad rush of shoppers should ensure their POS systems are secure.  Cardholder data has been a lucrative draw for the cybercriminals seeking to make some serious money selling your stolen credit card data.  Along with cardholder data comes your customers’ personally identifiable information that is now floating around the Internet and could potentially fall into the wrong hands.   

Point of sale systems is the catchall term to describe the consumer’s relationship to the store and how the consumer exchanges money for the goods and/or services.  A point of sale system has many different facets operating at different levels.  For the purpose of this blog post, I am only referring to the information technology assets that retailers have control over.  Payment gateways and bank systems are beyond the scope of this post.

The breaches of Home Depot, Target, and Neiman Marcus are prime examples of major retailer organizations that attested to PCI compliance, yet they were still breached.  While PCI compliance is important and ensures your organization has its ducks in a row, it doesn’t necessarily make your POS system more secure.  There are additional steps every organization should take to become proactive about securing your POS, arguably the lifeblood of your store.

Read More

Topics: eGRC, Security Assessment

Controlling Software in Your Enterprise for GRC and Security Benefits

Posted by Mark Walsh on Oct 28, 2015 1:41:12 PM

20 Critial Controls: Control 2Note: This is the second in a series of blog posts in which CyberSheath GRC consultants specifically describe how the RSA Archer GRC Solution can assist with the adoption of the Critical Security Controls for Effective Cyber Defense.  Each post of this series will focus on one of the 20 Critical Security Controls. Click here to access the first post of this series.

CyberSheath has worked with many customers who are just beginning their GRC journey.  As security consultants first, the initial steps we take when building out GRC efforts for any organization align with the Critical Security Controls for Effective Cyber Defense.  These controls, formerly known as the SANS 20 Critical Security Controls, focus on prioritizing actionable and pragmatic security functions that are effective against advanced attacks.

20 Critical Security Controls

Control 2: Inventory of Authorized and Unauthorized Software

Read More

Topics: eGRC

Archer Roadshow - Consolidating GRC Initiatives with RSA Archer

Posted by Mark Walsh on Mar 27, 2015 8:42:00 PM
CyberSheath took to the road this month to talk about Archer GRC.  To learn more about GRC and how to be a succesful consumer of a governance, risk and compliance framework, check out our post on 8 Steps that Drive GRC Success.  If you are still not convinced, listen to one of our customers, a multi-billion dollar technology integrator, describe how CyberSheath Professional Services successfully implemented GRC to create a business enabling capability!  Click here to view the video.
Read More

Topics: eGRC