Forrester

For Security & Risk Professionals

Blog:InfoSec: Enterprise Architecture Building Codes

There are many types of criminals. These include thrill-seeking hackers, politically motivated hackers, organized criminals after financial gain, and state-sponsored groups after financial gain and...

For Security & Risk Professionals

Tool:Evaluated Vendors: Vendor Information And Selection Criteria

For Security & Risk Professionals

Blog:Large Telecoms Offer A Full Menu Of Security Services, But Not Without A Little Indigestion

Guest Post From Researcher Chris Sherman  Last month, Ed and I spent a couple days in Paris with Orange's management team for their annual analyst event. Overall I was impressed with...

For Security & Risk Professionals

Tool:Forrester Wave™: Managed Security Services: North America, Q1 2012

For Security & Risk Professionals

Blog:Information Security Metrics

Forrester receives a significant number of inquiries from clients requesting Forrester guidance on Information Security Metrics.  Chief Information Security Officers (CISOs) need new types of...

For Security & Risk Professionals

Blog:Information Security Metrics Insanity, The 3Rs And Dashboards!

  I just finished a research document titled Measure The Effectiveness Of Your Data Security And Privacy Program for the The Security Architecture And Operations Playbook. This was a lot of fun...

For Security & Risk Professionals

Blog:MSSP Valuation - Information For Selecting An MSSP

I attended two really great presentations at MSPWorld yesterday. This is a very interesting conference, sponsored by the MSPAlliance[i] and co-hosted with IT-Expo but focused on managed service...

For Security & Risk Professionals

Tool:Capture Information Asset Revenue

For Security & Risk Professionals

Blog:Calculating Breach Costs: An Accounting Problem For Risk Management Strategy

Guest post from Researcher Heidi Shey.  Calculating the cost of a data breach should be a part of every organization’s information security risk management strategy. It’s not an easy...

For Security & Risk Professionals

Blog:Think Differently

Steve Jobs by Walter Isaacson is a very readable and honest portrayal of one of the most influential personalities in the computer industry from 1980 to the present. Often caustic, abrupt, and...

For Security & Risk Professionals

Client Inquiry:Are Organizations Still Using War Dialing?

Are organizations in the financial services sector still using war dialing as a control to identify potential insecure modems or telephony applications? Is it still a best practice to engage in this...

For Security & Risk Professionals

Tool:Forrester Wave™: Emerging Managed Security Service Providers, Q1 2013

For Security & Risk Professionals

Report:Determine The Business Value Of An Effective Security Program — Information Security Economics 101

Business Impact: The S&R Practice Playbook

This report outlines Forrester's approach to helping you financially model information security. In today's seemingly never-ending cycle of new technologies, cyberthreats, and regulations, it's...

• Downloads: 564

For Security & Risk Professionals

Report:Measure The Effectiveness Of Your Data Privacy Program

Performance Management: The Data Security And Privacy Playbook

Privacy is one of the most important and emotional issues in information security. Privacy, or the lack thereof, affects a company's management, employees, and most importantly, customers. With the...

• Downloads: 252
• Rating:

For Security & Risk Professionals

Report:The Forrester Wave™: Information Security Consulting Services, Q1 2013

Ernst & Young, Deloitte, IBM, Accenture, PwC, And KPMG Lead, With Wipro Following Close Behind

The information security consulting market is growing explosively because security and risk professionals often lack the skill and bandwidth to accomplish their increasingly difficult mission. To...

• Downloads: 567
• Rating:

For Security & Risk Professionals

Blog:Enterprise Information Security Architecture

I always have been interested in Enterprise Architecture.  Enterprise Architecture is one of those terms that security professionals hear about but do not always know how it can benefit what...

For Security & Risk Professionals

Blog:Managed Service Market Is Growing – Come On In, The Water’s Fine!

I reported that the managed security services market is growing in our recent Forrester Wave™ covering North American managed security service providers. Trustwave just issued a press release...

For Security & Risk Professionals

Blog:Information Value and Risk Assessment

  I just wrote a paper on the value of information security. Please see the paper here. It is something I have thought about for a long time. Information security as a technical discipline...

For Security & Risk Professionals

Report:Determine The Value Of Information Security Assets And Liabilities — Information Security Economics 102

This is the second in a series of reports providing guidance and new methods for the financial management of information security. The CISO's role is rapidly changing. A few years ago the CISO for...

• Downloads: 161
• Comments: 2
• Rating:

For Security & Risk Professionals

Report:Source Your Security Services

Build/Buy Capabilities: The S&R Practice Playbook

This report outlines a sourcing strategy and Forrester's decision support solution for security and risk (S&R) executives working to build a high-performance security program and organization. We...

• Downloads: 541
• Comments: 1
• Rating:

For Security & Risk Professionals

Tool:Evaluated Vendors: Vendor Information And Selection Criteria

For Security & Risk Professionals

Blog:Managed Security Services — Build Versus Buy

  While you are at the Forrester Security IT Forum in Miami, you might also want to attend my session on Managed Security Services Providers. In my role as an analyst, I speak to many security...

For Security & Risk Professionals

Report:Measure The Effectiveness Of Your Security Architecture And Operations

Performance Management: The Security Architecture And Operations Playbook

Information security programs have struggled with legitimacy with senior leaders for a long time. There are many reasons for this, but they all can be traced back to the historical inability of chief...

• Downloads: 507
• Rating:

For Security & Risk Professionals

Blog:New Research: Develop Effective Security Metics - Published this Month

This month I published a new report on information security metrics, best practices as well as a maturity model to measure your maturity in the reporting process.  This report outlines the...

For Security & Risk Professionals

Blog:Information Security Metrics & The Balanced Scorecard

I just finished a final draft of a presentation on information security executive reporting that I and some colleagues will present at the upcoming Forrester IT Forum in Las Vegas.  For those of...