um like very basic information uh while the rsc archer tool is becoming so demand in the market and why this tool is used for the gic purpose why this tool is not i mean why the web application is not not used in this um uh so all these informations will be discussing for today um yeah so let's start with the session um and just your voice is breaking now can you hear me now clearly yes okay great um yeah so let me repeat it uh so we are going to talk about the rc archer overview for today um like um we'll be talking why the rx reactor is used for gfc why not uh web application cannot be used so and uh the things related to the grc uh and different types of tools uh involved in grc so all these things will be talking i will be talking for today uh session uh please let me know if you have any questions in between uh i can clear you all those questions uh yeah so let me start with the session first so today's agenda is um over you overview of grc um traditional technique uh and what are the archer after the box solutions uh i mean uh which comes by default right so they call it as out of the box solutions um gartner magic curtain so uh to know the demand of archer you should check the gartner magic cotton um like i mean um each uh technologies will have this garter magic card and even i'll see i have this thing so to see this demand we have to see this uh gartner magic quadrant and um what are the benefits of enterprise grc program and um the rsa archer architecture i like how it is designed and now it is structured um yeah for a developer i mean in developer perspective this um architecture is not much important but uh it's good to know how it like how it is designed um yeah if you're a system admin or a support admin uh id admin right you should know about this architecture of the archer's design um yeah and yeah let's start with the overview of grc first so um grc so grc is called as governance risk management and compliance so grc comes under cyber security and um um under cyber security i mean under grc all these uh tools like rse archer uh metric stream service now and ibm nodes and there are various type of tools under that so um these tools are uh used to automate uh like it's a kind of automating the grc process so first we'll see what is drc and why it is getting automated uh what uh issue the phases and how they were coming with these tools um yeah so let's talk about that for today so before that we should know what is grc so governance risk management and compliance so governments um it's kind of a setting your rules to our organization let's take an organization so each organization will have their own policy will have their rules and regulations and everything um like um let's take and uh take a simple example like you need to swipe the card to get into your office so it's a policy they uh i mean it's i mean most of the company will have that kind of a policy so it's basically a set of regulations laws policy uh set up by an organization or by a regulatory bodies or law so it's basically um a policy uh it's set by an uh organization or uh different types of laws or uh by the regulatory bodies uh that is the governance um so risk so risk is nothing but uh like any kind of uncertainty um like um if you're not following this policy it leads to the risk um like if you're not uh swiping the card and getting into the office you're just tailgating then it's kind of a risk like any anyone can come and sit right um and uh if the security is not in that place uh then it's a risk so um in this we'll be calculating how much risk it uh i mean how much impact they have with this risk and what is the likelihood how likely it can happen so those kind of details are captured in this risk management and i mean the risk can be of various types like it can be a item risk or a process risk or operation risk or it could be a physical risk also uh so this tool right this tools help us to capture all those risks within the organization and um that and um and the impact of that risk and uh the likelihood as well so let's take an example for ip risk so let's say uh or i mean in your organization they're using a laptop with the older version of os like let's say windows 7 um windows 7 is i mean the support for windows 7 is already decommissioned or like they discontinued the um thing right so if any new vulnerabilities any threads any any any uh flaw in the system right os um it's not i mean the windows is not going to support that and um anyone can come inside and they can steal your data so that is clearly a risk and um you should upgrade your system to the windows 10 or windows 7 latest system i mean latest voice so um so these kind of a risk are captured and they are mitigated um in the risk management part uh so it's a big part in this uh how we are going to mitigate the risk there are different types of mitigation process involved in this um so we'll be talking about that later um so this is how the risk is mitigated and captured in in the archer part um and the last one is compliance so um whatever policies regulations laws are said by the government's right the executives or leadership team um so the employees has to idea to all those rules if they are not adhering to all those three uh rules and regulations then it it's a in compliance issue um like um like let's say if you're there's a time sheet right i mean everyone has to fill that time sheet if they're not filling the time sheet uh i mean it's a policy or rule in your company if they're not filling the timesheet then