Categories
Popular Topics
View All Topics

Archer GRC Content Library – Q1 Update

by Steve Schlarman – April 8, 2010

In December, we released an update to the Archer GRC Content Library with a focus on privacy and business continuity. This was the second major release of content updates for 2009. For 2010, we are providing smaller updates on a quarterly basis, and I'm pleased to announce our latest additions to the GRC Content Library. For Q1 2010, we focused on two areas that are critical to GRC: incident response and application development. 

Incident response—specifically related to security and IT events—is a common part of GRC discussions. In some ways, this was a follow-on to our privacy focus from late last year in that data breaches and handling incidents are key elements of privacy requirements. However, incident response is such an integral part of risk management that we felt we should revisit our existing content against a well-established standard. Based on customer feedback, we chose NIST’s Special Publication SP 800-61 as the guiding document. An Authoritative Source has been added to the Archer GRC Content Library based on NIST 800-61’s requirements and is included in the Q1 content update.

The second area that we wished to address is application development practices. We already had a considerable amount of content related to application management but utilized our partnership with Microsoft to bolster this key area within IT-GRC. The Microsoft Security Development Lifecycle (SDL) is an industry-leading software security assurance process. A Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in Microsoft software and culture. Combining a holistic and practical approach, the SDL introduces security and privacy early and throughout all phases of the development process. We partnered with Microsoft to create an Authoritative Source based on the SDL requirements and updated several of our Control Standards based on SDL recommendations.

As part of our continued effort to provide the most up-to-date and comprehensive GRC Content library, we also made other additions, including updates to the Archer Control Assessment Bank—a collection of more than 2,000 questions based on our Control Standards that can be used for risk and compliance assessment purposes.

If you’d like to learn more about the latest release of the Archer GRC Content Library, take advantage of the following resources:

• Release Notes – For more information on the content updates, see the Release Notes posted on the Archer Community.
• Webcast – I’ll be presenting a free webcast on the GRC Content Library, including comments on the latest release, on Tuesday, April 27 at 1 p.m. US Central.
• Friday User Group Training – There will also be a Content Library training session on April 30 at 11 a.m. US Central. This event is open to Archer Community members only.

Published Apr 08 2010, 02:05 PM by Sarah Nord (Historical)
Filed under: , , , , ,

Attachments

Comments

 

uberVU - social comments said:

This post was mentioned on Twitter by jdallman: SDL is now an Authoritative Source in the Archer GRC! More info coming later... http://is.gd/bkx2T.

April 9, 2010 1:06 AM
 

Twitter Trackbacks for Archer GRC Content Library ??? Q1 Update [archer.com] on Topsy.com said:

Pingback from  Twitter Trackbacks for                 Archer GRC Content Library ??? Q1 Update         [archer.com]        on Topsy.com

April 8, 2010 4:12 PM

Leave a Comment

Post My Comment
 

About Sarah Nord (Historical)

As Archer Marketing Communications Manager for RSA, The Security Division of EMC, Sarah Nord oversees the planning, development, delivery and analysis of strategic marketing programs. She also serves as senior writer and editor for RSA Archer marketing content, including web copy, press releases, data sheets, case studies and blog posts. Sarah holds a BA in Professional Writing and an MA in Writing from Missouri State University. She is also RSA Archer Certified.