Security and risk management are a top IT priority for European enterprises ¿ more than 50% of European firms will increase spending in this area during the next year. The increased focus on information protection as well as on policy and compliance management actually fuels the need for CISOs to step outside the daily tactical grind and understand more effective risk mitigation dynamics. And as security & risk management has moved front and center in IT and business strategies, different models have arisen for the way organizations manage and distribute security responsibilities. This session will explore how to develop a more effective, dynamic, and strategic security and risk management program. This session will cover:

• How CISO priorities and strategies related to people, processes and technology are changing
• What mechanisms leading CISOs are using to justify investments
• Critical steps in evolving security programs from the operational to strategic
• Leverage survey results and technology comparisons to outline both current chores and future inclinations

Business imperatives, increased regulatory pressure, and customer demands are forcing many CIOs to adopt a structured, enterprise-wide approach to deal with IT governance, IT risk and IT compliance (GRC). IT GRC initiatives have traditionally been scattered across the organization without any coordination or synchronization. Today many organizations are looking for solutions that can help them create a unified approach to managing information risk and IT compliance requirements while simultaneously ensuring good governance. CIOs are starting to recognize that disparate technologies and processes working in silos results in inefficiency, increased cost, and higher risk to the organization.

• Current trends and drivers for IT GRC initiatives.
• Defining Forrester's IT GRC space.
• Recommendations and best practices for developing a robust IT GRC program.