GRC – Governance, Risk, And Compliance

Governance, risk, and compliance (GRC) trends are always evolving. Follow Forrester’s latest research and insights on GRC trends.

Discover how Forrester supports IT leaders.

Insights

Blog

Get A Head Start On The “Easier Said Than Done” Elements In The 2023–2030 Australian Cyber Security Strategy

Jinan Budge 2 days ago
On Wednesday, 22 November 2023, Minister for Home Affairs and Cyber Security, the Hon. Clare O’Neil MP, announced the 2023–2030 Australian Cyber Security Strategy, a strategy to which Forrester contributed in April 2023 via a submission to the discussion paper. The Australian government’s stated vision is “By 2030, Australia will be a world leader in cyber […]
Blog

Predictions 2024: Security And Risk Pros Will Apply Guardrails Beyond Regulatory Mandates

Alla Valente October 31, 2023
In 2024, as more organizations launch new genAI initiatives, they will need to balance fast innovation with governance and accountability. Learn more in our 2024 predictions for cybersecurity, risk, and privacy.

Strenthen Security Operations With Agile SecOps

Read this report to learn how to apply agile software development lifecycle practices (SDLC) to detection and response to create engineering-driven detection operations.

Blog

BI Governance Lets You Have Your Cake And Eat It, Too

Boris Evelson October 18, 2023
Learn how BI governance can help you achieve true data democratization at your organization.
Blog

Data Governance Unlocks The Impact Of Analytics: Data Strategy & Insights 2023

Jayesh Chaurasia July 12, 2023
Forrester data shows that fewer than 10% of enterprises are advanced in their insights-driven capabilities. Find out why in this blog post.
Blog

Deliver Trusted Data By Selecting A Suitable MDM Solution

Jayesh Chaurasia June 20, 2023
In the era of insights-driven decision-making, master data management (MDM) plays a crucial part by ensuring consistency, accuracy, and reliability of enterprise data. MDM capabilities are a cornerstone of success for companies striving to leverage data as a product in a rapidly evolving digital landscape. Selecting and investing in the right MDM platform is a […]
Blog

Plan Now For Major Changes To Oracle Java Licensing Costs

Steven Russman April 10, 2023
Oracle has again changed licensing rules for its widely used Java product. On January 23, 2023, the company introduced a new license metric, the SE Universal Subscription. It offers all the benefits of the legacy Java SE subscription, plus universal use rights (desktop, server, and third-party cloud) and triage support for customers’ entire Java portfolio, […]
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.

Get More Risk Mitigation With Your 2024 Budget

Download our 2024 Planning Guide for Security and Risk Leaders to see where strategic cybersecurity investments (and divestments) can deliver more business value.

Blog

NIST AI Risk Management Framework 1.0 — What It Means For Enterprises

Michele Goetz February 7, 2023
Forrester provides guidance on how to succeed with AI governance with the NIST’s AI RMF 1.0.
Blog

Call It What You Want, Cyber Risk Quantification Is Now A Must

Cody Scott February 3, 2023
What do Live Nation’s Taylor Swift ticketing debacle and cyber risk have in common? Bad assumptions. Whether you confidently believe that you can anticipate record ticket demand or believe that your payment processing infrastructure is secure enough to handle it, that belief is based on an assumption, and that assumption is based on the past […]
Blog

Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties

Alla Valente February 2, 2023
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]
Blog

Cybersecurity Risk Dashboards: No Value, Extreme Liability

Jeff Pollard January 30, 2023
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
Blog

A New Era Of Privacy Dawns With The Latest Google Fine

Enza Iannopollo November 16, 2022
In the wake of a lawsuit settlement over deceptive location-history user settings, companies need to look closely at their data privacy practices.
Blog

Misguided Fear Of AI And Automation: A Classic Horror Story

Carlos Casanova October 25, 2022
Classic horror movie quirks closely resemble what we’re seeing in firms looking to innovate and differentiate yet are running from rather than toward AI and advanced automation.
Blog

Apply Critical Thinking And Culture To Reduce Insider Risk

Joseph Blankenship September 27, 2022
Learn how to reduce the three most common types of insider threats in this Security & Risk event preview.
Blog

CCPA Penalties Are Here: Sephora Hit With $1.2 Million Fine

Stephanie Liu September 9, 2022
French retailer Sephora became the first company to be penalized under the California Consumer Privacy Act (CCPA) for not disclosing to consumers that it sells their personal information, failing to respect users’ Global Privacy Control as an opt-out, and neglecting to correct these infractions by the deadline. The $1.2 million penalty is part of a […]
Blog

The US Pipeline Industry Catches A Break, But Now Is Not The Time To Be Complacent

Brian Wrozek August 11, 2022
The Transportation Security Administration's relaxing of rules based on industry feedback is welcome. Yet the days of nonexistent or voluntary cybersecurity regulations for critical infrastructure are ending.
Blog

Generally Accepted AI Principles — “GAAIP” — Can Bridge The Trust Gap

Achim Granzen May 19, 2022
Organizations looking to scale their use of AI-enhanced decision-making are facing a dilemma. There is still a large gap between voluntary frameworks for responsible AI and actionable law and enforceable regulations. I wrote about Singapore’s Model AI Governance Framework in an earlier blog post. My colleague Guannan Lu has recently taken a look at China’s […]
Podcast

Will Web3 Live Up To Its Promise?

What It Means May 19, 2022
Web3 proponents have a grand vision of a fairer internet. But will it ever become reality? VP, Principal Analyst Martha Bennett examines both sides of this complex question.
Blog

The Top Systemic Risks Changed In 2022, And Climate Change Was Left Out In The Cold

Renee Murphy April 20, 2022
It’s time for the latest “Top Systemic Risks” report. One of the biggest movers this year was climate change. Last year, as the pandemic dragged on, climate change ranked number five. This year, it ranked number eight. In the age of declaring climate goals and new markets requiring carbon reporting, corporations pushed climate change risk […]
Blog

Build Better Bridges: Introducing Forrester’s BISO Role Profile

Jess Burn April 19, 2022
BISOs operate on behalf of the CISO, serving as an advisor to the business unit’s functional leaders. They also engage as a member of the business unit’s senior leadership team to understand, discuss, and advise on the intersection of strategic priorities and key IT and security risks.
More posts