Forrester

For Security & Risk Professionals

Client Inquiry:How Do Companies Manage Internet Security?

We have several questions: 1) How do companies manage employee Internet access? 2) How do they authenticate employees? 3) How do they block access to unwanted applications? 4) How can we block...

For Security & Risk Professionals

Blog:Shoulder Surfing The Friendly Skies

FAIL at 30,000ish feet  When you fly nearly every week, you can get pretty bored on a plane.  When I am sick of working, playing games, or watching movies, my latest distraction is checking...

For Security & Risk Professionals

Blog:Introducing Forrester's Cyber Threat Intelligence Research

We have started a new report series on Cyber Threat Intelligence.  The first report, "Five Steps To Build An Effective Threat Intelligence Capability," is designed to help organizations...

For Security & Risk Professionals

Blog:Planning For Failure, Personal Edition -- Strategies To Protect Yourself In 2012

This week I did a webcast, Planning for Failure, which makes the assumption that if you haven't been breached, it is inevitable, and you must be able to quickly detect and respond to...

For Security & Risk Professionals

Blog:Observations From Black Hat - More Defense Please

Last week I had the opportunity to attend the 15th annual Black Hat security conference in Las Vegas. I have attended DEFCON in the past, but never Black Hat. The conference has grown significantly...

For Security & Risk Professionals

Blog:Virtualization Security, Better Late Than Never

I am excited to announce my latest research, The CISO's Guide To Virtualization Security. This is the first report in a new series focusing on securing virtual environments.  The reduced...

For Security & Risk Professionals

Report:The Content Security Forecast Calls For Clouds

The Benefits Of The SaaS Model Outweigh The Challenges

As the market for software-as-a-service (SaaS) content security continues to mature, security and risk professionals want to know if it's time for their organization to make the transition to the...

• Downloads: 652
• Rating:

For Security & Risk Professionals

Blog:Observations on the 2013 Verizon Data Breach Investigations Report

I was very excited to finally get a copy of the much-anticipated 2013 Verizon Data Breach Investigations Report (DBIR.)  I have found the report to be valuable year after year.  This is the...

For Security & Risk Professionals

Blog:Hackers Vs. Executives Is Back

Our next installment of "Hackers vs. Executives" is just weeks away.  Join us at the Forrester Security Forum and sit in on one of the most popular sessions of the event each year. We have a...

For Security & Risk Professionals

Blog:An Unexpected RSA Encounter

Last Friday, after a long week of RSA conference events and meetings, I eagerly looked forward to slipping on my headphones and enjoying the relative silence of my flight back to Dallas. As I...

For Security & Risk Professionals

Client Inquiry:Why Don't Some Companies Inspect Outbound HTTPS?

Why don't some companies inspect outbound HTTPS? Are privacy or legal considerations the primary factor?

For Security & Risk Professionals

Report:Job Description: Security Architect

Organization: The Security Architecture And Operations Playbook

This report outlines the organizational implications of Forrester's solution for security and risk (S&R) executives working to rethink their security architecture and improve the effectiveness of...

• Downloads: 510

For Security & Risk Professionals

Blog:Crowdsourcing my RSA panels

The San Francisco RSA conference is now less than two weeks away, and this year I am moderating two great panels. I thought I'd reach out and solicit suggestions for discussion.  ...

For Security & Risk Professionals

Report:Defend Your Data From Mutating Threats With A Zero Trust Network

Executive Overview: The Security Architecture And Operations Playbook

We've all heard about the "evolving threat landscape." In biology, evolution is a process that takes millions of years to occur as a result of small changes in successive generations. Mutations, on...

• Downloads: 321

For Security & Risk Professionals

Report:Content Security: 2012 Budget And Planning Guide

A Review Of Budgets, Spending Intentions, Technology Adoption, And Key Trends

To help Forrester clients with their content security strategy for 2011, Forrester predicted three significant trends. So how'd we do? We got two correct and one half right. As expected, content...

• Downloads: 513

For Security & Risk Professionals

Blog:The Content Security Forecast Calls For Clouds

I am very excited to introduce my first Forrester report, "The Content Security Forecast Calls For Clouds."  I wrote the report to help guide your strategy on SaaS based email and web content...

For Security & Risk Professionals

Client Inquiry:What Are Some Virtualization Security Best Practices?

Does Forrester still recommend the following for securing virtual environments? Enforce zone boundaries with separate hardware; hypervisor hosts should not take on network security functions such as...

For Security & Risk Professionals

Blog:The Forrester Wave: Email Content Security

It is with great pleasure that I announce the completion of my first Forrester Wave™: Email Content Security, Q4 2012. I’d like to thank the research associates (Jessica McKee and...

For Security & Risk Professionals

Blog:Dusting Off Our Content Security Crystal Ball

Winter is coming; the year is quickly drawing to a close, and its time to a look back and see how accurate our content security crystal ball was for 2011.  Last year we predicted three trends;...

For Security & Risk Professionals

Report:Five Steps To Build An Effective Threat Intelligence Capability

Tools And Technology: The Security Architecture And Operations Playbook

Against today's mutating threat landscape and sophisticated cybercriminals, security and risk (S&R) professionals are outgunned and outmatched. The traditional strategy of waiting for an alert and...

• Downloads: 552
• Comments: 2
• Rating:

For Security & Risk Professionals

Blog:Expense In Depth And The Trouble With The Tribbles

You remember the tribbles don't you? The cute, harmless looking alien species from the second season of the original Star Trek that turn out to be anything but benign. They are born pregnant and...

For Security & Risk Professionals

Client Inquiry:What Is The Industry-Standard Definition Of "Intrusion"?

I'm looking for an industry-standard definition of an "intrusion," including examples, scope, and scale if applicable. We have reporting obligations to the FBI and DSS for cyber intrusions.

For Security & Risk Professionals

Blog:Bit9’s Operational Oversight Is Probably Your Operational Reality

You are now no doubt aware that Boston-based security firm Bit9 suffered an alarming compromise, which resulted in attackers gaining access to code-signing certificates that were then used to sign...

For Security & Risk Professionals

Client Inquiry:How Do Data Leak Prevention And Information Rights Management Solutions Compare?

Could you provide information on data leak prevention (DLP) versus information rights management (IRM) solutions? Do you recommend one or the other or both? What vendors play in this space?

For Security & Risk Professionals

Report:Planning For Failure

An Effective Incident Management Program Is Essential To Help You Stay In Business

It's not a question of if — but when — your organization will experience a serious security breach. Cybercriminals are using more sophisticated and targeted attacks to steal everything...

• Downloads: 686