Khalid - Archer-Accelerate-Dubai KM

Internal Use
Dubai, UAE
November 17
Archer Product Update

What’s new in ARCHER ?
Khalid Majed
Advisory Systems Engineer
khalid.majed@archerirm.com
1 ©2022
©2022
RSA Security
RSA Security
LLC orLLC
its affiliates.
or its affiliates.
All rights
All rights
reserved.
reserved. C O N F I D E N T I A L
Internal Use
Archer Product Updates Agenda
▪ Archer People and Products
▪ Where do I find updates and more information ?
▪ Visualizations
▪ GUI Enhancements
▪ Wrap Up
2 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L
Internal Use
Meet Us at the Following Tradeshows and Events
For more information visit www.archerirm.com/events or contact tina.Reuterskiold@archerirm.com !

Internal Use
Archer People and

Products
Archer META Team

Internal Use
Update ARCHER People – DACH Team

▪ Sales Tracy Vernum, Chris Mann ▪ Presales Nikki Mills
▪ Andreas Heineke, DACH ▪ Julian Hirsch DACH
▪ Arik Kotkowski, DACH ▪ Werner Böckelen DACH
▪ Oksana Kolobov, DACH
▪ Murat Alkan, DACH
▪ Barbara Schreyer, DACH

Internal Use
Update Archer People – META Team

Sales Pre-Sales
Hassan Al-Helo – Regional Sales Nikki Mills – Pre-Sales Director, EMEA
Manager, META
▪ Ahmed Abdallah – Territory Sales Manager ▪ Khalid Majed – Advisory Systems Engineer
▪ Bisher Bashaireh – Strategic Accounts ▪ Abdallah Al Ghamdi – Sales Engineer
Manager
▪ Mazen Al Hassan – Business Development
Manager
▪ Melissa Olinocopsey – Account Manager

Internal Use
Archer People and

Products
Archer IRM Platform

Internal Use
Archer for
Integrated Risk
Management ENTERPRISE &
OPERATIONAL RISK
▪ Manage multiple ORCHESTRATE INSIGHT

domains of risk IT & SECURITY
AUDIT &
COMPLIANCE
System of Bow-Tie
▪ Integrate into your Record RISK
INFORMED
Analysis
existing infrastructure Consistent DECISION Modeling

Taxonomy
MAKING
▪ Engage your internal and Workflow &
external stakeholders Security
Simulation
THIRD PARTY
▪ Implement quantification Consolidated
Reporting
GOVERNANCE ESG Scenario/
What-if Testing
to drive business insights
RESILIENCE

Internal Use
Archer for
Integrated Risk
Management ENTERPRISE &
OPERATIONAL RISK
▪ Manage multiple ORCHESTRATE INSIGHT

domains of risk IT & SECURITY
AUDIT &
COMPLIANCE
System of Bow-Tie
▪ Integrate into your Record RISK
INFORMED
Analysis
existing infrastructure Consistent DECISION Modeling

Taxonomy
MAKING
▪ Engage your internal and Workflow &
external stakeholders Security
Simulation
THIRD PARTY
▪ Implement quantification Consolidated
Reporting
GOVERNANCE ESG Scenario/
What-if Testing
to drive business insights
RESILIENCE

Internal Use
The Value of Archer

Integrated Risk
Management PRODUCTIVITY
AND EFFICIENCY
▪ Gain an enterprise ORCHESTRATE

GROWTH AND VISIBILITY
INSIGHT
INTO
connected view of risk Reduce costs of
OPPORTUNITY
POTENTIAL
Align spending
risk/compliance EXPOSURES
▪ Improve productivity management RISK
INFORMED
with risk exposure
Optimize
▪ Expand coverage of risk Focus skilled
resources
DECISION investments
MAKING
analysis and speed Improve
Perform business-
based cost/benefit
adoption productivity IMPROVED
ALLOCATION
PRIORITIZED analysis
RISK
▪ Optimize risk mitigation Accelerate
processes
OF CAPITAL REDUCTION Improve capital
allocation
investment
OPTIMIZED
▪ Target opportunities in INVESTMENTS IN
RISK MITIGATION
market

Internal Use
THE VALUE OF
INTEGRATED RISK MANAGEMENT
PRODUCTIVITY ORCHESTRATE
AND EFFICIENCY
GROWTH AND VISIBILITY

▪ Gain an enterprise OPPORTUNITY INTO
POTENTIAL
connected view of risk RISK
EXPOSURES
▪ Improve productivity INFORMED INTEGRATE

DECISION
▪ Expand coverage and MAKING
speed adoption IMPROVED
ALLOCATION
PRIORITIZED
RISK
▪ Optimize risk OF CAPITAL REDUCTION
mitigation investment ENGAGE

