GRC – Governance, Risk, And Compliance
Governance, risk, and compliance (GRC) trends are always evolving. Follow Forrester’s latest research and insights on GRC trends.
Insights
Blog
Get A Head Start On The “Easier Said Than Done” Elements In The 2023–2030 Australian Cyber Security Strategy
On Wednesday, 22 November 2023, Minister for Home Affairs and Cyber Security, the Hon. Clare O’Neil MP, announced the 2023–2030 Australian Cyber Security Strategy, a strategy to which Forrester contributed in April 2023 via a submission to the discussion paper. The Australian government’s stated vision is “By 2030, Australia will be a world leader in cyber […]
Blog
Predictions 2024: Security And Risk Pros Will Apply Guardrails Beyond Regulatory Mandates
In 2024, as more organizations launch new genAI initiatives, they will need to balance fast innovation with governance and accountability. Learn more in our 2024 predictions for cybersecurity, risk, and privacy.
Strenthen Security Operations With Agile SecOps
Read this report to learn how to apply agile software development lifecycle practices (SDLC) to detection and response to create engineering-driven detection operations.
Blog
BI Governance Lets You Have Your Cake And Eat It, Too
Learn how BI governance can help you achieve true data democratization at your organization.
Blog
Data Governance Unlocks The Impact Of Analytics: Data Strategy & Insights 2023
Forrester data shows that fewer than 10% of enterprises are advanced in their insights-driven capabilities. Find out why in this blog post.
Blog
Deliver Trusted Data By Selecting A Suitable MDM Solution
In the era of insights-driven decision-making, master data management (MDM) plays a crucial part by ensuring consistency, accuracy, and reliability of enterprise data. MDM capabilities are a cornerstone of success for companies striving to leverage data as a product in a rapidly evolving digital landscape. Selecting and investing in the right MDM platform is a […]
Blog
Plan Now For Major Changes To Oracle Java Licensing Costs
Oracle has again changed licensing rules for its widely used Java product. On January 23, 2023, the company introduced a new license metric, the SE Universal Subscription. It offers all the benefits of the legacy Java SE subscription, plus universal use rights (desktop, server, and third-party cloud) and triage support for customers’ entire Java portfolio, […]
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Get More Risk Mitigation With Your 2024 Budget
Download our 2024 Planning Guide for Security and Risk Leaders to see where strategic cybersecurity investments (and divestments) can deliver more business value.
Blog
NIST AI Risk Management Framework 1.0 — What It Means For Enterprises
Forrester provides guidance on how to succeed with AI governance with the NIST’s AI RMF 1.0.
Blog
Call It What You Want, Cyber Risk Quantification Is Now A Must
What do Live Nation’s Taylor Swift ticketing debacle and cyber risk have in common? Bad assumptions. Whether you confidently believe that you can anticipate record ticket demand or believe that your payment processing infrastructure is secure enough to handle it, that belief is based on an assumption, and that assumption is based on the past […]
Blog
Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]
Blog
Cybersecurity Risk Dashboards: No Value, Extreme Liability
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
Blog
A New Era Of Privacy Dawns With The Latest Google Fine
In the wake of a lawsuit settlement over deceptive location-history user settings, companies need to look closely at their data privacy practices.
Blog
Misguided Fear Of AI And Automation: A Classic Horror Story
Classic horror movie quirks closely resemble what we’re seeing in firms looking to innovate and differentiate yet are running from rather than toward AI and advanced automation.
Blog
Apply Critical Thinking And Culture To Reduce Insider Risk
Learn how to reduce the three most common types of insider threats in this Security & Risk event preview.
Blog
CCPA Penalties Are Here: Sephora Hit With $1.2 Million Fine
French retailer Sephora became the first company to be penalized under the California Consumer Privacy Act (CCPA) for not disclosing to consumers that it sells their personal information, failing to respect users’ Global Privacy Control as an opt-out, and neglecting to correct these infractions by the deadline. The $1.2 million penalty is part of a […]
Blog
The US Pipeline Industry Catches A Break, But Now Is Not The Time To Be Complacent
The Transportation Security Administration's relaxing of rules based on industry feedback is welcome. Yet the days of nonexistent or voluntary cybersecurity regulations for critical infrastructure are ending.
Blog
Generally Accepted AI Principles — “GAAIP” — Can Bridge The Trust Gap
Organizations looking to scale their use of AI-enhanced decision-making are facing a dilemma. There is still a large gap between voluntary frameworks for responsible AI and actionable law and enforceable regulations. I wrote about Singapore’s Model AI Governance Framework in an earlier blog post. My colleague Guannan Lu has recently taken a look at China’s […]
Podcast
Will Web3 Live Up To Its Promise?
Web3 proponents have a grand vision of a fairer internet. But will it ever become reality? VP, Principal Analyst Martha Bennett examines both sides of this complex question.
Blog
The Top Systemic Risks Changed In 2022, And Climate Change Was Left Out In The Cold
It’s time for the latest “Top Systemic Risks” report. One of the biggest movers this year was climate change. Last year, as the pandemic dragged on, climate change ranked number five. This year, it ranked number eight. In the age of declaring climate goals and new markets requiring carbon reporting, corporations pushed climate change risk […]
Blog
Build Better Bridges: Introducing Forrester’s BISO Role Profile
BISOs operate on behalf of the CISO, serving as an advisor to the business unit’s functional leaders. They also engage as a member of the business unit’s senior leadership team to understand, discuss, and advise on the intersection of strategic priorities and key IT and security risks.
More posts