Forrester

For Security & Risk Professionals

Blog:New Research: Develop Effective Security Metics - Published this Month

This month I published a new report on information security metrics, best practices as well as a maturity model to measure your maturity in the reporting process.  This report outlines the...

For Security & Risk Professionals

Report:Measure The Effectiveness Of Your Data Privacy Program

Performance Management: The Data Security And Privacy Playbook

Privacy is one of the most important and emotional issues in information security. Privacy, or the lack thereof, affects a company's management, employees, and most importantly, customers. With the...

• Downloads: 236
• Rating:

For Security & Risk Professionals

Report:Determine The Business Value Of An Effective Security Program — Information Security Economics 101

Business Impact: The S&R Practice Playbook

This report outlines Forrester's approach to helping you financially model information security. In today's seemingly never-ending cycle of new technologies, cyberthreats, and regulations, it's...

• Downloads: 542

For Security & Risk Professionals

Blog:Information Security Metrics Insanity, The 3Rs And Dashboards!

  I just finished a research document titled Measure The Effectiveness Of Your Data Security And Privacy Program for the The Security Architecture And Operations Playbook. This was a lot of fun...

For Security & Risk Professionals

Blog:Information Security Metrics & The Balanced Scorecard

I just finished a final draft of a presentation on information security executive reporting that I and some colleagues will present at the upcoming Forrester IT Forum in Las Vegas.  For those of...

For Security & Risk Professionals

Report:Determine The Value Of Information Security Assets And Liabilities — Information Security Economics 102

This is the second in a series of reports providing guidance and new methods for the financial management of information security. The CISO's role is rapidly changing. A few years ago the CISO for...

• Downloads: 108
• Comments: 2
• Rating:

For Security & Risk Professionals

Tool:Forrester's Information Security Sourcing Decision Tool Kit

For Security & Risk Professionals

Report:The Forrester Wave™: Emerging Managed Security Service Providers, Q1 2013

Ten Emerging Service Providers That Have The Chops To Be Your Managed Security Service Provider

In Forrester's 15-criteria evaluation of the emerging managed security services provider (MSSP) market, we identified the 10 most significant providers in this category — Alert Logic; CompuCom;...

• Downloads: 582
• Rating:

For Security & Risk Professionals

Client Inquiry:Are Organizations Still Using War Dialing?

Are organizations in the financial services sector still using war dialing as a control to identify potential insecure modems or telephony applications? Is it still a best practice to engage in this...

For Security & Risk Professionals

Blog:CLOUD SECURITY - EXPECT ACCELERATED DEPLOYMENTS DUE TO STRONG MOVES BY PROVIDERS TO IMPROVE SECURITY

Forrester research has always identified security as a major impediment to broad scale implementation for cloud, regardless of the model, SaaS, PaaS, IaaS, the adoption rate has been slowed by...

For Security & Risk Professionals

Blog:More On Metrics...

At Forrester, we place a great deal of emphasis on relevance and what it means when researching a topic.  For the busy executive, it's sometimes difficult to wade through deep lists of...

For Security & Risk Professionals

Tool:Forrester Wave™: Emerging Managed Security Service Providers, Q1 2013

For Security & Risk Professionals

Blog:Enterprise Information Security Architecture

I always have been interested in Enterprise Architecture.  Enterprise Architecture is one of those terms that security professionals hear about but do not always know how it can benefit what...

For Security & Risk Professionals

Blog:Nine Managed Security Services Providers (MSSPs) Compete In The North American Market

After months of diligent vendor evaluations, last week we officially published The Forrester Wave: Managed Security Services: North America, Q1 2012. This report features our detailed analysis on...

For Security & Risk Professionals

Blog:InfoSec: Enterprise Architecture Building Codes

There are many types of criminals. These include thrill-seeking hackers, politically motivated hackers, organized criminals after financial gain, and state-sponsored groups after financial gain and...

For Security & Risk Professionals

Blog:MSSP Valuation - Information For Selecting An MSSP

I attended two really great presentations at MSPWorld yesterday. This is a very interesting conference, sponsored by the MSPAlliance[i] and co-hosted with IT-Expo but focused on managed service...

For Security & Risk Professionals

Blog:The Impact Of Proposed Cybersecurity Legislation On Private Sector CISOs - Miami Security Forum

At the upcoming Forrester Security IT Forum (November 9) in Miami, Florida, I will present information on President Obama's cybercrime legislative initiative. This presentation and discussion...

For Security & Risk Professionals

Tool:Forrester Wave™: Managed Security Services: North America, Q1 2012

For Security & Risk Professionals

Client Inquiry:Security Reporting Structure

What are the pros and cons of security reporting within IT versus a non-IT department?

For Security & Risk Professionals

Report:Source Your Security Services

Build/Buy Capabilities: The S&R Practice Playbook

This report outlines a sourcing strategy and Forrester's decision support solution for security and risk (S&R) executives working to build a high-performance security program and organization. We...

• Downloads: 530
• Comments: 1
• Rating:

For Security & Risk Professionals

Blog:Information Value and Risk Assessment

  I just wrote a paper on the value of information security. Please see the paper here. It is something I have thought about for a long time. Information security as a technical discipline...

For Security & Risk Professionals

Blog:The Power Of Data Analysis - "Spamalytics"

Some of you may have seen the article in the New York Times by John Markoff (endnote1) announcing a paper to be presented at last week’s IEEE conference. This paper is an update to research...

For Security & Risk Professionals

Report:The Forrester Information Security Metrics Maturity Model

In conjunction with Forrester's update to our information security metrics and best practices report, Forrester has developed a model to help you assess the maturity of your security metrics program.

• Downloads: 127
• Comments: 1

For Security & Risk Professionals

Tool:Capture Information Security Costs

For Security & Risk Professionals

Blog:Managed Service Market Is Growing – Come On In, The Water’s Fine!

I reported that the managed security services market is growing in our recent Forrester Wave™ covering North American managed security service providers. Trustwave just issued a press release...