OPTIMIZED
▪ Target opportunities in INVESTMENTS IN
RISK MITIGATION
market
INSIGHT

Internal Use
INTEGRATED RISK MANAGEMENT
Enter data in Archer

Focused on the
It’s possible to take
QUANTITATIVE
RISK ANALYSIS advantage of the Archer
automation capabilities
A SaaS platform for high-performance

number crunching, simulations, graphic
analysis, reports and Bowtie visuals
Update Model (calcs)
with input from users
and systems
Automatically pull data from

systems (data sources)
Focused on
OVERALL RISK
GOVERNANCE
(Automation,
Business Context,
Integration…)

Internal Use
Archer Risk Management: High-level Overview

Qualitative Approach Business Context Quantitative Approach
Corporate Objectives
Company
Risk Hierarchy Products/Services
Enterprise Divisions
Qualitative Risk Business Processes Company
Exposure
Level Org. Units
Processes
Applications Quantitative Risk

Aggregation Business
IT Areas
Processes
Facilities Units
Portfolio
Exposure
Intermediate Aggregation
Program
Projects
Level
Processes
IT Devices
Quantitative
Support of
Analysis & Analytics
“time dimension” Qualitative->Quantitative
➢Historicization Risk Library Seamless Transition
➢Trending
Risk Bowties
(Risk Events, Drivers,
Qualitative Assessments Register Consequences, Controls)
Assessment Assessment
Campaign Records
Multiple assessment approaches
• Simple Y Standard (auto generation)
• Full Quantification
• OpenFAIR (Cyber Risk Quant)-Future
Risk Project
(Survey-based
Speak Up Risk Identification)
Get information from

infrequent business users

Internal Use
Archer Insight: A Methodological Approach Based on 3 Pillars

An algorithm to perform
Reference structure to define the A model to consider the many
calculations and aggregation
context for risks and aggregation variables a risk depends on
considering uncertainty
+ +
CONSEQUENCES
THREATS/
IMPACTS/
DRIVERS
RISK
CONTROLS MITIGATIONS
EVENT
Use a hierarchical “entity The Bowtie analysis is used • Use stochastic modelling for the Bowtie
structure” to represent understand the elements of risks parameters
organizational units, projects, and their relationships • Monte Carlo simulation across the whole
processes, assets, … hierarchy to aggregate risk exposure

Internal Use
The Reference Hierarchy: Scopes for Risks and Objectives

Company
▪ The hierarchical “Entity Structure” models the scopes
a risk can affect Org. Units
Processes
OBJECTIVE / RISK LAYERS

▪ Each entity can be optionally linked with one or
IT Areas
more risks affecting the scope the entity represents
Processes
▪ Risk Exposure is calculated and aggregated

Portfolio
leveraging the relationships of the entity structure
that drive the risk aggregation flow and roll-up of Program
risk Projects
Processes
▪ Objectives can be associated to any entity and IT Devices

implicitly define the hierarchy of objectives
(different levels: strategic, portfolio, operational) Entity Structure
Internal Use
Bowties: A Better Way to Model Risks Telling a “Risk Story”

Display the causal relationships between the risk sources (threats or drivers), the risk event, the
consequences (effects/impacts) and the controls (preventive/ mitigation)
How can we prevent the

undesirable event?
How do we recover or limit the
outcome if the event occurs?
(Preventive) Controls
Driver 1 Mitigations
Consequence A
Risk
Causes Driver 2 Losses/
Event Impacts
Consequence B
Driver 3 Something bad
happens
If the risk event materialize,

what’s the outcome?
What are the causes that may
lead the risk event to happen?

Internal Use
Bowties: An Example from Everyday Life

Mitigation Consequence
Driver Control Risk Event How we could limit Who would
How this could How we could stop it The point we lost experience what pain
the damage if it does
happened happening control and by how much
happen
Icy Winter Passenger

Car crashes Airbags Seat Belts
Roads Tires Injured
Going too Excess Insurance Car repairs

fast speed alarm
Renew
Heavy Rain wipers Late to work
regularly
Bluetooth
Distracted
connection
by phone
to car

Internal Use
Adding Numbers to the Bowtie Something How bit it is

that may (impact)
▪ The Bowtie model proved to be perfect to happen
support a quantitative risk analysis

