GRC – Governance, Risk, And Compliance
Governance, risk, and compliance (GRC) trends are always evolving. Follow Forrester’s latest research and insights on GRC trends.
Insights
Blog
Plan Now For Major Changes To Oracle Java Licensing Costs
Oracle has again changed licensing rules for its widely used Java product. On January 23, 2023, the company introduced a new license metric, the SE Universal Subscription. It offers all the benefits of the legacy Java SE subscription, plus universal use rights (desktop, server, and third-party cloud) and triage support for customers’ entire Java portfolio, […]
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Unlock The Secret To 2023 Tech Success
Attend our predictions webinar on overcoming resource constraints with a focus on resiliency and talent.
Blog
NIST AI Risk Management Framework 1.0 — What It Means For Enterprises
Forrester provides guidance on how to succeed with AI governance with the NIST’s AI RMF 1.0.
Blog
Call It What You Want, Cyber Risk Quantification Is Now A Must
What do Live Nation’s Taylor Swift ticketing debacle and cyber risk have in common? Bad assumptions. Whether you confidently believe that you can anticipate record ticket demand or believe that your payment processing infrastructure is secure enough to handle it, that belief is based on an assumption, and that assumption is based on the past […]
Blog
Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]
Blog
Cybersecurity Risk Dashboards: No Value, Extreme Liability
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
Blog
A New Era Of Privacy Dawns With The Latest Google Fine
In the wake of a lawsuit settlement over deceptive location-history user settings, companies need to look closely at their data privacy practices.
Blog
Misguided Fear Of AI And Automation: A Classic Horror Story
Classic horror movie quirks closely resemble what we’re seeing in firms looking to innovate and differentiate yet are running from rather than toward AI and advanced automation.
Blog
Apply Critical Thinking And Culture To Reduce Insider Risk
Learn how to reduce the three most common types of insider threats in this Security & Risk event preview.
Blog
CCPA Penalties Are Here: Sephora Hit With $1.2 Million Fine
French retailer Sephora became the first company to be penalized under the California Consumer Privacy Act (CCPA) for not disclosing to consumers that it sells their personal information, failing to respect users’ Global Privacy Control as an opt-out, and neglecting to correct these infractions by the deadline. The $1.2 million penalty is part of a […]
Blog
The US Pipeline Industry Catches A Break, But Now Is Not The Time To Be Complacent
The Transportation Security Administration's relaxing of rules based on industry feedback is welcome. Yet the days of nonexistent or voluntary cybersecurity regulations for critical infrastructure are ending.
Blog
Generally Accepted AI Principles — “GAAIP” — Can Bridge The Trust Gap
Organizations looking to scale their use of AI-enhanced decision-making are facing a dilemma. There is still a large gap between voluntary frameworks for responsible AI and actionable law and enforceable regulations. I wrote about Singapore’s Model AI Governance Framework in an earlier blog post. My colleague Guannan Lu has recently taken a look at China’s […]
Podcast
Will Web3 Live Up To Its Promise?
Web3 proponents have a grand vision of a fairer internet. But will it ever become reality? VP, Principal Analyst Martha Bennett examines both sides of this complex question.
Blog
The Top Systemic Risks Changed In 2022, And Climate Change Was Left Out In The Cold
It’s time for the latest “Top Systemic Risks” report. One of the biggest movers this year was climate change. Last year, as the pandemic dragged on, climate change ranked number five. This year, it ranked number eight. In the age of declaring climate goals and new markets requiring carbon reporting, corporations pushed climate change risk […]
Blog
Build Better Bridges: Introducing Forrester’s BISO Role Profile
BISOs operate on behalf of the CISO, serving as an advisor to the business unit’s functional leaders. They also engage as a member of the business unit’s senior leadership team to understand, discuss, and advise on the intersection of strategic priorities and key IT and security risks.
Blog
If Your Board Is Bored, Then You’re Boring
CIOs and CTOs have a complicated relationship with their boards. Now is a ripe opportunity for tech execs to become the digital expert your board needs.
Blog
Navigate China’s New Data And AI Regulations
Firms often struggle to identify the appropriate security controls and practices to comply with fast-changing data regulations. Here are three practices firms should adapt to keep pace.
Blog
Setting The Record Straight On The Third-Party Risk Management Market
Third-party risk management (TPRM) is high on the list of business priorities and risk management priorities, and that’s a good thing. Despite predictions in the early days of the pandemic that firms would rein in outsourcing strategies, the third-party ecosystem continues to grow, smaller vendors and suppliers remain cybersecurity targets, the global regulatory machine continues […]
Blog
Enterprise Risk Pros Pivot From Compliance To Driving Faster, Better Decisions
The average firm’s list of business and risk management priorities looks very different today than it did two years ago. What’s changed? For starters, according to Forrester data, 43% of enterprise risk management (ERM) decision-makers report having experienced three or more discrete critical risk events over the past 12 months. The same group reveals that […]
Blog
The Emerging Cyber Risk Quantification Market: When CISOs Need Decisions, Not More Dashboards
Ask any CISO to articulate the ROI of their firm’s cybersecurity investment — or, worse yet — to defend an increase to the security budget, and you’re likely to get anything from a threat heat map to a 5×5 grid to a list of the latest threats with a flowchart of how the firm is […]
More posts