Forrester

For Security & Risk Professionals

Report:Maximize Business Performance With A World-Class GRC Program

Executive Overview: The Governance, Risk, And Compliance Playbook

Unexpected events are at best distracting and at worst catastrophic for an organization as it strives to meet its objectives. Risk and compliance professionals must help their colleagues anticipate...

• Downloads: 212

For Security & Risk Professionals

Blog:IBM Announces Plans To Acquire OpenPages . . . Top GRC Vendors Are Charting Very Different Courses

Rarely does vendor consolidation reflect such fragmentation of a market. Picking up on the recent acquisition trend of independent market leaders, IBM today announced plans to acquire long-time GRC...

For Security & Risk Professionals

Report:Designate Clear Lines Of Risk And Compliance Accountability

Organization: The Governance, Risk, And Compliance Playbook

Governance, risk, and compliance (GRC) encompass an incredibly broad set of functions for organizations in any geography, in any industry. In fact, almost all employees play some role in helping...

• Downloads: 392
• Comments: 3
• Rating:

For Security & Risk Professionals

Tool:GRC Vendor Focus Areas

For Security & Risk Professionals

Blog:Crisis Communication, Business Continuity, And Risk Management

I recently recorded a podcast with Stephanie Balaouras, discussing the potential for increased collaboration between crisis communication, business continuity, and risk management functions....

For Security & Risk Professionals

Tool:GRC Revenue Distribution

For Security & Risk Professionals

Report:The Risk Manager's Handbook: How To Identify And Describe Risks

Documenting The Sources Of Uncertainty That Might Affect Your Organization, Project, Asset, Or Objective

Enterprise risk management (ERM) programs are helping to break down organizational silos so that executives can gain insight on the risks that may affect all aspects of their business. Unfortunately,...

• Downloads: 1462

For Security & Risk Professionals

Report:Build A Governance, Risk, And Compliance Strategy Worthy Of Business Consideration

Strategic Plan: The Governance, Risk, And Compliance Playbook

Governance, risk management, and compliance (GRC) are far too often positions of emergency response. What's worse, as you constantly rush to respond to new mandates, enforce policies, or pull...

• Downloads: 558
• Rating:

For Security & Risk Professionals

Report:Define And Articulate The Role Of Risk Management

Processes: The Governance, Risk, And Compliance Playbook

As a risk professional, you are currently in a position to exert more influence on your organization and increase the value you and your team can offer. Many of you will feel pressure to develop...

• Downloads: 1392
• Rating:

For Security & Risk Professionals

Blog:Tips For Using Spreadsheets For Business Intelligence, Compliance, And Risk Management

My colleague Boris Evelson, who covers business intelligence for Forrester and serves business process professionals, recently wrote a great post about the use of spreadsheets for business...

For Security & Risk Professionals

Blog:In 2011 The GRC Market Will Grow 20%, Driven More By Breadth Than Maturity

On the heels of Forrester's GRC Market Overview last month, this week we published my Governance, Risk, And Compliance Predictions: 2011 And Beyond report. Based on our research...

For Security & Risk Professionals

Tool:IT GRC Adoption

For Security & Risk Professionals

Blog:NASDAQ OMX Acquires BWise… Where Is GRC Headed?

Last week saw news that yet another top GRC software vendor has been acquired, following in the footsteps of Paisley, Archer, OpenPages, among others. BWise has always been an impressive vendor in...

For Security & Risk Professionals

Report:The Risk Manager's Handbook: How To Evaluate Risks To Plan An Effective Response

Determining Whether, When, And How To Treat Risks

The goal of a risk management program is to drive effective decisions and actions based on an understanding of how uncertainty may affect objectives. However, even mature programs that have...

• Downloads: 495

For Security & Risk Professionals

Report:The Risk Manager's Handbook: How To Plan And Execute Appropriate Risk Treatment

Developing And Managing Efforts To Control Unacceptable Levels Of Risk

From understanding comes action. Your risk management efforts up to this point will have yielded a list of concerns; a measure of how much these concerns could affect objectives; and a decision of...

• Downloads: 194
• Rating:

For Security & Risk Professionals

Blog:IBM To Acquire Algorithmics... GRC And Financial Risk Management Get A Little Closer

Today IBM announced plans to acquire the Fitch Group’s Algorithmics, a heavy-hitter in financial risk management software and services market, for $387 million.  Here are my initial...

For Security & Risk Professionals

Blog:Enterprise Risk Management For IT Security

A few weeks ago, Stephanie Balaouras and I posted a podcast on a topic that has been a high priority for many of our customers — how to apply risk management techniques to IT security. We know...

For Security & Risk Professionals

Client Inquiry:What Are The Governance, Risk, And Compliance Characteristics Of Firms Of Varying Adoption Levels?

What would you see as the governance, risk, and compliance characteristics of each of the following groups: 1) laggards; 2) middle of the pack; and 3) early adopters? Are there any special...

For Security & Risk Professionals

Blog:Implement A Successful GRC Program With Forrester's Governance, Risk, and Compliance Playbook

I’m proud to announce that this week Forrester launched our Governance, Risk, and Compliance Playbook, a collection of in-depth reports covering the critical information you need to implement a...

For Security & Risk Professionals

Report:Ten Priorities For Your Current And Future Compliance Program

Making Sure Today's Compliance Dollars Tackle Tomorrow's Compliance Challenges

As long as the general population suffers as a result of corporate malfeasance and missteps, government oversight will continue to grow. If compliance is one of your responsibilities, the near future...

• Downloads: 647

For Security & Risk Professionals

Blog:A Few Thoughts On Communicating Risk

In my new report, The Risk Manager's Handbook: How To Measure And Understand Risks, I present industry best practices and guidance on ways to articulate the extent or size of a risk. More than...

For Security & Risk Professionals

Blog:Nasdaq Hack Brings Security Issues Into The Boardroom

 Have you been having trouble getting your board of directors to care about information security? This weekend’s news that Nasdaq’s Directors Desk web application was...

For Security & Risk Professionals

Blog:Don’t Forbid Employees From Using The Escalator, Give Them Reasons To Use The Stairs

Guest post from Researcher Nick Hayes. If you had to go up one level in a train station, would you take the stairs or use the escalator? Most people would choose the escalator. But what if the...

For Security & Risk Professionals

Report:The Forrester Information Security Maturity Model

The Forrester Information Security Maturity Model is a framework that consists of four main security domains (oversight, technology, process, and people) with 25 functions and 123 low-level...

• Downloads: 67
• Rating:

For Security & Risk Professionals

Report:Governance, Risk, And Compliance Predictions: 2011 And Beyond

GRC Programs Are Set To Increase Their Breadth More Than Their Maturity

Those who have been involved with GRC initiatives or technologies may often conceive of a tipping point, where GRC comes of age and its value propositions and use cases become clear for all global...

• Downloads: 1219