Search Results Page
Displaying Results for:
- Security Strategy (Remove)
Track research using these terms:
Sort by:
Displaying results 1-19 of 19 results
Results based on your search criteria
For Security & Risk Professionals
Shift In Expectations: Modernizing Your SRM Program 
(2 MB PPT)
by Robert Whiteley, October 28, 2009
In September 2009, Forrester hosted a two-day event designed to help security and risk professionals understand the top three shifts impacting their job heading. This document summarizes the key recommendations we made to help master the shift in expectations . . .
For Security & Risk Professionals
CISO Handbook: How To Plan For A Security Breach
by Khalid Kark, October 22, 2009
Many chief information security officers (CISOs) are forced to respond to security breaches with little knowledge or planning. Not only is it important to have the tools for responding to security breaches, but it's essential to build a detailed response . . .
For Security & Risk Professionals
Incident Response Policies And Processes 2008 (400 KB PPT)
by Robert Whiteley, April 7, 2009
The current economic environment requires that today’s security and risk executives ensure their incident response policies are in place and accurate. The business cannot tolerate significant downtime or unnecessary cost associated with an outdated incident . . .
For Security & Risk Professionals
Inquiry Spotlight: Content Security, Q1 2009
by Chenxi Wang, Ph.D., January 29, 2009
Content security is an issue that is consistently on the minds of IT security professionals. As organizations increasingly move toward collaboration, Web 2.0, and open architectures, content security takes on a renewed importance. Between October 2007 . . .
For Security & Risk Professionals
Twelve Recommendations For Your 2009 Information Security Strategy
by Khalid Kark, January 20, 2009
Many security predictions paint a doomsday scenario where a crippling cyberattack will leave us all reeling from its effects or Supervisory Control and Data Acquisition (SCADA) systems vulnerabilities will be exploited to play havoc with our national . . .
For Security & Risk Professionals
European Security Managers Turn Their Gaze Inward In 2008
Key Takeaways From Forrester's Security Forum EMEA
by Bill Nagel, July 25, 2008
Forrester held its second Security Forum EMEA in Amsterdam on April 2 and 3, 2008, with 125 security and risk management (SRM) professionals in attendance discussing how to tackle transformation and achieve excellence in SRM. We asked many of these delegates . . .
For Security & Risk Professionals
Managing The Expansion Of Security Responsibilities During Economic Uncertainty (324 KB PPT)
by Khalid Kark, July 3, 2008
In the past few years, the siloed IT security role has rapidly added to its responsibilities and transformed itself into the cross-functional information risk management role. This has left many firms scrambling to structure their security and risk organizations . . .
For Security & Risk Professionals
Managing Application Security From Beginning To End
by Chenxi Wang, Ph.D., August 14, 2007
Organizations that develop applications in-house have a decision to make: you can wait until someone exploits vulnerability in your system and fix it, or you can proactively build security early on in your development process — mitigating vulnerabilities . . .
For Security & Risk Professionals
The Evolving Security Organization
Defining An Appropriate Organizational Structure And Staffing Model For Information Security
by Khalid Kark, Bill Nagel, July 26, 2007
In the past few years, the siloed IT security role has rapidly added to its responsibilities and transformed itself into the cross-functional information risk management role. This has left many firms scrambling to structure their security and risk organizations . . .
For Security & Risk Professionals
Information Security Framework: Self-Assessment 
(94 KB XLS)
by Khalid Kark, Paul Stamp, June 15, 2007
A security environment can be large and complex, and organizations often find it hard to define, track, and report on what areas of their environment they deem to be in need of investments. To help CISOs, this spreadsheet provides: A taxonomy for how . . .
For Security & Risk Professionals
Making A Success Of A Managed Security Services Engagement
by Paul Stamp, February 6, 2007
The anatomy of a managed security services (MSS) deal is the same as any other outsourcing engagement. Defining your sourcing strategy and selecting the right service provider are the key foundations for a successful managed service relationship. Managing . . .
For Security & Risk Professionals
Defining A High-Level Security Framework
Putting Basic Security Principles To Work
by Khalid Kark, Paul Stamp, January 18, 2007
A comprehensive security framework boils down to three familiar basic components: people, technology, and process. When correctly assembled, the people, technology, and process elements of your information security program work together to secure the . . .
For Security & Risk Professionals
Governing Security (465 KB PPT)
by Laura Koetzle, July 6, 2006
Security tops firms' to-do lists again in 2006, with 63% of North American and European enterprises classifying it as a "priority" or a "critical priority." Security is a risk management discipline, not (just) an arcane technical specialty. Firms should . . .
Bridging The Security Divide
by Paul Stamp, January 13, 2006
As security has moved front and center in organizations' IT and business strategies, different models have arisen for the way organizations manage and distribute security responsibilities. We've created a divide between the policy and risk management . . .
Where Security Reports Reflects Expanded Role And Responsibilities
by Michael Rasmussen, Paul Stamp, September 14, 2005
Computer security was once the exclusive domain of the technically minded. Security people presented it as an obscure and dark science, guarding its secrets more closely than the information it was meant to protect. Today, though, the need for security . . .
For Application Development & Program Management Professionals
A DBMS Security Plan Needs Formalization To Be Successful
by Noel Yuhanna, March 8, 2005
Developing a DBMS security plan is difficult; it requires time and effort. But more importantly, a DBMS security plan needs to be formalized if it is to succeed. DBMS security plans should not be developed in isolation but should involve several key groups, . . .
Major Application Security Objectives
A Clear Foundation For Application Security Architecture
by Randy Heffner, June 7, 2004
Application security architecture is a complex topic with many and varied requirements and design considerations. To maintain focus and control scope, it is important to stay centered on the three major objectives of application security architecture: . . .
How Much Security Is Enough?
by Laura Koetzle, Charles Rutstein, Angela Tseng, Robert Whiteley, August 6, 2003
Today's IT security spending is reactive and inefficient. Firms should tackle IT security differently: Use zero-based budgeting, create scenarios to combat uncertainty, and manage security like other business risk.
Best Practices in Managing IT Security
by Steve Hunt, Phil Rosch, March 5, 2002
The key to a good security program is empowered management, effectively focused staff, coherent and realistic budgets and practical metrics with which to measure success and improvement.
