Forrester

For Security & Risk Professionals

Blog:Developing A Formal Risk Management Program

Of all the client inquiries and advisories we get related to risk management, one of the most frequent topics of discussion continues to be the role of risk management. Who should be involved? How?...

For Security & Risk Professionals

Report:Navigate The Future Of Compliance And Risk Management

Vision: The Governance, Risk, And Compliance Playbook

This report outlines the future look of Forrester's solution for security and risk (S&R) executives working to build their organization's governance, risk, and compliance (GRC) program. We designed...

• Downloads: 483

For Security & Risk Professionals

Blog:Implement A Successful GRC Program With Forrester's Governance, Risk, and Compliance Playbook

I’m proud to announce that this week Forrester launched our Governance, Risk, and Compliance Playbook, a collection of in-depth reports covering the critical information you need to implement a...

For Security & Risk Professionals

Client Inquiry:What Is The Pricing For Governance, Risk, And Compliance Platforms?

How are governance, risk, and compliance (GRC) platforms priced? What can I expect for implementation costs?

For Security & Risk Professionals

Tool:IT GRC Adoption

For Security & Risk Professionals

Blog:Enterprise Risk Management For IT Security

A few weeks ago, Stephanie Balaouras and I posted a podcast on a topic that has been a high priority for many of our customers — how to apply risk management techniques to IT security. We know...

For Security & Risk Professionals

Report:The Risk Manager's Handbook: How To Measure And Understand Risks

Estimating Levels Of Risk Exposure To Help Guide Informed Decisions

Opposition to adopting formal risk management tends to use the process of risk measurement as its attack target — it's too subjective, it's too complicated, or it's too much investment just to...

• Downloads: 1001

For Security & Risk Professionals

Client Inquiry:What Is The State Of Governance, Risk, And Compliance In The Indian Market?

What is the size of the governance, risk, and compliance (GRC) market, and what is the market growth rate in India? Who are the major GRC vendors in India, and what are the areas of opportunity?

For Security & Risk Professionals

Blog:In 2011 The GRC Market Will Grow 20%, Driven More By Breadth Than Maturity

On the heels of Forrester's GRC Market Overview last month, this week we published my Governance, Risk, And Compliance Predictions: 2011 And Beyond report. Based on our research...

For Security & Risk Professionals

Blog:The Supreme Court Ruling Will Have Little Impact On SOX . . . Sorry

Despite some speculation that today's Supreme Court ruling might overturn large portions of the Sarbanes-Oxley Act (if not all of it), the final opinion will likely have no significant impact on...

For Security & Risk Professionals

Report:The Risk Manager's Handbook: How To Evaluate Risks To Plan An Effective Response

Determining Whether, When, And How To Treat Risks

The goal of a risk management program is to drive effective decisions and actions based on an understanding of how uncertainty may affect objectives. However, even mature programs that have...

• Downloads: 496

For Security & Risk Professionals

Tool:GRC Vendor Focus Areas

For Security & Risk Professionals

Report:Build The Business Case For A GRC Platform

Business Case: The Governance, Risk, And Compliance Playbook

As the governance, risk, and compliance (GRC) platform market matures, product vendors struggle to point to credible return on investment figures, and potential buyers similarly struggle when asked...

• Downloads: 970

For Security & Risk Professionals

Blog:IBM Announces Plans To Acquire OpenPages . . . Top GRC Vendors Are Charting Very Different Courses

Rarely does vendor consolidation reflect such fragmentation of a market. Picking up on the recent acquisition trend of independent market leaders, IBM today announced plans to acquire long-time GRC...

For Security & Risk Professionals

Blog:A Few Thoughts On Communicating Risk

In my new report, The Risk Manager's Handbook: How To Measure And Understand Risks, I present industry best practices and guidance on ways to articulate the extent or size of a risk. More than...

For Security & Risk Professionals

Report:The Risk Manager's Handbook: How To Identify And Describe Risks

Documenting The Sources Of Uncertainty That Might Affect Your Organization, Project, Asset, Or Objective

Enterprise risk management (ERM) programs are helping to break down organizational silos so that executives can gain insight on the risks that may affect all aspects of their business. Unfortunately,...

• Downloads: 1463

For Security & Risk Professionals

Report:Build A Governance, Risk, And Compliance Strategy Worthy Of Business Consideration

Strategic Plan: The Governance, Risk, And Compliance Playbook

Governance, risk management, and compliance (GRC) are far too often positions of emergency response. What's worse, as you constantly rush to respond to new mandates, enforce policies, or pull...

• Downloads: 562
• Rating:

For Security & Risk Professionals

Client Inquiry:The Role Of IT Security Management Versus IT Audit

We (IT security management) are currently discussing our tasks in relation to those of the auditing department. We would like to get advice about a typical or legally defined separation between the...

For Security & Risk Professionals

Tool:GRC Revenue Distribution

For Security & Risk Professionals

Blog:Nasdaq Hack Brings Security Issues Into The Boardroom

 Have you been having trouble getting your board of directors to care about information security? This weekend’s news that Nasdaq’s Directors Desk web application was...

For Security & Risk Professionals

Blog:Crisis Communication, Business Continuity, And Risk Management

I recently recorded a podcast with Stephanie Balaouras, discussing the potential for increased collaboration between crisis communication, business continuity, and risk management functions....

For Security & Risk Professionals

Report:Optimize Your GRC Program For 2012 And Beyond

This report outlines Forrester's solution for security and risk (S&R) professionals looking to establish a formal risk and compliance management program. We designed this report to help S&R...

• Downloads: 608

For Security & Risk Professionals

Tool:Sources Of Regulatory Content

For Security & Risk Professionals

Report:Topic Overview: Governance, Risk, And Compliance

Governance, risk, and compliance (GRC) as a concept continues its steady march toward recognition as an accepted business practice. And even if they aren't using the term, organizations around the...

• Downloads: 1285

For Security & Risk Professionals

Report:The Forrester Wave™: Enterprise Governance, Risk, And Compliance Platforms, Q4 2011

As Leaders, BWise, MetricStream, IBM OpenPages, And RSA Archer Continue To Push The Envelope

Innovation among top enterprise GRC platform vendors has kept up an impressive pace as vendors aim to stay one step ahead of their customers' own advancements in governance, risk, and compliance...

• Downloads: 1225
• Rating: