risk management
“No risk, no reward,” may be true, but unnecessary risk is . . . well, unnecessary. Read our insights on risk management and mitigation.
Insights
Blog
Don’t Be A Passive Bystander — Take An Active Approach To Insider Risk
One of Forrester’s best practices for managing insider risk is to turn your employees into advocates for the program. Get five tips for how to do that in this preview of our upcoming Security & Risk event in November.
Blog
Make Cyber Insurance Work For You
Learn why cyber insurance is a major opportunity in this preview of our upcoming Security & Risk Forum.
Strenthen Security Operations With Agile SecOps
Read this report to learn how to apply agile software development lifecycle practices (SDLC) to detection and response to create engineering-driven detection operations.
Blog
Heed The Warnings And Get Climate Risk On Your Risk Register
After Montana was found to have violated the constitutional right to a “clean and healthful environment," this is what every risk pro should be considering.
Blog
Seize The Opportunity: The Security & Risk Enterprise Leadership Award 2023
Last month, Forrester announced its inaugural Security & Risk Enterprise Leadership Award. As former CISOs, my Forrester colleague Brian Wrozek and I are sharing our thoughts about why you should apply. There are tangible benefits to you, your team, your organization, and the greater security community. You should apply — and apply now — for […]
Blog
Subscription Hardware Puts The Channel At Risk
Subscription-based hardware is the emerging model that every hardware vendor is promising to customers, partners, and investors. It’s a significant shift from the classic capex model in which firms spend money for outright hardware purchases. There are several scenarios such as new technology, short-term projects, test-before-you-buy, and infrastructure bundled with managed services, etc., where subscription-based […]
Blog
Vulnerability Management Strategies: Avoiding A Cyber Root Canal
Vulnerability management, like flossing, is not fun, exciting, or sexy, but we know that it’s a necessary component of good hygiene. There’s a ton of evidence and research to strongly substantiate its benefits, and yet we frequently struggle to do it despite clearly understanding the consequences — we certainly don’t want a root canal! Yet, […]
Blog
Data Governance Unlocks The Impact Of Analytics: Data Strategy & Insights 2023
Forrester data shows that fewer than 10% of enterprises are advanced in their insights-driven capabilities. Find out why in this blog post.
Don't Get Misled By Unrealistic AI And Security Expectations
Learn the truth behind ML’s madness, how AI and security (really) work in detection and response, and red-flag claims to avoid.
Blog
Announcing Forrester’s Security & Risk Enterprise Leadership Award
Forrester is thrilled to announce its inaugural Security & Risk Enterprise Leadership Award, which will recognize security organizations that have transformed the security, privacy, and risk management functions to fuel long-term success. Learn how to apply here.
Blog
VRM And SOC Teams Can Benefit From Each Other
We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]
Blog
Announcing The Vulnerability Risk Management Landscape, Q2 2023
What do organizations use VRM for? Learn the five top use cases in this preview of our new report: The Vulnerability Risk Management Landscape, Q2 2023.
Webinar
Ransomware Defense For Constrained State And Local Budgets
Explore the state of ransomware vulnerability for state and local governments — and how you can protect your agency with limited resources.
Blog
Wonder Twin Powers, Activate! Cyber Risk Ratings And Third-Party Risk Platforms Are More Powerful Together
Third-party risk management and cyber risk ratings fight better together, making security and risk professionals the beneficiaries of the alliance.
Seven Steps To Bolstering Network Security With Zero Trust Edge
Watch this video to break down vendor ZTE hype and learn how to implement it across all endpoints in an enteprisewide networking fabric.
Blog
This Earth Day, Take Control Of Climate Risk
Climate events occur more frequently every year. Treat this Earth Day as a call to action, and add climate risks to your systemic risk purview.
Blog
The US Government Is Here And Really Wants To Help Protect You From Ransomware
Ransomware Vulnerability Warnings Are Coming To A Critical Infrastructure Near You The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 in response to ongoing concerns about the threat of ransomware. This is the CISA’s ransomware-centric take on external attack surface management for critical infrastructure. The RVWP pilot […]
Blog
It’s 10 p.m. — Do You Know Where Your Data Is Going?
Last week, The Washington Post did a deep dive on how a publication used “commercially available” mobile data to out a Catholic priest as a Grindr user and visitor of a gay bar, ultimately forcing him to resign. Some of this data was sourced from Grindr; a Grindr spokesperson told the Post that “[the] company […]
Blog
Spotting Reputational Risk In Nontraditional Third-Party Relationships Ain’t So Yeezy
Third-party risk management efforts typically focus on software vendors and managed services providers. It's time to broaden that perception.
Blog
The Third-Party Risk Questionnaire Equation Doesn’t Add Up: Right Intention, Wrong Execution
Perspectives From A Former CISO/CSO For my second blog in this series, I wanted to share my thoughts on one of my favorite subjects: third-party risk management (TPRM). More specifically, I’m going to primarily focus on the receiving side of the equation — i.e., responding to and dealing with external inquiries about your organization as […]
Get More Risk Mitigation With Your 2024 Budget
Download our 2024 Planning Guide for Security and Risk Leaders to see where strategic cybersecurity investments (and divestments) can deliver more business value.
Blog
Introducing The CLM Landscape, 2023: Contract Management Gets A Dose Of Digitalization
All businesses rely on contracts. Unlike customer-facing functions, however, the software that powers the creation, execution, and management of these commercial obligations hasn’t made the shift toward digital … until now! In my new report, The Contract Lifecycle Management Landscape, Q1 2023, I looked at the 26 notable contract lifecycle management (CLM) vendors that procurement, […]
Blog
Make The Case For Concentrating On Concentration Risk
Unless you’re a floppy disk aficionado, Tom Persky isn’t likely to be a familiar name. Tom is what you’d call a “last man standing,” as he’s the only bulk seller of floppy disks left, and his business of recycling, stripping, and reselling floppy disks is booming. You may be thinking, so what? Do they still […]
Blog
Cybersecurity Risk Dashboards: No Value, Extreme Liability
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
More posts