it's an incomplete issue so i mean if they're not following the policy and rules then it's a compliance so um this this compliance part comes uh like uh to make sure all the employees are adhering to the rules and regulations if they're not adhering to these rules then we'll be um like try to mitigate that those things are like will be creating an exception like we don't know why the employee did not do that right so we need to investigate that thing issues and that is a separate process which goes under the compliance and uh thing so these things will be talking about uh i mean more later um so this is the compliance part so this is overall um thing of governance risk and compliance so i'll just pass here and uh let me know if you have any questions on this grc because it's a basic thing um to uh without knowing this um we can't start working on archer applications just a basic idea you should know about what is erc okay so yeah i'll move on to the next slide then so this is um the book i mean um the definition of grc um an approach uh i mean grc process an approach to align the organization governance risk and compliance uh process to its strategy allowing the convert alone for convergence and transparency of the information to drive uh performance and resilience and dynamic economic business environment to uh to sum up this basically um an organization um i mean the governance risk and compliance process um is all about a strategy how the governance um should be followed within our organization like how to mitigate the risk um and how to minimize it and how to um compliance with various laws and regulation so yeah it's basically a process to follow all these um three different types uh like i mean um to mitigate the risk and how to compliance with all these regular rules and regulations if you talk talks about that yeah so the next slide so yeah it's a traditional technique okay so um this grc so let's go beyond like um 10 years before um that time the grc um had only less i mean now that time we didn't have that much regulations and law that time we had only internal audit and general counsel i mean this ian gcc right because i a and dc are the uh oldest one so i mean that time we add these two uh regulations and um um so uh i mean uh the in the traditional technique right they they were using a paper works or excel uh workbooks um to like um to do all these kind of mappings so under grc we have a different types of departments like operations finance hr sales and manufacturing or id department so they have different types of departments in their company and each department has to adhere to different type of laws and regulation so that time i mean 10 years before they they did not have that much laws and regulations so it was very easy uh to maintain all those things like um rules and regulation for each departments so uh um but now uh we can't i mean now in in up i mean the years right after uh every year we started uh bringing different i mean new types of regulations and raw uh like i mean two years before we start we came up with gdpr i don't know some of them may uh aware of this gdpr thing um it's about the privacy act and um uh even google paid a fine of 44 million uh dollars euro dollars um last year uh because they do not add a idea to those policies and regulations um so and ccpa is same as uh privacy but so applicable to california employees and i mean california um people um who works with the data and um they're different types i just mentioned only few years um they have pcids's which is uh for the card payments i mean whatever card payment you have right i mean most of the card has two ideas pci dss um laws and regulations uh e pi is for health and safety so um there are some rules and regulations that uh your health data should not be shared with other other people only it should be shared with you and your relatives so um so those kind of laws and regulations are talk um are structured in this so um what happened day by day uh new regulations has started coming up and it become a mess to um like uh map these laws and regulations with uh the uh departments and even departments started increasing so it became amazing they're not able to um like maintain a relationship between the regulations and the departments um so i mean because of that there are a lot of retenencies have started coming up and um cost of compliance yeah so if i gave an example right that google did not adhere to the gdpr rule um because of that they started paying fine like penalty for to the company so so because of if you're maintaining this grc thing you will be ending ending up with the cost of like you have to pay more um from your pocket so yeah so we should take care of all these things and ineffectiveness yeah structure is always in effectiveness because they are not uh i mean it's it it's redundancy um so they they're not using the they're not reusing the data so yeah so this kind of disadvantages are there in a traditional technique um so for this we started i mean um these tools came up like called rsc archer uh there are different types of tools in market um so um one of the tool is rsa archer and um we have various tools like service now servicenow is um like i mean one and a half year before they started this crc and they are still um in the starting stage of that and we have a matrix stream uh the another tool grassy tool it's called metric screen and we have ibm notes uh it's developed by ibm company and um we have logic gates we have different types of tools in market