Security & Risk

RSSSubscribe to this blog
About Author

Forrester Research is a technology and market research company that provides pragmatic advice to global leaders in business and technology.

Contact Author

Email Forrester

Recent Posts

Key lesson from the US Airways #Fail

Marketers Need Help Managing Risk

Everyone makes mistakes, but for social media teams, one wrong click can mean catastrophe. @USAirways experienced this week when it responded to a customer complaint on Twitter with a pornographic image, quickly escalating into every social media managers’ worst nightmare....

Tags: compliance, fail, forrester, it management, reputational risk, security, social business, social media, social risk and compliance solutions, us airways

You're mitigating the security vulnerabilities in authentication...

But ignoring the usability vulnerabilities

Security and risk professionals know what to do with security vulnerabilities: we mitigate the risk directly as best we can, and put in place compensating controls when we can't change the underlying dynamic. But in the age of the customer,...

Tags: authentication, biometrics, forrester, mobility, passwords, strong authentication

Target breach: Vendors, you are not wrestlers

This isn't the WWE...

Bloomberg Businessweek ran a story earlier this month providing some alarming details on the Target breach. The article, “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It,” didn’t paint a pretty picture of Target’s response. Some...

Tags: data breach, fireeye, forrester, incident response, security, target breach

Symantec Challenges Financial Services Security

Symantec turns its staff into cyberwarriors

In this age of the customer, there is nothing more important than the effective and safe operation of our financial system. Trillions of dollars move around the world because of a well-oiled financial services system. Most consumers take our financial...

Tags: applications, cybercrime, cyberwar, financial services, forrester, security, security and risk, symantec

The Forrester Wave: Governance, Risk, and Compliance Platforms Q1, 2014

Vendor competition is getting more fierce

It’s once again time to tear open the GRC platform market and uncover all its amazing technical innovations, vendor successes, and impact on customer organizations. This afternoon, we published our latest iteration of the Forrester Wave: Governance, Risk, and Compliance...

Tags: compliance, enterprise risk, enterprise risk management, forrester, forrester wave, governance risk and compliance, grc, grc platforms, information risk, risk, risk & compliance, risk management, security

Insights from McAfee Focus

A rapid evolution from the company's anti-virus origins

I joined several analysts from Forrester’s Security & Risk team, including Chris McClean, John Kindervag, Tyler Shields, Heidi Shey, and Chris Sherman, at McAfee’s annual Focus conference in Las Vegas earlier this month. I attend numerous security and IT conferences...

Tags: byod, cyot, forrester, informaiton security, infrastructure, security, security and risk

NASA flunked its cloud computing audit. Are you next?

Could you answer your auditor's basic questions?

Ok, so NASA failed an audit. Don’t we all? I think it is important to understand the government’s cloud computing adoption timeline before passing judgment on NASA for failing to meet its cloud computing requirements. As someone who has read...

Tags: cloud computing, computer security, forrester, nasa, nebula, risk management

Point solutions must die

Integration capability is key in security purchases

I wrote a blog post last year titled, “Incident Response Isn’t About Point Solutions; It Is About An Ecosystem." This concept naturally extends beyond incident response to broader enterprise defense. An ecosystem approach provides us an alternative to the cobbling...

Tags: apis, data security, ecosystem, fireeye, forreste, incident response, security, security controls, xml

Startups at BlackHat 2013 that caught the eye

What happens in Vegas should be shared....

What happens in Vegas shouldn’t stay in Vegas. I was out at BlackHat with other members of the Forrester team earlier this month (seems like yesterday!). It was two jam packed days of popping into briefings, guzzling copious amounts of...

Tags: blackhat, careers, data security, digital security, forrester, incident response, mobile security, security, security & fraud, staffing, startup

Is India geared up to handle the dynamics of the cyber age?

A big question if you outsource to the sub-continent

The government of India released the National Cyber Security Policy 2013 last month. This policy extends to a spectrum of ICT users and providers, including home users, SMEs, large enterprises, government and non-government entities. The policy aims to serve as...

Tags: chief information security officer, compliance, forrester, india, offshoring, outsourcing, security, small and medium enterprises, united states department of homeland security