Rsa archer что это

RSA Archer eGRC

The RSA® Archer® GRC Platform supports business-level management of enterprise governance, risk and compliance (GRC). As the foundation for all RSA Archer GRC solutions, the Platform allows you to adapt a broad range of solutions to your requirements, build new applications, and integrate with external systems without touching a single line of code. RSA Archer helps to develop the organization’s GRC program with solutions based on industry standards and best practices.

Each solution is designed based on best practices and compliance standards as well as experience in building a corporate class.

RSA Archer platform

The RSA Archer GRC Platform provides a common foundation for managing policies, controls, risks, assessments and deficiencies across your lines of business. This unified approach eases system complexity, strengthens user adoption and reduces training time. The Platform enables cross-functional collaboration and alignment. Business users across IT, finance, operations and legal domains can work together in an integrated framework using common processes and data. Non-technical users can automate processes, streamline workflow, control user access, tailor the user interface and report in real-time using the point-and-click interface to build and manage business applications.

RSA Archer Platform allows you to adapt a broad range of solutions to your requirements – i.a.:

Tailor RSA Archer GRC solutions to your unique methodologies and build on-demand applications through point-and-click configuration. Thanks to that RSA Archer can be customized to the individual and specific requirements of each organization

Define and automate business processes for streamlining the management of content, tasks, statuses and approvals.

Consolidate governance, risk and compliance information of any type. Seamlessly integrate data systems without requiring additional software. Automate movement of data into and out of the platform to support data analysis, process management and reporting.

Take advantage of pre-built reports and dashboards and create your own with the user-friendly web interface. Easily review risk and compliance data using extensive search capabilities.

Enforce who can access specific risk and compliance data at the system, application, record and field levels so users interact only with information relevant to their roles.

Enable customers to support multiple languages within their RSA Archer environment with region or language locale-specific components and multilingual developments designed for use in markets worldwide, including double-byte support.

GDPR compliance in RSA Archer

RSA Archer addresses compliance issues for GDPR in four key aspects, perceived as the most valuable steps in the implementation of the GDPR compliance:

RSA Archer offers several use cases to meet specific GDPR requirements:

RSA Archer Data Governance

RSA Archer Data Governance is designed to provide a framework to help organizations identify, manage, and implement appropriate controls around personal data processing activities.

RSA Archer Privacy Program Management

RSA Archer Privacy Program Management is designed to enable organizations to group processing activities for the purposes of performing data protection impact assessments and tracking regulatory and data breach communications with data protection authorities.

RSA Archer® Audit Management

Many times, the audit team cannot focus on helping the business evaluate new risks and opportunities because they are spending time evaluating past performance of controls. Using RSA Archer Audit Management, you can incorporate more of a risk-based approach and collaborate with risk and compliance business partners. You can integrate the appropriate view of risk into evaluation of the most critical areas and controls, allowing you to focus on strategic business initiatives that show the audit team’s value to the organization.

RSA Archer Audit Management provides a variety of use cases to meet your specific business needs and progress in your GRC maturity journey, including:

RSA Archer Issues Management

Lays the foundation for your GRC program to manage issues generated by audit, risk and compliance processes. The use case includes the Business Hierarchy to establish the corporate structure and accountability for risk and compliance Issues, and applications to manage findings, remediation plans and exceptions to address risks and associated resolutions.

With RSA Archer Issues Management, you can create a consolidated view into known issues. With an organized, managed process to escalate issues, you get visibility into known risks and efforts to close and address risks. Workflow for proper sign-off and approval for issues, remediation plans and exceptions ensures identified issues are managed and mitigated. You will see quicker reaction to emerging risks creating a more secure and resilient environment while reducing costs. You can view the full use case on RSA.

Audit Engagements & Workpapers

Perform audit engagements, maintain workpaper documentation, and report on audit results in a consistent, timely manner.Track expense reports and manage timesheets to staff your audit engagements with the right personnel. RSA Archer Audit Engagements & Workpapers helps transform the efficiency of your audit department, complete better scoped audits more quickly, and decrease external audit fees. You can view the full use case on RSA.

Audit Planning & Quality

Enables internal audit teams to define their audit entities and universe, risk assess them, and plan for audit engagements during the coming year. Since RSA Archer Audit Planning integrates rich management risk and control information, Internal Audit can ensure their audit objectives are aligned with enterprise risk management and other related groups. Audit Planning & Quality puts you in control of the entire audit planning lifecycle, enabling improved governance of audit-related activities while also providing integration with your risk and control functions.

