Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© Copyright 2016 EMC Corporation.
#RSACharge © Copyright 2016 EMC Corporation.
Solving Data Publication Challenges
for Even Better Archer Reporting
Phil Ald...
© Copyright 2016 EMC Corporation.
Agenda
• Reporting requirements
• Key Technical Challenges
• Datamart / ETL / BI solutio...
© Copyright 2016 EMC Corporation.
Challenge
• Archer is a powerful tool for aggregating risk and compliance data
• More ma...
© Copyright 2016 EMC Corporation.
Typical business requirements
Functionality
• Advanced visualizations
(heat maps, bowtie...
© Copyright 2016 EMC Corporation.
Capability RSA Archer BI tool
• “On the fly” report creation/edits
• Ability to export r...
© Copyright 2016 EMC Corporation.
Reporting Requirements
Source: COSO.org, Developing Key Risk Indicators to Strengthen En...
© Copyright 2016 EMC Corporation.
Reporting Requirements
Source: COSO.org, Risk Assessment in Practice
© Copyright 2016 EMC Corporation.
Reporting Requirements
Source: COSO.org, Risk Assessment in Practice
© Copyright 2016 EMC Corporation.
Current solution: Archer Data Publication
Service (DPS)
• Use Archer’s DPS (Data Publica...
© Copyright 2016 EMC Corporation.
Risk Intelligence Data Mart
Datamart / ETL / BI solution
DPS
Meta Data
Archer
Applicatio...
© Copyright 2016 EMC Corporation.
DPS Raw Data Model Risk Intelligence Data Mart
Meta Data
Xform Reporting
Datastore
Data ...
© Copyright 2016 EMC Corporation.
Additional Queries - Example Risk Intelligence Data Mart
Archer
Application
Data
Xform R...
© Copyright 2016 EMC Corporation.
Post Transformation Data Model Risk Intelligence Data Mart
Meta Data
Archer
Application
...
© Copyright 2016 EMC Corporation.
1. Datamart: all Archer data for an application is
available from a single view within a...
© Copyright 2016 EMC Corporation.
© Copyright 2016 EMC Corporation.
© Copyright 2016 EMC Corporation.
EMC “Proof of Concept”
• Use a subset of information on proof of
concept (Risk Register)...
© Copyright 2016 EMC Corporation.
POC Phases LEADER
2016
July Aug Sept Oct Nov Dec
Requirements Gathering EMC
Technical Se...
© Copyright 2016 EMC Corporation.
• Ability to provide a full “snapshot” to executives with
supporting context
• Ability t...
© Copyright 2016 EMC Corporation.
Risk Action chart
• “Actionable” report for easy
executive consumption
• Provides anothe...
© Copyright 2016 EMC Corporation.
Challenges / Opportunities
• 5.5 version vs. 6.1 ETL – Required a redesign
– Commitment ...
#RSACharge © Copyright 2016 EMC Corporation.
Please Complete Session Evaluation
#RSACharge
© Copyright 2016 EMC Corporation.
Upcoming SlideShare
Loading in …5
×

Solving data publication challenges for even better rsa archer reporting

1,594 views

Published on

Presentation from RSA Charge 2016.
ART-W04 - Solving Data Publication Challenges for Even Better RSA Archer Reporting

Archer captures and generates a wealth of data, and organizations with a mature program can use this information as a strategic asset to optimize risk management, growth and performance. Learn about the toolkit that Iceberg has developed to extract data and permissions from RSA Archer into standard BI dashboard and reporting tools, allowing organizations to derive even more value from Archer.

Presenters:
David Pearson - CTO, Iceberg Networks
Philip Aldrich - Director Enterprise Risk Management, Dell EMC

