Security & Risk

RSSSubscribe to this blog
About Author

Forrester Research is a technology and market research company that provides pragmatic advice to global leaders in business and technology.

Contact Author

Email Forrester


Recent Posts

The connected car as a microcosm of the new threat landscape

Balancing the excitment of innovation with a security pro's natural caution

The Internet of Things (IoT) is a hot phrase right now, and every vendor is talking about the huge potential of continual connectivity and interaction with smart devices to optimize the asset and transform the customer experience. The potential is...

Tags: connnected car, forrester, internet of things, iot, security, security and risk

Securing mobile development: Nontechnical solutions

Tools and services are necessary but changing culture is essential

It takes a lot more than a static analysis tool, a web scanning service, and a few paid hackers to make your mobile development lifecycle, team, and eventually, your applications secure. Finding flaws in an individual mobile application is easy...

Tags: change management, developer, forrester, mobile & wireless, mobile application development, mobile applications

Key lesson from the US Airways #Fail

Marketers Need Help Managing Risk

Everyone makes mistakes, but for social media teams, one wrong click can mean catastrophe. @USAirways experienced this week when it responded to a customer complaint on Twitter with a pornographic image, quickly escalating into every social media managers’ worst nightmare....

Tags: compliance, fail, forrester, it management, reputational risk, security, social business, social media, social risk and compliance solutions, us airways

You're mitigating the security vulnerabilities in authentication...

But ignoring the usability vulnerabilities

Security and risk professionals know what to do with security vulnerabilities: we mitigate the risk directly as best we can, and put in place compensating controls when we can't change the underlying dynamic. But in the age of the customer,...

Tags: authentication, biometrics, forrester, mobility, passwords, strong authentication

Target breach: Vendors, you are not wrestlers

This isn't the WWE...

Bloomberg Businessweek ran a story earlier this month providing some alarming details on the Target breach. The article, “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It,” didn’t paint a pretty picture of Target’s response. Some...

Tags: data breach, fireeye, forrester, incident response, security, target breach

Symantec Challenges Financial Services Security

Symantec turns its staff into cyberwarriors

In this age of the customer, there is nothing more important than the effective and safe operation of our financial system. Trillions of dollars move around the world because of a well-oiled financial services system. Most consumers take our financial...

Tags: applications, cybercrime, cyberwar, financial services, forrester, security, security and risk, symantec

The Forrester Wave: Governance, Risk, and Compliance Platforms Q1, 2014

Vendor competition is getting more fierce

It’s once again time to tear open the GRC platform market and uncover all its amazing technical innovations, vendor successes, and impact on customer organizations. This afternoon, we published our latest iteration of the Forrester Wave: Governance, Risk, and Compliance...

Tags: compliance, enterprise risk, enterprise risk management, forrester, forrester wave, governance risk and compliance, grc, grc platforms, information risk, risk, risk & compliance, risk management, security

Insights from McAfee Focus

A rapid evolution from the company's anti-virus origins

I joined several analysts from Forrester’s Security & Risk team, including Chris McClean, John Kindervag, Tyler Shields, Heidi Shey, and Chris Sherman, at McAfee’s annual Focus conference in Las Vegas earlier this month. I attend numerous security and IT conferences...

Tags: byod, cyot, forrester, informaiton security, infrastructure, security, security and risk

NASA flunked its cloud computing audit. Are you next?

Could you answer your auditor's basic questions?

Ok, so NASA failed an audit. Don’t we all? I think it is important to understand the government’s cloud computing adoption timeline before passing judgment on NASA for failing to meet its cloud computing requirements. As someone who has read...

Tags: cloud computing, computer security, forrester, nasa, nebula, risk management

Point solutions must die

Integration capability is key in security purchases

I wrote a blog post last year titled, “Incident Response Isn’t About Point Solutions; It Is About An Ecosystem." This concept naturally extends beyond incident response to broader enterprise defense. An ecosystem approach provides us an alternative to the cobbling...

Tags: apis, data security, ecosystem, fireeye, forreste, incident response, security, security controls, xml