Andrew Rose

Principal Analyst serving Security & Risk PROFESSIONALS

Andrew's research contributes to Forrester's offerings for the Security & Risk Professional. He is a proven security leader, capable of transforming security teams into highly effective groups and driving efficiencies to deliver results with limited resource. Andrew is a leading expert in information security and risk management, ISO27001 frameworks, supplier review, and business engagement; information security policy development; information security strategy; and governance, risk, and compliance (GRC) initiatives.

Previous Work Experience

Prior to joining Forrester, Andrew was a CISO in the legal sector. He transformed security management for two major global firms, revising policies, setting strategy, introducing IT audit, and developing the maturity of the security teams. Ultimately, he led both firms to ISO27001 certification. Andrew was chairman of the Legal Security Forum, the industry's information security special interest group, and worked with the industry regulators to define and communicate best practices. Before entering the legal sector, Andrew worked in the insurance industry providing security consultancy and developing IAM teams. He has been a regular columnist for several risk-focused magazines and recently retired from the UK ISSA Executive Advisory Board.


Andrew holds a master's degree in information security from Westminster University. Andrew is also a certified information systems security professional (CISSP), a certified information security manager (CISM), certified in risk and information systems control (CRISC), and a trained ISO27001 lead auditor.

Refine your results

Date Range



7 results in Reports

  • Andrew Rose
  • Business Technographics
  • Management & Organization
  • For Security & Risk Professionals

    Report:Executive Spotlight: How CISOs Can Meet (And Surpass) The CIO's Expectations

    Planning The Journey From Safe Pair Of Hands To Trusted Advisor

    Next-generation CIOs and their teams face the challenge of fulfilling consumer expectations and the demands of digital natives while still meeting appropriate budgetary, governance, and performance...

    • Downloads: 246
  • For Security & Risk Professionals

    Report:Create And Manage An Effective Security Governance Board

    Over the past few years, regulation, compliance, and an escalating threat landscape gradually pushed information security to mature into a formal discipline, and these drivers encouraged CISOs to...

    • Downloads: 259
  • For Security & Risk Professionals

    Report:Build A Strategic Security Program And Organization

    Strategic Plan: The S&R Practice Playbook

    This report outlines the strategic vision of Forrester's solution for security and risk (S&R) professionals looking to build a high-performance security program and organization. This report is...

    • Downloads: 2848
  • For Security & Risk Professionals

    Report:Reinvent Security Awareness To Engage The Human Firewall

    Change Management: The S&R Practice Playbook

    For too long, creating security awareness has been an afterthought, something CISOs did in their spare time after putting out the operational fires that sprang up around them with alarming...

    • Downloads: 409
  • For Security & Risk Professionals

    Report:Understand Security And Risk Budgeting For 2013

    Benchmarks: The S&R Practice Playbook

    The global downturn has constrained security budgets for several years now, and chief information security officers (CISOs) have become accustomed to taking on more responsibilities without...

    • Downloads: 1099
  • For Security & Risk Professionals

    Report:Recruit And Retain An Information Security Team

    Skills And Staffing: The S&R Practice Playbook

    This report outlines the skills and staffing strategy for Forrester's solution for security and risk (S&R) professionals looking to build a high-performance security program and organization. We...

    • Downloads: 572
  • For Security & Risk Professionals

    Report:Navigate The Future Of The Security Organization

    Future Look: The S&R Practice Playbook

    This report outlines the future look of Forrester's solution for security and risk (S&R) executives working on building a high-performance security program and organization. This report is designed...

    • Downloads: 1116