Using Archer to Monitor Security Compliance at AT&T

Similar documents
RSA ARCHER INSPIRE EVERYONE TO OWN RISK

RSA. Sustaining Trust in the Digital World. Gintaras Pelenis

Contract Management. Larry Johnson IT Service Management. January 2018

COMPLIANCE TRUMPS RISK

RSA. Archer Risk Intelligence Index

Module: Building the Cloud Infrastructure

STREAM Integrated Risk Manager Take control of your GRC

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

Achieve Continuous Compliance via Business Service Management (BSM)

Market Systems Enhancement

Demystify Governance, Risk & Compliance For Lifesciences

RSA Identity Management & Governance

Turn Your Business Vision into Reality with Microsoft Dynamics GP

RSA Archer Compliance Management 5.2 Webcast

Operational Risk Management

Jeff Carpenter Authentication and Access Specialist RSA, The Security Division of EMC. Copyright 2015 EMC Corporation. All rights reserved.

SOLUTION BRIEF HELPING PREPARE FOR RISK ASSESSMENT & COMPLIANCE CHALLENGES FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Deep Dive into the Grants Suite 9.2 Functionality, including best practices and lessons learned from a 9.2 upgrade. QuestDirect.

RSA ARCHER IT & SECURITY RISK MANAGEMENT

September 19, 2007 San Francisco Chapter

SOLUTION BRIEF HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Understanding the relationship between Asset Management and the CMDB

Introduction to Project Management

SOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS

IPMA Forum Managed Print Services Do It Or Not? Steve Young Chief Information Officer & Carolyn Barber Xerox Client Manager

Novell Compliance Management Platform Update

How MSPs Deliver Innovation and Cost Reduction through Automation

The Five Ws of User Experience Management. Workforce Efficiency and Adoption Starts with Data

MEGA S SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE

Cloudy with a Chance of ERP Is Cloud just a "thing"?

PDM/PLM BUYER S GUIDE PDM/ PLM BUYER S GUIDE FOR COMPANIES SEEKING TO STREAMLINE ENGINEERING PROCESSES & MANAGEMENT

Best Practice ITSM Process EcoSystem with Proven Operations Experience

Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley

Copyright 2012 EMC Corporation. All rights reserved.

Law Department Technology Management. July 25th, 2018

Preparing for the General Data Protection Regulation (GDPR)

Business Service Management IT Service Management Solution Juraj Polak IBM Tivoli Software

IDENTITY AND ACCESS MANAGEMENT SOLUTIONS

The Next Level of Controls Automation: How you can fully automate controls testing in financial systems by combining MetricStream and IRC

MPPM II INITIATIVE OVERVIEW

A Simplified and Sustainable Approach to NERC CIP Compliance with Cyberwiz-Pro. NERC CIP Compliance Solutions from WizNucleus

Enterprise Resource Planning Dr. Ebadati

Reading Sample. SAP Risk Management Implementation. Contents. Index. The Authors. First-hand knowledge.

Simplifying and Sustaining Global Process Transformation. Mike Bonfiglio, Business Process Management Lead June 22, 2010

CORROSION MANAGEMENT MATURITY MODEL

OUTGROWING MICROSOFT DYNAMICS GP

2012 FARE COLLECTION WORKSHOP. Operations Transparency Achieve High Performance in Service Efficiency and Asset Management

Operational Excellence By Automating Operational Risk Management. February 4, 2016 Doug Hatler, EVP of Sales

Reengineering your core processes and service layer A critical digital ecosystem enabler

Fred Balboni Global Leader, Business Analytics and Optimization IBM Corporation. Delivering Breakaway Performance Business Analytics and Optimization

Demand-driven IT service management through enterprise resource planning for IT.

AppManager + Operations Center

Audit Planning & Quality Use Case Guide

Healthcare Analytics Design: Smart, Creative, Forward-Thinking

Oracle Cloud Blueprint and Roadmap Service. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

LAVASTORM lavastorm.com. Five Technologies that Transform Auditing to Continuous Business Improvement

Using IT4IT to transform the IT function

RSA Solution for egrc. A holistic strategy for managing risk and compliance across functional domains and lines of business.

AGILE ITIL SOFTWARE. Data Sheet AGILE ITIL SERVICE DESK AND ITSM JUMP START YOUR SERVICE DESK ITIL CERTIFIED PROCESSES WHOSE ITIL?

Streamline your business processes for far-reaching results. EY s Business Process Management Services practice

A Single Pane of Glass Will Never Exist. Session 232, February 23, 2017 Ryan J. Klein, IT - St. Joseph Health Kelly Nunez, IT - St.

OAUG / DOAG SIG DAY Vienna Sept 27 th 2010 Oracle Governance Risk and Compliance OAUG. August 2010

Testing: The critical success factor in the transition to ICD-10

Getting Started with SAP Access Control pre-assembled rapid-deployment Solution. October 2015

CONTINUOUS AUDITING - UPDATE. Travis S. Moser, CISA

2011 IBM Corporation. Optimizing Outcomes with Case Management

Fostering Business Consumption With Automation & Orchestration Of IT Services. Antoine Acklin Head of Consulting, Australia & New Zealand

Proactively Managing ERP Risks. January 7, 2010

Decision Maker s Guide

WHITE PAPER. Integrate Software License Optimization and IT Service Management to Increase Efficiency and Reduce Costs

Transform Your Business Content Management Capability

How to provide value to your business

Master Data Governance & SAP Information Steward Integration. Jens Sauer, SAP Switzerland September 25 th, 2013

Enterprise Portal Modeling Methodologies and Processes

State of Oklahoma CIO Assessment Study

Triniti Workflow Engine 2018

ISO Changing the Conversation Mark T. Gasser Nicholas E. Fioravante

Business Process Management: The Right Way to Do It

Vendor Due Diligence: Keep The Risk Out!