With Audit Planning & Quality, you can:

RSA Archer® Business Resiliency

RSA Archer Business Resiliency provides an automated approach to business continuity and disaster recovery planning and execution, enabling swift response in crisis situations to protect your ongoing operations. With RSA Archer, you can assess the criticality of business processes and supporting technologies, and develop detailed business continuity and disaster recovery plans using an automated workflow for plan testing and approval. Key dashboards and reports provide visibility for your senior management, giving them a better understanding of continuity risks, insight into budget requirements, and a level of confidence that a solid resiliency program is in place if a crisis occurs.

RSA Archer Business Resiliency provides several use cases to meet specific business needs and progress in the business resiliency maturity journey, including the following options.

Use cases of RSA Archer Business Resiliency:

RSA Archer Security Incident Management

Enables the processes to address the flood of security alerts and implement a managed process to escalate, investiagte and resolve security incidents.

RSA Archer® Enterprise & Operational Risk Management

With RSA Archer® Operational Risk Management, you get a consolidated and clear view of risk that allows you to prioritize risks, efficiently deploy resources to address the most critical problems, and elevate risk management as a new source of competitive advantage. ORM provides tools and frameworks for risk specialists to identify, assessment, monitor and control operational risk. RSA Archer Enterprise & Operational Risk Management provides several use cases to meet specific business needs and progress in the audit maturity journey, including the following options.

Use cases of RSA Archer Enterprise & Operational Risk Management:

RSA Archer Operational Risk Management

RSA Archer Operational Risk Management enables cataloging business processes and sub-processes, documenting risks associated with business processes, and mitigating controls. By integrating these use cases, risk managers have a comprehensive operational risk management program that reinforces desired accountability and risk management culture throughout the organization, providing necessary transparency through reporting, dashboards and notification alerts.

RSA Archer® IT & Security Risk Management

RSA Archer® IT & Security Risk Management allows you to determine which assets are critical to your business, establish and communicate security policies and standards, detect and respond to attacks, identify and remediate security deficiencies, and establish clear IT risk management best practices.

RSA Archer IT & Security Risk Management provides several use cases to meet your specific business needs as you mature your risk program, including the following options.

Use cases of RSA Archer IT & Security Risk Management:

Источник

Множественные уязвимости в RSA Archer EGRC

Да

Уязвимости позволяют удаленному пользователю раскрыть важные данные, осуществить XSS-атаку и неавторизованно изменить данные.

1) Уязвимость существует из-за неизвестной ошибки при обработке входных данных. Удаленный пользователь может с помощью специально сформированной ссылки выполнить произвольный код сценария в браузере жертвы в контексте безопасности уязвимого сайта.

2) Уязвимость существует из-за недостаточного контроля доступа в Discussion Forum Fields. Удаленный аутентифицированный пользователь может неавторизованно изменить данные.

3) Уязвимость существует из-за хранения пароля системой в текстовом виде. Удаленный аутентифицированный пользователь может раскрыть важные данные.

Источник

Rsa archer что это

Library to work with Archer REST and Content APIs

My original objective was to create Office365 mail to Archer Incidents application connector.Script captures the email, checks if there is an incident ID assigned and add the email to comments section (sub form) in archer record. This package supports archer part of the connector, if someone interested I can share the whole thing.

1. Creating Archer Instance

Create «api» user in Archer with proper permissions At first, create Archer Instance object and continue to work with it

2. Working with content records

2.1 Selecting application

To start working with content records you need to select Archer application (one application per Archer Instance object), without it it’ll not work.

2.2 Creating new record

Creating the record and getting its id:

2.2 Working with existing records

2.2.1 Getting record content

Getting record object by id:

Getting values of record fields (including ids):

2.2.2 Updating existing record

Preparing updater json

Updating the record values:

2.2.3 Posting attachments to archer instance

Uploading attachment to Archer and getting its id:

Appending attachment ids into array, you might want to get existing record atttachments ids first and append additional attachment id to it or you will lose the existing ones:

Then associate the ids with the existing record for example:

3. Working with sub forms in content records

3.1 Creating subrecords

Creating sub_record and getting its id:

Then associate subrecord with content record, in this case existing record:

But it will replace the existing subrecords in application, so you should get the existing subrecords first:

And then update the original application record:

3.2 Attachments to subrecords

Uploading attachment to Archer and getting its id:

Put attachment ids into array:

Assosiate it with the new sub_record

4. Working with users

4.1 Getting user objects:

Getting all user objects:

Getting individual user object:

Getting users using filters, find full list of filters in Archer REST API documentation:

Getting active users with no login:

4.2 Getting users info

Getting user object parameters (added for convenience), all information could be found in user.json:

4.3 Working with user object

Assigning user to role:

Adding user to group:

Archer GRC API (released from 6.4)

To start working in GRC api you need to set an endpoint, it’s analog of application we used in REST. To find the exact name of an endpoint you can use the following method:

With endpoint name you can get content records of the application:

I’m building key record field value to record internal id mapping:

So based on key record field value I can get record internal id:

Источник

Множественные уязвимости в EMC RSA Archer GRC

Да

Описание:
Уязвимость позволяет удаленному пользователю выполнить произвольный код на целевой системе.

