“Thank you, thank you, thank you” to Gartner for reinventing GRC as IRM, RSA President Rohit Ghai said in his keynote speech to the conference (and for including RSA Archer in Gartner’s first Magic Quadrant of recommended products for IRM). Ghai said that IRM answers a fundamental problem in cyber risk management: “Organizations feel grossly underprepared to manage digital risk because it requires cross-domain competencies.”
“When we say IRM, we mean a business-driven, agile strategy to not only connect multiple domains of risk but to also connect strategic risk with operational business transactions,” added David Walter, Vice President of RSA Archer, in the second keynote.
And that leads straight to FAIR. As RSA Archer Principal Product Manager Corey Carpenter said, for IRM to work, “we need a Rosetta Stone that ensures we are all speaking the same language. In this case, that is the FAIR approach to risk quantification and the RSA Archer/RiskLens integration…FAIR is the industry standard that is repeatable and defensible and consistent in (expressing risk in) a scale that everyone understands: money.”
The current RSA Archer/RiskLens integration is just a start, Carpenter said. “In the next year, you will see a more seamless integration of RSA Archer/RiskLens with the inclusion of scoping data and more analysis. Additionally, we want to extend this capability to other risk disciplines: vendor risk, compliance, operational risk”.