Forrester

For Security & Risk Professionals

Report:Build A High-Performance Security Organization

Executive Overview: The S&R Practice Playbook

Today, business leaders expect the CISO to not only protect the organization from run-of-the-mill hackers but to also protect its brand and competitive advantage in the marketplace — all while...

• Downloads: 595
• Rating:

For Security & Risk Professionals

Report:The Forrester Wave™: Information Security Consulting Services, Q1 2013

Ernst & Young, Deloitte, IBM, Accenture, PwC, And KPMG Lead, With Wipro Following Close Behind

The information security consulting market is growing explosively because security and risk professionals often lack the skill and bandwidth to accomplish their increasingly difficult mission. To...

• Downloads: 520
• Rating:

For Security & Risk Professionals

Blog:A European Perspective On The USA PATRIOT Act

The USA PATRIOT Act (more commonly known as “the Patriot Act”) was signed into law by George W. Bush on October 26, 2001 as a response to the September 11 attacks. The title of the act...

For Security & Risk Professionals

Blog:Starving The Golden Goose

The new revolution in apps and social media continues at a stunning rate. Nearly every day a colleague tells me of another app or site that is bubbling up and about to hit the big time. Many will not...

For Security & Risk Professionals

Blog:The Psychology Of Bad News

  Last night I stumbled across a documentary on BBC2 (content only available to UK residents – sorry!) about the human brain. One section talked about how the brain perceived risk issues...

For Security & Risk Professionals

Blog:New Research: Organizational Challenges

I was reading an article recently which outlined the different agencies employed within the United Kingdom to protect against cyber-threats.  Not including the armed forces, who would have...

For Security & Risk Professionals

Blog:CISOs Need To CYA - 'Comprehend Your Assets'

I recently went for coffee with a very interesting gentleman who had previously been responsible for threat and vulnerability management in a global bank – our conversation roamed far and wide...

For Security & Risk Professionals

Blog:The Atlantic Ocean Divides Financial Aspirations For CISOs In 2013

  As 2012 came to a close, we studied the financial position of many CISOs and asked about their expectations for 2013. Unsurprisingly, it was apparent that 2012 was another difficult year and...

For Security & Risk Professionals

Report:Q&A: Cyberinsurance Fundamentals For Security And Risk Professionals

Since cyberinsurance first emerged in the late '90s, the number of available policies, the scope of those policies, and the number of insurers offering them have all significantly increased. Due to...

• Downloads: 54

For Security & Risk Professionals

Report:Understand Security And Risk Budgeting For 2013

Benchmarks: The S&R Practice Playbook

The global downturn has constrained security budgets for several years now, and chief information security officers (CISOs) have become accustomed to taking on more responsibilities without...

• Downloads: 841

For Security & Risk Professionals

Blog:Compliance And Cloud – Responsible Or Accountable?

It’s interesting how many threads there are on the Internet that still debate the difference between these two words: “responsible” and “accountable.” Oddly enough,...

For Security & Risk Professionals

Blog:A Christmas Present From MIT?

As much as the cloud computing model makes sense to me, my security sensibilities cry out about information risk every time I start to consider actual implementation for data of value across an...

For Security & Risk Professionals

Blog:Go Beyond Technology To Build An Effective Security Practice

It’s common knowledge that the security landscape has shifted over the past few years and the once-strong perimeters that CISOs relied upon have become stretched, fragmented, and overrun by...

For Security & Risk Professionals

Blog:Rewind And Replay For Web App Vulnerabilities

Security threats develop and evolve with startling rapidity, with the attackers always seeking to stay one step ahead of the S&R professional. The agility of our aggressors is understandable; they do...

For Security & Risk Professionals

Report:Assess Your Security Program With Forrester's Information Security Maturity Model

Assessment Framework: The S&R Practice Playbook

This report outlines the assessment framework associated with Forrester's solution for security and risk (S&R) executives. The report is designed to help CISOs as they continue working their way...

• Downloads: 2038
• Comments: 1
• Rating:

For Security & Risk Professionals

Blog:Is The Time Right To Spread Your Risk?

For many years, security professionals have lived by the three pillars of risk management – AVOID, TREAT, ACCEPT.  These great tenets have served the profession well, enabling CISOs to...

For Security & Risk Professionals

Report:Building An Effective Information Security Policy Framework

CISOs Need To Act To Realize True Business Benefit From Security Policy

As information security has become more widely understood, the majority of organizations have built a set of supporting policies. Unfortunately, many of these are slowly drifting toward irrelevance...

• Downloads: 657

For Security & Risk Professionals

Report:Build An Information Security Management System

Policy And Procedures: The S&R Practice Playbook

Over recent years, the information security industry has matured nicely; experts and associations have documented many best practice models, and their adoption has been widespread. It's disconcerting...

• Downloads: 733

For Security & Risk Professionals

Blog:Is CyberLiability Insurance Becoming A More Feasible Risk Management Strategy?

The cyberinsurance market today represents only a tiny segment of the overall insurance industry, and a recent Forrester paper on the topic identified that only a very small percentage of...

For Security & Risk Professionals

Report:Navigate The Future Of The Security Organization

Future Look: The S&R Practice Playbook

This report outlines the future look of Forrester's solution for security and risk (S&R) executives working on building a high-performance security program and organization. This report is designed...

• Downloads: 932

For Security & Risk Professionals

Report:What You Must Know About Data Privacy Regulations In Asia Pacific

Be Ready To Comply With Dynamic Regulatory Changes

Understanding the laws and regulations that govern data privacy across your organization is critical for any company, but it can be challenging. As a result, too many security and risk (S&R)...

• Downloads: 69

For Security & Risk Professionals

Report:Recruit And Retain An Information Security Team

Skills And Staffing: The S&R Practice Playbook

This report outlines the skills and staffing strategy for Forrester's solution for security and risk (S&R) professionals looking to build a high-performance security program and organization. We...

• Downloads: 407
• Comments: 2

For Security & Risk Professionals

Report:Role Job Description: Chief Information Security Officer

The role of the chief information security officer (CISO) is increasingly central to many organizations; however, it has many guises. No two CISOs have exactly the same roles and responsibilities,...

• Downloads: 653

For Security & Risk Professionals

Blog:Open & Honest - Should Breach Disclosure Be Mandatory?

A few months ago I shared a flight with a very pleasant lady from a European regulatory body.  After shoulder surfing her papers and seeing we were both interested in information security...

For Security & Risk Professionals

Blog:A 'BYO' Too Far?

Undoubtedly, most of you will have seen the amazing story about the developer who secretly outsourced his own role to China, investing 20% of his annual salary to free up almost all his work time....