but um rc archer is one of the uh most demand in the in the market um yeah so what archer gives us so archer gives everything in a single unified console like everything like rules and regulations risk compliance and everything in us like isolated uh database so you can see everything in a one single system you don't need to go to a different uh excel to refer something um you don't need or share drive or something like uh to refer the data so everything will be in a um structured format and you'll be uh you can see all those in the archer itself so yeah and they have integrated libraries when you say integrated libraries right so um let's say you have a risk um so for i mean to mitigate the dress they'll be putting some controls to that i mean controls in the sense um um let's say um okay i'll take an example of um tailgating um i mean um every employee has to swipe and they have to go in to the office so if let's say if they are tailgating we should put some controls on that right like we don't know uh we should i mean the security is not there and the security camera is not there um so anyone can come into the office so we need to put some um controls to that uh the control is a one is uh security camera is one of the control um and the next one is security person so if you ins uh if you like install these two um if you put these two um thing in place so the risk can be mitigated uh yeah this can be mitigated easily but still there will be like um nine like point one percent risk can be there um yeah anyone can come um with some other side card and they can get inside the office but that cannot be i mean with this two controls we can't mitigate that we need to think about a different control for that um i mean uh there will be some other uh department to um bring up like they will create all these controls and they give it to us and we'll be importing into the archery libraries and we'll be mapping to the risk and we'll not be working on the control parts but yes this is an example i gave for controls what is for the controls um so there will be a risk and you need to put this controls to reduce the risk that's it this is the process of risk management um yeah um so with this rc archer you can reuse the data um so no need of um um like creating multiple uh i mean data again and again you can reuse the data there i mean there are different types of uh futures and uh rc actually that you can reuse the data within the archer and reducing compliance of i mean the cost of compliance yes it is um um you can't see it clearly but it uh it definitely reduces the cost of compliance and effectiveness it's more effectiveness rather than um working on the excel documents or the shared documents um it's it's better to go with rsa archer or some other grc tools in the market so um they here it says integrated frameworks like kosovo and kobit so that is a framework which they use for risk management um that is like um if you're more functional uh then you will be uh talking more about this kosovo and kobit process so like um i mean the let's say if you use a c sharp.net right i mean.net is a framework which we'll be using for developing application so it's similar to that um so we'll be using a cobit framework they will have some set of error frameworks so based on that frameworks we'll be managing with those risk um uh so these things is done using the kosa and kobit uh yeah um so i'll just pass here and uh we'll wait for question if they have any okay i'll just move on yeah so um this is the archer of the box solutions um so archer provides different types of modules um yeah in uh by default i mean you need to purchase all these modules separately uh each module cost around five thousand to ten thousand dollars um yeah it depends i mean um um i think it's annually i'm not sure about the price uh i think uh but it's more costly uh yeah so so policy management um it's one of the modular nature which captures all the policy uh within the organization threat management uh which captures all the threat uh happening outside the organization like uh different types of threats are there right ransomware different types so all these are captured and sent i mean um pulled inside the actual um so that is done through the threat management and um so those threats are uh attribute and um i mean there will be some sme subject matter risk expert uh who reviews those threats and um like validates like uh then they'll be doing some review review process and they'll be checking um if it impacts the company or not if it is not impacting they just leave all those states if it is impacting then they will be working on those threats what needs to be improved or if there is i mean if they need to change any policy if they need to create any new policy to avoid these threats so yeah they'll be doing all these things in the threat management and enterprise management um it's for the uh relationship and dependencies within the enterprise i mean within the year within your organization um so risk management it's basically uh identify your risk and capture all the risk and the mitigation process will go inside this and yeah so you can mitigate a risk or you can accept a risk so all these process goes inside the risk management um yeah so and next is business continuity management so uh if any disaster occurs right so we'll be using this business continuity management i think most of them are aware of this bcm process so even after as that so we can use that for that purpose disaster management so incident