Published in: Technology
  • Be the first to comment

Solving data publication challenges for even better rsa archer reporting

  1. 1. © Copyright 2016 EMC Corporation.
  2. 2. #RSACharge © Copyright 2016 EMC Corporation. Solving Data Publication Challenges for Even Better Archer Reporting Phil Aldrich, Dell David Pearson, Iceberg
  3. 3. © Copyright 2016 EMC Corporation. Agenda • Reporting requirements • Key Technical Challenges • Datamart / ETL / BI solution • EMC “Proof of Concept” (Archer/Tableau integration) • Next Steps
  4. 4. © Copyright 2016 EMC Corporation. Challenge • Archer is a powerful tool for aggregating risk and compliance data • More mature organizations often have reporting/dashboard requirements that go beyond Archer out-of-box capabilities • Example: Audit committee + board-level reporting requirements + risk metrics “How can we drive more meaningful / actionable / valuable reports from Archer?”
  5. 5. © Copyright 2016 EMC Corporation. Typical business requirements Functionality • Advanced visualizations (heat maps, bowtie charts, cause-effect trees) • Manipulate / customize dashboards • More control over exports to Excel, PowerPoint, etc. • Metric and Trend analysis • Easier integration with other BI tools
  6. 6. © Copyright 2016 EMC Corporation. Capability RSA Archer BI tool • “On the fly” report creation/edits • Ability to export reports into multiple formats • Variety of report display options (bar, line, heat, pie, etc.) • Ability to create reports with separate data sources • Multi-dimensional reports (3 or more) • Ability to implement analysis algorithms (monte carlo, etc.) • Ability to add report description with export/display • Metric Trending & Analysis • Forecast projected results within report Reporting Capabilities
  7. 7. © Copyright 2016 EMC Corporation. Reporting Requirements Source: COSO.org, Developing Key Risk Indicators to Strengthen Enterprise Risk Management “Understand the Full Picture”
  8. 8. © Copyright 2016 EMC Corporation. Reporting Requirements Source: COSO.org, Risk Assessment in Practice
  9. 9. © Copyright 2016 EMC Corporation. Reporting Requirements Source: COSO.org, Risk Assessment in Practice
  10. 10. © Copyright 2016 EMC Corporation. Current solution: Archer Data Publication Service (DPS) • Use Archer’s DPS (Data Publication Service), and import data into a BI tool like Tableau But DPS has its problems… o Process is difficult to support/maintain o How do we maintain Archer’s security/permissions in the BI tool? o DPS produces “unfriendly field names” o How do we cross reference data from multiple Archer modules? o Can we capture trending?
  11. 11. © Copyright 2016 EMC Corporation. Risk Intelligence Data Mart Datamart / ETL / BI solution DPS Meta Data Archer Application Data Xform Reporting Datastore SQL/API Data Access
  12. 12. © Copyright 2016 EMC Corporation. DPS Raw Data Model Risk Intelligence Data Mart Meta Data Xform Reporting Datastore Data Access Archer Application Data
  13. 13. © Copyright 2016 EMC Corporation. Additional Queries - Example Risk Intelligence Data Mart Archer Application Data Xform Reporting Datastore Data Access Meta Data
  14. 14. © Copyright 2016 EMC Corporation. Post Transformation Data Model Risk Intelligence Data Mart Meta Data Archer Application Data Xform Data Access Reporting Datastore
  15. 15. © Copyright 2016 EMC Corporation. 1. Datamart: all Archer data for an application is available from a single view within a database 2. Maintains Archer’s security and access controls: Includes row-level permissions, automatically mirroring Archer’s security model 3. A simplified data model: Data is combined from dozens or hundreds of tables, and includes enumerated field “meanings”, for reporting ease and performance 4. Reports/Dashboards: Easier configuration of enriched executive reports and dashboards within a BI tool.
  16. 16. © Copyright 2016 EMC Corporation.
  17. 17. © Copyright 2016 EMC Corporation.
  18. 18. © Copyright 2016 EMC Corporation. EMC “Proof of Concept” • Use a subset of information on proof of concept (Risk Register) • Build “solid” integration b/w Archer and Tableau • Showcase reporting capabilities not available in Archer • Maintain Archer access control permissions • Ensure integration process is “easy” to support
  19. 19. © Copyright 2016 EMC Corporation. POC Phases LEADER 2016 July Aug Sept Oct Nov Dec Requirements Gathering EMC Technical Setup EMC/Iceberg /AHA Report Creation Iceberg/AHA ETL Redesign (6.1) Iceberg/AHA ETL Deploy/Test (6.1) EMC/Dell Metrics Development Dell/AHA EMC “Proof of Concept” timeline
  20. 20. © Copyright 2016 EMC Corporation. • Ability to provide a full “snapshot” to executives with supporting context • Ability to add report data into PowerPoint presentations or summary audit reports • Provide “actionable” reporting files/interfaces to allow real-time analysis (ie. Tableau)
  21. 21. © Copyright 2016 EMC Corporation. Risk Action chart • “Actionable” report for easy executive consumption • Provides another “axis” of information • Overlay of Risk Summary Report
  22. 22. © Copyright 2016 EMC Corporation. Challenges / Opportunities • 5.5 version vs. 6.1 ETL – Required a redesign – Commitment from RSA to inform on future changes • Maintain Archer access control capability – Key requirement to ensure data confidentiality • Ensure “ease of use” for future “lights on” support – Archer Support team can easily manage integration and updates • Continue to build a “Risk Intelligence” story – Add metrics, risk costs vs. impacts
  23. 23. #RSACharge © Copyright 2016 EMC Corporation. Please Complete Session Evaluation
  24. 24. #RSACharge © Copyright 2016 EMC Corporation.

×