Popular Topics
View All Topics

RSA Archer eGRC Content Library – Q2 2010 Update

by Steve Schlarman – July 20, 2010

As RSA continues our development of the most robust library of enterprise governance, risk and compliance (eGRC) content in the market, I’m pleased to announce the latest additions to the RSA Archer eGRC Content Library. For Q2 2010, we focused on many areas that are critical to eGRC. The additions to our Content Library for this quarter move us into several new areas—deepening our ability to provide business-relevant content to our customers. As you’ll see, we were very busy this quarter.

One of the more exciting aspects of this quarter’s work was the addition of an Authoritative Source for the Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Audit.  This internationally recognized standard allowed us to focus on a key part of an eGRC program—Internal Audit—as well as one of our core solutions, RSA Archer Audit Management. We added a new Policy (Audit Management) along with Control Standards focused on internal audit practices. Following through with our methodology, we also created new Question Library content including three specialized Questionnaires:

• IIA Project Quality Assurance
• IA Customer Survey
• IA Annual Quality Assurance

In July, RSA joined the Information Security Forum (ISF), and as part of this membership, we have completed the development of Authoritative Sources for the ISF’s Standard of Good Practice (SoGP).  Individual Authoritative Sources have been created for each component of the ISF SoGP:

• Computer Installations
• Critical Business Applications
• End User Environment
• Networks
• Security Management
• Systems Development

We mapped these Authoritative Sources to our Control Standards, adding or modifying our Library to be aligned with the ISF SoGP.

Based on customer requests, we also expanded our Library of international data protection legislation with the addition of the German Federal Data Protection Act, the UK Data Protection Act of 1998 (Chapter 29) and the France Data Protection Act (Act N°78-17 OF 6 January 1978 on data processing, data files and individual liberties). We used the English publications of these laws so all content is in English.

Our current Control Procedures cover more than 80 technologies with over 4,000 individual controls. We have grown this Library through the addition of technical Control Procedures from the Center for Internet Security (CIS) Benchmarks. We translated several of the CIS Benchmarks into Control Procedures along with mappings to Control Standards. The following CIS Benchmarks are now available as Control Procedures:

• Apple iPhone 3.1.2
• IBM DB2 8, 9 and 9.5 (Linux, Unix and Windows)
• Microsoft Windows Server 2008
• Microsoft Access 2007
• Microsoft Excel 2007
• Microsoft InfoPath 2007
• Microsoft Office 2007 System
• Microsoft Outlook 2007
• Microsoft PowerPoint 2007
• Microsoft Word 2007
• Microsoft Windows 7
• Mozilla Firefox 3.5
• Opera Browser 10.51
• Sybase ASE 15.10

Along with the Control Procedures, we also created a corresponding Question Library set based on the assessment procedures outlined in the CIS Benchmarks. This allows our customers to quickly build questionnaires for manual technical assessments.

Finally, we completed our effort to provide the entire Shared Assessments Program SIG v5 with the completion of the Level 3 questionnaire. Now, the SIG v5 import pack includes all Level 1, 2 and 3 questions along with the Agreed Upon Procedures (AUP) questions.

By the Numbers:

• New Authoritative Sources: 11
• New or Modified Control Standards: 67
• New Technologies:14
• New Technical Controls: 959
• New Questions: 2,975 including
          - CIS Questions: 959
          - RSA Archer Questions: 64
          - SIG v5: 1,952

To access the Q2 RSA Archer eGRC Content Library updates, please email Support at support@archer.com.

To learn more about the updates, take advantage of these resources:

• I will be presenting a webcast on RSA’s content management processes and the entire eGRC Content Library, including comments on the latest content release.
• For existing customers, there will also be a Friday User Group Training session on July 23, 2010.
• For more information on the content updates, see the Release Notes posted on the Archer eGRC Community.

I look forward to any feedback you have on this new content, so please feel free to share your thoughts.

Published Jul 20 2010, 08:58 AM by Sarah Nord
Filed under: , , , , ,

Attachments

Comments

 

San Diego Cosmetic Surgeon Gives Patients Preview of Likely Results with 3D Video Library | audio conference calling said:

Pingback from  San Diego Cosmetic Surgeon Gives Patients Preview of Likely Results with 3D Video Library | audio conference calling

August 16, 2010 12:05 PM

Leave a Comment

Post My Comment
 

About Sarah Nord

As Archer Marketing Communications Manager for RSA, The Security Division of EMC, Sarah Nord oversees the planning, development, delivery and analysis of strategic marketing programs. She also serves as senior writer and editor for RSA Archer marketing content, including web copy, press releases, data sheets, case studies and blog posts. Sarah holds a BA in Professional Writing and an MA in Writing from Missouri State University. She is also RSA Archer Certified.