management is about the uh incident any incident happening inside your organization like whether it's a cyber incident or a physical incidence so all these incidents are managed in this incident management so vendor management so vendor management is nothing but um if you're trying to i have some third party um vendor to your company um like a capturing service or some other service right um so we'll be doing a due diligence like we'll be doing a review process um whether they are okay like there will be some different uh multiple process going on um in the back end like um uh checking uh or whether the vendor is good or not so if um so all these process comes in this window management um for ca i mean cabling i just gave an example but there are different types of vendors uh foreign company uh like um for the laptops right your company will have some laptops so though i mean those laptops are coming from a different third party event so um we'll be doing a new resilience um um to that winter and so we'll be doing all these things in this method management and um yeah next is audit management so audit management um so if you're doing any audit to your company right so we'll be capturing all those audit details in this audit management and compliance management yeah so compliance management is the main part here compliance management policy management and risk management so compliance management um will have all these um compliance uh things uh if any anyone uh is not ideal in the compliance right so we'll be adding all those things in this and um yeah so this is the overall archer structure i mean the archer of the box solutions um yeah so um i mean archer gives all these uh by default but uh um the company have to pay off for each and every modules yeah so the next one is gartner magic quartet so yeah you need to see the demand of archer in this um so you can see the fourth quarter and right leaders quadrant this right side you can see the del technologies rsa yeah um dell technologies rsa so um yeah so rsa is a leader in the grc domain so um so even servicenow is here so all these are grc tools um so whatever you see here right it's grc tools um but rsa is in leader squad content and other tools are in different different quadrants um so um this is 2019 um screenshot uh in 2020 also they are in latest quadrant uh for um yeah like i have been seeing like for uh um like six to seven years they are in uh leaders quadrant they do not move in any any of these quarters you you can search in google um with this garden magic curtain and rsa you'll get all the details um yeah you can see the manufacturer by seeing this yeah most of the companies use this archer um because of um the security purpose and um because of uh like to configure it's very easy we don't need any developers i mean the coding uh knowledge of programming knowledge uh to develop this uh to configure this uh applications so yeah so that is why most of the clients prefer rsa archer over metric screen so for metric stream they need uh they definitely need a java knowledge uh without java we can't configure the metric stream uh java and sql knowledge should be there um for servicenow you definitely need a scripting knowledge without scripting knowledge you can't um do a customization of your application so yeah but rsa doesn't need any knowledge of coding uh programming or any knowledge you can directly um it's all a tool based drag and drop and everything is there uh within the archer itself so yeah that is why most of the company goes with the rxe and the next one is the architecture of archer so it's a common architecture where uh most of the web applications um uses this uh i mean now it's a simple one so so um external applications uh is linked okay so um the i mean rsa archer right they use a database called sql sql server um and um and these are these three are logical uh tiers um these are not physical tiers uh so physically they have database and they have a web servers or application servers so um database is connected to those two servers and uh with the app your application is installed and from there um the archer user can request for the data and the response is sent to them um through the http or https um so let's say if you want to integrate a third party application right we we have a web services for rc actually um so we can you know like leverage them to um pull or push the data directly using that but the archit don't give access to the database directly so most of the data in rc archer is like encrypted so if you just go to archer database also you don't find the data i mean the same data in the database so most of the data is encrypted is an encrypted format so um you can't directly write the data in the database also so that is where the uh mostly recommenders to use a web services api in this um to if you want to push or pull the data yeah so this is the architecture of rsa archer and it's it's not i mean nothing is it it's a basic architecture um most of the web application uses this yeah yeah so the next one is uh structure of an archer so excel if you compare excel with an rsa archer right um both are most like most likely uh like same like maybe i can say 90 percent they are same um so um i mean i think most of them knows about the excel thing right so they call it as a workbook and inside workbook um i mean each sheets are called as worksheets and rows um i mean the rows in the excel the column and the charts in the excel so the similar way even arch around the own structure um um so