▪ The Model includes elements that represent
➢ Something that may happen (drivers, risk event,
consequences) and how often
Different
➢ How big the impact (loss magnitude) if bad things happen Prob/Freq of types of
the risk event consequences
Prob/Freq
of failures
▪ Since risk is all about uncertainty, the “how often” and of controls
the “loss magnitude” must be described by probabilistic

distributions characterised by some parameters Prob/Freq of
the threat
▪ Controls and mitigation might succeed of failed in their event
Probabilistic
prevention/mitigation function, so also their distribution of
the severity of
effectiveness is uncertain the
consequences
Bowties allows you to model the broad category of “event-based risks” supporting different types of
impact (financial/non-financial) in a seamless and uniform manner.
Internal Use
What the Numbers Mean

Probability driver would Probability risk event would
result in risk event result in consequence
Poisson Probability Expected # Probability Expected #

frequency of success events in of success fines in time
time horizon horizon
Inputs
Calculated
Internal Use
Bowtie Native Implementation in Archer (Q1 CY23)

Internal Use
Where do I find updates

and more information ?
Archer Online Help and Archer Community

Confidential
Internal Use
Archer Help Center ▪ Online Help https://help.archerirm.cloud

Cloud based Archer Help Center
− Architecture Diagrams
− Predelivered Workflows
− Access Rules, Groups, Dashboards
22 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N FF II D

D EE NN TT I IAAL
L
Internal Use
Archer
Community

Internal Use
LIVE, VIRTUAL and ON-DEMAND
Archer Education
Services

Internal Use
App-Packs, Tools & Utilities, Integrations and

Content
Archer
Exchange

Internal Use
Walkthrough Archer Community

Internal Use
Visualizations
Making a Splash with Archer Dashboards and Reports

Internal Use
Existing Visualizations
Confidential

Internal Use
Horizontal Bar

Internal Use
Horizontal Stacked Bar

Internal Use
Progress Bar

Internal Use
Vertical Bar

Internal Use
Vertical Stacked Bar

Internal Use
Combination Chart

Internal Use
Pie Chart

Internal Use
Donut

Internal Use
Treemap

Internal Use
Heatmap

Internal Use
Metrics
Gauge
Featured Metric

Internal Use
Pareto

Internal Use
Funnel

Internal Use
Sunburst

Internal Use
Scatter Chart

Internal Use
Area

Internal Use
Radar

Internal Use
Bubble Chart

Internal Use
Newly Introduced Visualizations

Internal Use
Dependency Wheel

Internal Use
Bubble Chart
Packed Bubble Split Packed Bubble

Internal Use
Sankey Chart

Internal Use
Network Graph

Internal Use
Network Graph

Internal Use
Network Graph

Internal Use
Insight - Heatmap+

Internal Use
Insight - Bowtie

Internal Use
Insight – Financial Analysis

Internal Use
Demonstration Archer Visualization Reports

Internal Use
Archer NextGen
Dahboards

Internal Use
NexGen Risk Experience - Design Principles
1. Provide configurability for business processes 4. Provide seamless navigation that provides
without sacrificing experience. visibility into the big picture and help me
understand how things are related.
2. Leverage modern design and aesthetics that
meet expectations and are accessible. 5. Make it as effortless as possible, keeping it
simple until it’s not. Progressively disclose
3. Deliver context sensitive experiences. The right
information, guide me through the complex
experience for the right person, at the right
and make it easy to find what I’m looking for.
time, for the right context.

Internal Use
NextGen Dashboard
• Widget-based Layouts
• WYSIWYG Interface
• Contextual Menu
• Responsive Design
• Exports

Internal Use
Demonstration Archer NextGen Dashboards

Internal Use

Internal Use
What’s Next ? Archer NextGen Dashboards

Internal Use
What’s next?
• Dashboard Filters
• Collaboration
• Report Trending
• Executive Summary

Internal Use
GUI Enhancements
Archer Enhanced User Experience Tool and Utility

Internal Use
Confidential
Archer Enhanced User Experience Utility and Tool

Key Features
 Enhancement of existing record layouts with a more modern data interface
 Enhancement of Archer navigation by allowing users to open cross-referenced records in

new Archer windows as opposed to requiring them to navigate away from the current record
they are viewing
 Allow Archer System and Configuration Administrators the ability to view the formulas
associated with calculated fields directly from a record page
 Simplified deployment or removal of one or more of the newly released Archer

Layout Independent Custom Objects across any and all module layouts within a single Archer
Instance.

Internal Use
Prerequisites Timelines
• One ODA, Archer Accessories Objects, will be • It is available since beginning of September
utilized by the Tool & Utility to store the 2022 from the Archer Exchange within the
configuration of the custom objects but can Tools and Utility Section.
remain in a Development state during/after the
installation process. • Product Management featured the Archer
Enhanced User Experience Tool & Utility as
• The installation process uses Archer’s internal part of a Free Friday Tech Huddle in Aug,
API to copy the custom objects found on the 2022.
Archer Accessories Objects ODA to the selected
Target Layouts that the customer wishes to
deploy the objects to.

