Khalid KarkPrincipal Analyst
Governance, Risk, & Compliance, IT Compliance Management, IT Risk Management, Regulations & Legislation, Security & Risk, Security Performance Management, Security Policies, Security Program Governance, Security Services, Security Standards, Regulations, & Legislation, Security Strategy
Khalid's research primarily contributes to Forrester's offerings for the Security & Risk professional. He is a leading expert in information security program governance; security services; strategy; and governance, risk, and compliance (GRC) initiatives. Khalid's research focuses on building and maintaining effective security programs and making information security leadership more successful in their role.Khalid covers security service providers offering managed as well as pure consulting services. He also covers security governance and risk management topics such as security metrics, budgets, strategy, compliance, awareness, training, and organizational structure. Khalid also advises clients on security standards, industry and government regulations, and IT compliance. Khalid has codeveloped Forrester's information security framework and assessment methodology.Khalid has been widely quoted in the press, including such media outlets as Boston Globe, Wall Street Journal, and CSO Magazine. Khalid is a frequent keynote speaker at national and international conferences.
During his career, Khalid has worked in both the consulting and enterprise sectors. Prior to joining Forrester, he worked for a global insurance company where he provided leadership and direction for the information security program. Khalid has consulted for organizations in healthcare, finance, entertainment, and communication industries on information security strategy and architecture.
Khalid holds a master's degree in telecommunications management from University of Pennsylvania and a bachelor's degree in business and economics from University of Texas at Austin. Khalid is also a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM), and a Certified Information Security Auditor (CISA).
Case Study: Harland Clarke Turns To Corporate Objectives For Defining Security Metrics April 29, 2009 BookmarkPDF
Case Study: DTCC Implements A Process-Based Approach To Security Metrics April 29, 2009 BookmarkPDF
Real World Example: Eastman Kodak Security Metrics Dashboard April 22, 2009
Case Study: Eastman Kodak Company Takes A Tiered-Risk Approach To Security Metrics April 20, 2009 BookmarkPDF
The Forrester Wave™: Information Security And IT Risk Consulting, Q1 2009 March 18, 2009 (Rating: 10) BookmarkPDF
CISO Handbook: Preparing For The Meeting With The Board Of Directors September 2009 Receive an alert when this document is published: email RSS
CISO Handbook: How To Plan For A Security Breach August 2009 Receive an alert when this document is published: email RSS
Market Overview: Managed Security Services Providers (MSSP) September 2009 Receive an alert when this document is published: email RSS
Hackers Versus Executives October 2009 Receive an alert when this document is published: email RSS