they have a solution solution is nothing but um uh like under solution uh solution is nothing but a kind of a package and that that the solution will have our different types of applications bundle kind of a bundle um and worksheet is a separate application uh so under solution you can have a multiple applications so that is what they're trying to say in this um and um the rules are called as records and columns is called as fields and chart is called as iviews and archer so i mean with this right i am saying that it's more easier to learn about archer when you compare with excel or even we have some calculation and archer uh like calculating a risk um in the back end calculating the score some some different types of calculations are there so those calculations also will be a similar most likely similar to the excel calculations so if you're know like if you're more uh like i mean if you're good at excel calculations then you're i think you can easily do archer calculations as well yeah so the next one is yeah so these are the components of rsa archers so we have different types of components like access controls appearance application builder um discussion forums uh integrations management reporting notifications and workspace and display um yeah so uh let's talk about uh each and every um component of archer so access control is nothing but um access part where you create a user new user and give access to uh users and like um you can create different types of roles uh within the archer and um you can assign those rules to the new users so it's basically a giving access to an application um this is used to give an access uh to an application or to the user so yeah so access part is completely in the access controls and next is the appearance so let's say if you want to change any logos or any uh editor or footer or if you want to change any title of your web page so this appearance is used um yeah so you can change all those things you in this appearance component and um next to that is application builder application builder is where you create all those applications um like um i was talking about the risk management compliance management policy management and everything right so all those applications are resides in this application builder so yeah so if you want to do a customization on those applications then you have to go inside this application builder so yeah so the next is discussion forums so discussion forums is nothing but kind of a forum where you can exchange your information on like if you want to do any discussion on your topics right uh between your user end users so you can discuss in that discussion forums um yeah so this next is integration part so integration let's say if you want to do a third party integration like a kind of external integration right um you can do an integration in this component like they have a web services api and um they have uh data feeds so there are different types of uh or i mean uh techniques to do an integration um yeah uh and the next one is uh management reporting so if you want to create a chart iview or reports right so we'll be creating under this management reporting um yeah and notifications so yeah so let's say if you want to trigger any notification to the end users based on um any value change or any reminder notification or anything related to the notification right can be done in this uh notification component and uh the next to that uh and it's a last one um so it's a workspace and dashboard component so works is an i mean workspace and dashboard component um is most likely used uh uh with uh the reports and iviews uh so whatever charts and ideas you're creating right so you need and you can place all those ibus to a dashboard let's say i mean if you want to place a report to a landing page of the end user right i mean if the end user is logging to archer instance then if they want to see a report at the landing page then you have to create a dashboard you need to pre place all those iviews to those dashboard so yeah i think yeah it's it's a basic one i mean we'll be talking more about uh workspace and dashboard when we get into the archer tool when we start with the session um so yeah so that's it for the session um anyone have any questions hi so do we need any xml or access healthy knowledge for this um yes um i mean um not for customizing the application so when you when i when i say the integration right um there is an integration part in this okay when you're trying to integrate with the third-party application i mean third-party uh tools or somewhere right so that time you need a xslt or xml configuration yeah okay yeah any web service knowledge sorry web service knowledge yes uh we need for integration focus yeah so if you want to use user api right uh to integrate something then we need a web services knowledge okay any so for rest web services yeah we do have yeah so yeah yeah yes web services okay yeah so uh archers support uh multiple languages you can use any programming language to uh pull or push data into the archer okay yeah and is the arch developments and uh i mean is the both are different or is the same let's say you know come to the job market i saw some how it goes let's come to the job market so two different things are here so uh i mean uh the development and the um admin part so developer most likely they will give i mean they'll get work every day but when you take admin right um they have to take care of these servers actual web servers uh if anything goes wrong uh in the back