Internal Use

Internal Use

Internal Use
Demonstration Archer Enhanced User

Experience Tool and Utility

Internal Use
Wrap Up
Questions and Answers

7 Confidential
Internal Use
2
Release Schedule
Release 6.11 TBD
Nov 2021 Mar 2022 Aug 2022 Feb 2023
Release 6.10 Release 6.12
Monthly Cumulative Patch Releases
Continuous Releases – Engage, Insight, Exchange, Mobile, SaaS

Confidential
Internal Use
Archer Release 6.12

Evolutions
▪ Use Case Updates ▪ Reporting ▪ Application Builder
− Archer Operational Resilience updates − New Network chart type − Field Dependency Review
focused on Enterprise & Operational − Share Personal Reports − Retain Filters within grid controls
Risk Management
− Archer SaaS Configuration Reports − Help text added “Above” the data field
• Operational Scenario Analysis
in edit and view modes
• Key Indicator Management
− Updated admin experience for
• Third Party Governance ▪ Archer Online Help Inherited Record Permissions
− Public Sector Use Case Updates − Help requests within the Platform and
− Apply Conditional Layout functionality
the Archer Control Panel are redirected
• Assessment & Authorization updates to reduce scrolling and
to the new cloud-based Archer Help
• Plan of Actions & Milestones (POAM) improve context
Management
Center
• Continuous Monitoring
▪ Admins
− Minor updates ▪ Notifications
− Token-based authentication supported
• Third Party Risk Management, − Reminder Subscription Notifications for:
• Top-Down Risk Assessment sent using the One Email option • Mail Monitor Transporter type in Data
• Enterprise Catalog Feeds
now apply permissions per record
• Sending emails from Archer (SMTP)
− Inclusive language updates • Advanced Workflow by Email (on
premises environments)

Internal Use
Khalid Majed
+971 55 88 03 142
khalid.majed@archerirm.com
74 ©2022©2022
RSA Security
RSA Security
LLC orLLC
its affiliates.
or its affiliates.
All rights
All rights
reserved.
reserved. C O N F I D E N T I A L
Internal Use

Khalid - Archer-Accelerate-Dubai KM

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Khalid - Archer-Accelerate-Dubai KM

Uploaded by

Copyright:

Available Formats

Internal Use

Archer Product Update

Archer Product Updates Agenda

▪ Archer People and Products

▪ Where do I find updates and more information ?

Meet Us at the Following Tradeshows and Events

For more information visit www.archerirm.com/events or contact tina.Reuterskiold@archerirm.com !

3 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Archer People and

4 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Update ARCHER People – DACH Team

▪ Andreas Heineke, DACH ▪ Julian Hirsch DACH

▪ Arik Kotkowski, DACH ▪ Werner Böckelen DACH

▪ Oksana Kolobov, DACH

▪ Murat Alkan, DACH

▪ Barbara Schreyer, DACH

5 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Update Archer People – META Team

6 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Archer People and

7 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

▪ Manage multiple ORCHESTRATE INSIGHT

existing infrastructure Consistent DECISION Modeling

8 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

▪ Manage multiple ORCHESTRATE INSIGHT

existing infrastructure Consistent DECISION Modeling

9 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

The Value of Archer

▪ Gain an enterprise ORCHESTRATE

10 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

GROWTH AND VISIBILITY

▪ Improve productivity INFORMED INTEGRATE

mitigation investment ENGAGE

11 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

INTEGRATED RISK MANAGEMENT

Enter data in Archer

A SaaS platform for high-performance

Automatically pull data from

12 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Archer Risk Management: High-level Overview

Applications Quantitative Risk

Get information from

13 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Archer Insight: A Methodological Approach Based on 3 Pillars

14 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

The Reference Hierarchy: Scopes for Risks and Objectives

OBJECTIVE / RISK LAYERS

▪ Risk Exposure is calculated and aggregated

▪ Objectives can be associated to any entity and IT Devices

Bowties: A Better Way to Model Risks Telling a “Risk Story”

How can we prevent the

If the risk event materialize,

16 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Bowties: An Example from Everyday Life

Icy Winter Passenger

Going too Excess Insurance Car repairs

17 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Adding Numbers to the Bowtie Something How bit it is

support a quantitative risk analysis

the “loss magnitude” must be described by probabilistic

What the Numbers Mean

Poisson Probability Expected # Probability Expected #

Bowtie Native Implementation in Archer (Q1 CY23)

20 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L