+ All Categories
Home > Technology > Solving data publication challenges for even better rsa archer reporting

Solving data publication challenges for even better rsa archer reporting

Date post: 07-Apr-2017
Category:
Upload: icebergnetworks
View: 379 times
Download: 0 times
Share this document with a friend
24
© Copyright 2016 EMC Corporation.
Transcript

© Copyright 2016 EMC Corporation.

#RSACharge © Copyright 2016 EMC Corporation.

Solving Data Publication Challenges for Even Better Archer Reporting Phil Aldrich, Dell David Pearson, Iceberg

© Copyright 2016 EMC Corporation.

Agenda

• Reporting requirements

• Key Technical Challenges

• Datamart / ETL / BI solution

• EMC “Proof of Concept” (Archer/Tableau integration)

• Next Steps

© Copyright 2016 EMC Corporation.

Challenge

• Archer is a powerful tool for aggregating risk and compliance data

• More mature organizations often have reporting/dashboard requirements that go beyond Archer out-of-box capabilities

• Example: Audit committee + board-level reporting requirements + risk metrics

“How can we drive more meaningful / actionable /

valuable reports from Archer?”

© Copyright 2016 EMC Corporation.

Typical business requirements

Functionality

• Advanced visualizations (heat maps, bowtie charts, cause-effect trees)

• Manipulate / customize dashboards

• More control over exports to Excel, PowerPoint, etc.

• Metric and Trend analysis

• Easier integration with other BI tools

© Copyright 2016 EMC Corporation.

Capability RSA Archer BI tool

• “On the fly” report creation/edits

• Ability to export reports into multiple formats

• Variety of report display options (bar, line, heat, pie, etc.)

• Ability to create reports with separate data sources

• Multi-dimensional reports (3 or more)

• Ability to implement analysis algorithms (monte carlo, etc.)

• Ability to add report description with export/display

• Metric Trending & Analysis

• Forecast projected results within report

Reporting Capabilities

© Copyright 2016 EMC Corporation.

Reporting Requirements

Source: COSO.org, Developing Key Risk Indicators to Strengthen Enterprise Risk Management

“Understand the Full Picture”

© Copyright 2016 EMC Corporation.

Reporting Requirements

Source: COSO.org, Risk Assessment in Practice

© Copyright 2016 EMC Corporation.

Reporting Requirements

Source: COSO.org, Risk Assessment in Practice

© Copyright 2016 EMC Corporation.

Current solution: Archer Data Publication Service (DPS)

• Use Archer’s DPS (Data Publication Service), and import data

into a BI tool like Tableau

But DPS has its problems…

o Process is difficult to support/maintain

o How do we maintain Archer’s security/permissions in the BI

tool?

o DPS produces “unfriendly field names”

o How do we cross reference data from multiple Archer modules?

o Can we capture trending?

© Copyright 2016 EMC Corporation.

Risk Intelligence Data Mart

Datamart / ETL / BI solution

DPS

Meta Data

Archer Application

Data

Xform Reporting Datastore

SQL/API

Data Access

© Copyright 2016 EMC Corporation.

DPS Raw Data Model Risk Intelligence Data Mart

Meta Data

Xform Reporting Datastore

Data Access

Archer Application

Data

© Copyright 2016 EMC Corporation.

Additional Queries - Example Risk Intelligence Data Mart

Archer Application

Data

Xform Reporting Datastore

Data Access

Meta Data

© Copyright 2016 EMC Corporation.

Post Transformation Data Model Risk Intelligence Data Mart

Meta Data

Archer Application

Data

Xform

Data Access

Reporting Datastore

© Copyright 2016 EMC Corporation.

1. Datamart: all Archer data for an application is available from a single view within a database

2. Maintains Archer’s security and access controls: Includes row-level permissions, automatically mirroring Archer’s security model

3. A simplified data model: Data is combined from dozens or hundreds of tables, and includes enumerated field “meanings”, for reporting ease and performance

4. Reports/Dashboards: Easier configuration of enriched executive reports and dashboards within a BI tool.

© Copyright 2016 EMC Corporation.

© Copyright 2016 EMC Corporation.

© Copyright 2016 EMC Corporation.

EMC “Proof of Concept”

• Use a subset of information on proof of concept (Risk Register)

• Build “solid” integration b/w Archer and Tableau

• Showcase reporting capabilities not available in Archer

• Maintain Archer access control permissions

• Ensure integration process is “easy” to support

© Copyright 2016 EMC Corporation.

POC Phases LEADER 2016

July Aug Sept Oct Nov Dec

Requirements Gathering EMC

Technical Setup EMC/Iceberg

/AHA

Report Creation Iceberg/AHA

ETL Redesign (6.1) Iceberg/AHA

ETL Deploy/Test (6.1) EMC/Dell

Metrics Development Dell/AHA

EMC “Proof of Concept” timeline

© Copyright 2016 EMC Corporation.

• Ability to provide a full “snapshot” to executives with supporting context

• Ability to add report data into PowerPoint presentations or summary audit reports

• Provide “actionable” reporting files/interfaces to allow real-time analysis (ie. Tableau)

© Copyright 2016 EMC Corporation.

Risk Action chart

• “Actionable” report for easy executive consumption

• Provides another “axis” of information

• Overlay of Risk Summary Report

© Copyright 2016 EMC Corporation.

Challenges / Opportunities

• 5.5 version vs. 6.1 ETL – Required a redesign

– Commitment from RSA to inform on future changes

• Maintain Archer access control capability

– Key requirement to ensure data confidentiality

• Ensure “ease of use” for future “lights on” support

– Archer Support team can easily manage integration and updates

• Continue to build a “Risk Intelligence” story

– Add metrics, risk costs vs. impacts

#RSACharge © Copyright 2016 EMC Corporation.

Please Complete Session Evaluation

#RSACharge © Copyright 2016 EMC Corporation.


Recommended