end they have to take care uh they most likely uh don't work on the archer development part i mean they're configuring uh the aperture thing right they don't work on that i mean they will not have work on configuring all these archer applications they will have only access to the back end i mean archer have different things like the front end and the back end of our chip so back end as a control panel um where they can see all the running jobs um what are the jobs are running in the back end so um if they want to kill any job if they want to delete any job that they can do um in that back-end and if the archer is not working then the developer cannot do anything only the archer admin has to take care uh that time uh actually admin plays a important role in this um if archer goes down or archer it's not working or if archer is loading for a long time so all these things needs to be taken care of by the admins at admins and um but if you take archer developer right they do all the development parts they will create a new application they will uh um like they customize the existing application they create integration so integration whatever you say right integration accessibility xml soap i mean web services everything comes to the developer part and maintaining a backend server and archer goes further so uh rsa admin yeah okay got it yeah and uh after the training you can get any job support or anything from me yeah yeah we can yeah yeah okay yeah that's everything from myself okay thank you um anyone have any questions okay and is it possible can you please uh send me this presentation skills to my email yeah yeah sure sure i will talk to them thank you thank you so much and how many hours we need i need to take that like how how it goes for your training like the monthly is going to be finished like monthly or two months or how many hours so when you tell i mean talk about hours right it takes around the 30 hours of me um but i should consult with the um yeah i'll talk to you on this yeah i'm not sure how it's going to be let me talk to you yeah oh sure and last question uh yeah so come to the uh certification side as i know it's not required for jobs but it is it's good to have from the resume uh so i know i did some google search you know it's cost around 107 180 for american dollars um so um it's 150 dollars there are two different certification um one yeah so one is called as associate and another one is called um professional so uh both both are 150 dollars associate is like kind of a basic certification um not basic um so you should maybe i can say 50 percent of our share you should know to complete that certification and um so for the professional certification uh kind of advanced one where you should know all these integration parts and um other things apart integration most likely uh nobody uh will work i'm um i mean uh they that needs more programming knowledge right so they don't i mean a few of them they don't work on that so um that comes in under the professional part so so first you need to complete associate to complete this professional you can't directly take that so it's a pre-requisite yeah yeah these both are 150 so each individual each 150 yeah each 150 dollars oh is enough to write the exam or we need any special effects um i would say um like if you work for uh four to five months that is perfectly enough like you can score 80 to 90 percent easily yeah yeah and i can support you on that uh if you needed after that yeah yeah yeah yeah yeah okay thank you yeah your goodness yeah yeah yeah yeah actually what are the periods to learn this training and how is the job market for this um so i mean there is no prerequisite for this but you should it's good to know if you have a grc knowledge um yeah if you have that that's really good uh if you don't have it's okay you can learn later um and the job market is very high currently even this uh during this kobe situation right we are getting more uh job opportunities for this rsa archer you can just google in i mean search rsa jobs in google you will get many during these days so um that is because um uh this drc comes under cyber security so during this situation uh most of the companies are going under uh like um different types of um things right impacting uh the cyber security so because of that this grc is booming and um um yeah not only rc archer most of the tools are uh um like going in this situation um yeah but but i i can say that uh in future also uh maybe um for next four to five years i can say that rsc archer uh is going to have more demand in the market but after four to five i i cannot say because some other tool can come because it's completely based on the tool right any tool can come in future uh which can be better than this rsc archer yeah but currently this have more demand yeah so are you going to cover here in admin part and development um only the development part i mean i can cover but uh i cannot show the uh control panels because i don't have access to that yeah i can cover what maybe i can cover theoretically not uh practically yeah to go with the development part should we have good knowledge and development like javascript and all those are basically you know yeah maybe i can show show you some screenshots of control panel out does it like uh looks like um yeah but practically it's not possible okay yeah okay so i think we can close this session uh if you don't have any questions um everyone uh for joining us yeah thank you thank you so much thank you yeah yeah thank you smaller