1. Уязвимость существует из-за неизвестной ошибки в приложении. Удаленный пользователь может загрузить произвольные файл и скомпрометировать целевую систему.

2. Уязвимость существует из-за неизвестной ошибки в Silverlight. Удаленный пользователь может обойти определенные ограничения безопасности.

3. Уязвимость существует из-за неопределенной ошибки при обработке входных данных. Удаленный пользователь может с помощью специально сформированного запроса выполнить произвольный код сценария в браузере жертвы в контексте безопасности уязвимого сайта.

4. Уязвимость существует из-за недостаточной проверки подлинности HTTP запросов при выполнении некоторых действий. Удаленный пользователь может произвести CSRF нападение.

Источник

Rsa archer что это

Содержание

Активы

Конечные собственники

RSA помогает ведущим организациям мира в решении самых сложных и важных задач обеспечения безопасности. В число этих задач входит управление организационными рисками, обеспечение мобильного доступа и сотрудничества, подтверждение нормативно-правового соответствия, а также обеспечение безопасности в виртуальных и облачных средах. Объединяя критически важные инструменты управления доступом, шифрования и управления ключами, управления инцидентами и событиями информационной безопасности (Security Information and Event Management, SIEM), предотвращения потери данных и защиты от мошенничества с лучшими в отрасли возможностями eGRC и консалтинговыми услугами, RSA обеспечивает для миллионов пользователей прозрачность операций, которые они выполняют, и доверие к данным, которые при этом создаются.

В результате слияния корпораций Dell и EMC компания RSA вошла в состав группы компаний Dell Technologies.

О программе RSA Certified Partner Program

Партнерская программа RSA Certified Partner Program является одной из самых обширных и долгосрочных технологических программ интеграции и совместимости продуктов партнеров и продуктов RSA такого типа и объединяет более 1,000 решений от более 300 производителей программного и аппаратного обеспечения. Сертификационные программы по продуктам RSA SecurID®, RSA® Access Manager, RSA® Adaptive Authentication, RSA® Digital Certificate Solutions, RSA® Data Loss Prevention (DLP) Suite, RSA® Hybrid Authenticators, RSA enVision®, RSA® Federated Identity Manager и RSA® Data Protection Manager Suite дают пользователям уверенность, что установленные у них решения интероперабельны, гарантируя быстрое внедрение и низкую совокупную стоимость владения.

Партнерская программа RSA Certified Partner Program отражает приверженность RSA к сотрудничеству с другими вендорами индустрии ИБ и поддержку стандартов взаимодействия между централизованными решениями по защите информации, пользователей и инфраструктур. Для получения дополнительной информации, пожалуйста, посетите www.securedbyrsa.com.

История

18 февраля 2020 года стало известно о продаже компании RSA Security, которая ранее принадлежала Dell Technologies, консорциуму во главе с частным инвестиционным фондом STG Partners. В группу покупателей также вошли компания AlpInvest Partners и пенсионный фонд Ontario Teachers.

Сделка, которая включает в себя покупку RSA Archer, RSA NetWitness Platform, RSA SecurID, RSA Fraud and Risk Intelligence и RSA Conference, должна быть закрыть в течение 2020 года.

О продаже RSA Security стало известно за несколько дней до начала конференции RSA Conference, которую ежегодно проводит эта компания. Главный спонсор мероприятия — IBM — отказался от участия в нем из-за вспышки коронавируса. Не исключено, что конференция вовсе не состоится, равно как и другие подобные мероприятия в технологической отрасли.

Как пишет издание CRN, компания RSA увеличила число партнеров на своих двух верхних уровнях — Titanium и Platinum — на 25% в период между 2018 и 2019 годами. Такие партнеры получают больше выручки, а также дополнительные возможности для скидок, заявили в RSA.

Продажа RSA продолжила череду сделок по слияниям и поглощениям на рынке информационной безопасности. Старший аналитик исследовательского агентства Wikibon Дэйв Велланте (Dave Vellante) связывает эту тенденцию с тем, что компании стремятся сократить количество используемых решений для киберзащиты. По словам эксперта, корпоративные расходы на ИБ-решения растут всё медленнее. Хотя это направление остаётся приоритетным, организации больше не хотят экспериментов с новыми вендорами и уменьшают число систем, которые одновременно работают со старыми продуктами. [1]

2018: Покупка Fortscale

В начале апреля 2018 года RSA Security объявила о покупке разработчика ПО для выявления киберугроз в сети Fortscale. Стоимость сделки компании решили не раскрывать. Подробнее здесь.

Источник