Aujas’ RSA Archer AppStore

Our Apps are available as turnkey ‘solution packages’ these packages require a small number of additional hours for integration and minor customizations to ensure the ‘package’ is fully integrated and optimized for your environment.  The packages allow for rapid proof of concepts and implementations rather than spending time and effort on designing and developing it.

Please note: Additional Archer Use Cases and ODA licenses may be required.  Solutions are compatible with RSA Archer versions 5.x and 6.x

Advanced IT Risk Management Automation

Our Risk Management advanced automation solution helps organizations rapidly and comprehensively cover all the information assets for conducting risk assessments rather than conducting sample based risk assessments. The solution includes data integration capabilities with wide range of scanning and inventory systems along with workarounds and over-rides where data sources may not be ready with clean and accurate data.  The solution also allows for over-rides and role based delegations to address situations where stakeholders may not be clearly identified.  Risk methodology is optimizations including the use of: control rationalization buckets, pre-defined (but editable) threat and vulnerability applicability matrix, risk buckets (for syndication) for a large-scale factory type automation of a risk management framework.

The solution includes:

  • Questionnaire based information assets and system categorization with cross validation
  • Security profile based automated tagging of threats and vulnerabilities to each information asset
  • SDLC phase wise tracking of control implementation and activities to be performed by the information security team
  • Built in workflow automation with data feeds, schedulers, notifications, escalations, and delegations
  • Built in role based reports and dashboards
  • Scrubbed and mapped control standards, and test points
  • Scanning tool reports mapped to control standards for risk estimation
  • De-duplicated findings to prevent repeat findings for already open issues
  • Mechanisms to migrate existing legacy risk assessment data

 

Third Party Risk Management Automation

Our Third Party Risk Management automation solution helps organizations efficiently and effectively manage third party programs including: vendor categorization, risk level calculators, pre-assessment business scoping assessment and vendor assessment itself.  The solution includes data integration capabilities with supplier management systems along with workarounds and over-rides where data sources may not be ready with clean and accurate data.  The solution provides end-to-end workflows starting from vendor intake to assessment and remediation, the solution includes: stakeholder focused reports and dashboards and is also capable of tracking SLA for the assessment activities.

The solution includes:

  • Questionnaire based vendor categorization and risk level calculator
  • Integration with supplier management systems for vendor inventory
  • Scheduler for scheduling annual workloads
  • Built in multi-level workflow automation with data feeds, schedulers, notifications, escalations, and delegations
  • Built in role based reports and dashboards
  • Capability to leverage SharedAssessment’s SIG/SIG LITE, VSA or custom assessment questionnaires
  • Capability of supporting other (non-InfoSec) stakeholder questionnaires
  • Vendor access management
  • Mechanisms to associate remediation to findings, track, monitor and remediation status.

 

Unified Issue Management

Our Centralized Issue Management solution helps organization manage the entire range of information security issues identified through multitude of sources, including: Risk Assessments, Audits, Automated Vulnerability and Configuration Scans, Security incidents among others.  Our solution prevents duplicates and supports a workflow that includes individual and group based exceptions, remediation and  false positive recording.

The solution involves integration with multiple sources for assets and organization structure and builds relationship in Archer to obtain the system criticality and inherent risk. Similarly, for issue identification, various sources are integrated and a centralized issue repository is build. System automatically removes the duplicate issues identified by these sources and groups them based on controls, owner/stakeholder, department/function, Asset etc., allowing organizations to remediate the issues as per their preference.

The solution includes:

  • Integration with asset and associated stakeholder inventories such as CMDB.
  • Integration with popular vulnerability and configuration baseline scanners.
  • Integration for standardized pen test reports for limited automation.
  • Built in workflow for remediation plans, exception life-cycle and false positive reporting. Limited reverse integration with external tools to prevent or suppress reporting of same issues.
  • Built in role based reports, dashboards, notifications and escalation.
  • Scrubbed and mapped control standards, and test points.
  • Scanning tool reports mapped to control standards for risk estimation.
  • De-duplicated findings to prevent repeat findings for already open issues.
  • Risk appetite driven exception and remediation workflows.