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

Virginia Department of Transportation Customer Service System. Enterprise IT Management Initiatives

Introduction for Oracle NetSuite

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Region of Peel Digital Strategy

Organizing IT for Success

Turn Your Business Vision into Reality with Microsoft Dynamics NAV

Turn Your Business Vision into Reality with Microsoft Dynamics NAV

SAS IT Intelligence Resource Optimization for VMware Virtual Environments

Go Mobile to Ramp Up Service Efficiency

Catalyst 2018 Digital Organization & Culture Transformation TM Forum, Detecon International GmbH, Concentra Consulting Limited, The GC Index 1

BMC Remedy IT Service Management v7 Overview. Carol Dirig, ITSM Product Manager, BMC Andrea Hite, SIM Product Manager, BMC

Extending the value of Borehole Data Management solutions via Effective Governance and Best Practices

Pega Upstream Oil & Gas Capabilities Overview

Field Service for Dynamics 365

Overview and Frequently Asked Questions

Vendor Cloud Platinum Package: Included Capabilities

WHITE PAPER THE RSA ARCHER BUSINESS RISK MANAGEMENT REFERENCE ARCHITECTURE

Audit Engagements & Workpapers Use Case Guide

About Mirror42. Mirror42 offers enterprise software products for operational IT Governance.

Transcription:

Using Archer to Monitor Security Compliance at AT&T Rebecca Finnin Director, Chief Security Office 1

Agenda Archer Overview What is it and why would you use it? Security Governance, Risk and Compliance (GRC) at AT&T Overview of department functions AT&T Multi-Year Archer Roadmap Future State: Vision for Integrated Archer Solutions Initial Deployment: Isolated Silos & Too Much Customization Roadmap: Plan to move from Current to Future State Lessons Learned If we had to do it over again what could we do better? 2

Archer Overview 3

Archer: What Is It? Archer is off the shelf software available from RSA division of EMC. The software is intended to provide the foundation for a best-in-class enterprise governance, risk and compliance program, by allowing you to automate, manage measure and report across your enterprise. Archer software is billed as a flexible framework i.e. you can modify it to meet your organizations specific requirements. In Archer Terminology the components of the FRAMEWORK are SOLUTIONS made up of APPLICATIONS. Standard SOLUTIONS include: 4 Policy Management Risk Management Compliance Management Enterprise Management Incident Management Vendor Management Threat Management Business Continuity Audit Management

Archer: Why Would You Use It? Archer provides a means to get compliance functions OUT of excel worksheets!!!!! It has all the benefits of web-based applications including: Centralized, real-time reporting Visual dashboards Automated workflow and email notifications Integrated view of controls, testing results, remediation plans, etc. 5

Security GRC at AT&T 6

Security GRC at AT&T: Org Structure Relationship Team Liaison for General Security Questions Policy Team Maintain AT&T Security Policy and Requirements (ASPR) Factory Team Conduct Security Assessments of AT&T Assets Audit Team Liaison for Internal/External/Customer Audits Vendor Management Team Conduct Vendor/Supplier Security Assessments Risk Management Team Process Security Risk Management Agreements 7

AT&T Multiyear Archer Roadmap 8

Archer at AT&T: Future State Vision 9

Archer at AT&T: Initial Deployment 2 1 3 10

Archer at AT&T: Multi-Year Roadmap 11

Archer at AT&T: Multi-Year Roadmap 12

Archer at AT&T: Multi-Year Roadmap 13

Archer at AT&T: Multi-Year Roadmap 14

Archer at AT&T: Multi-Year Roadmap 15

Archer at AT&T: Multi-Year Roadmap 16

Lessons Learned 17

If We Could Do It Over Again Realize this is EXACTLY like an ERP implementation! Customizing the software will have a downside - long term maintenance. The best way to take advantage of the built-in functionality is to use the software as vanilla as possible. However, this can be a change management challenge. When using several solutions, recognize the underlying applications are generally shared. Therefore, a change by one team will impact others. 18

AT&T Application Ownership 19

If We Could Do It Over Again A simple, yet comprehensive change control process is key. If individual teams manage their own development, it will require significant effort to maintain solution integration. To maintain integrity of the framework, certain functions may need to remain centralized. An environment diagram is always a helpful tool. NOTE: prior to v 5.0 objects can NOT be migrated and must be rebuilt in each environment! 20

Change Management 21

If We Could Do It Over Again Build a long term roadmap EARLY! This should not center around how many users or licenses are required. This should focus on compliance processes Archer will be used to support and manual procedures targeted for retirement. After developing a vision for the future process evaluate which delivered Archer solutions fit best. NOTE: A number of APPLICATIONS are shared across several SOLUTIONS, so there may be multiple ways to implement. Designing SOLUTIONS in logical sequence will reduce customizations and speed deployment AT&T Example: Foundation: Policy, Enterprise Management Evaluation: Compliance, Threat, Vendor Management Monitoring: Risk Management 22

QUESTIONS? Rebecca Finnin rebecca.finnin@att.com 678.451.3468 23

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback