security risk management

Beyond the immediate response issues, the Log4j vulnerability poses longer-term risk management and community considerations.

It’s been … a weekend for security pros. The Apache Log4j vulnerability (CVE-2021-44228) affects somewhere between 0 and 3 billion-plus of the devices currently running Java. Luckily, a metric ton of amazing advice exists on #InfoSecTwitter right now. It’s a lot to consume at once, which is why we‘ve put together three parallel workstreams you […]

Last week, we released the Forrester Now Tech: Cybersecurity Incident Response Services, Q4 2021. This research provides a comprehensive overview of the service provider landscape. In the report, we define and describe the vendor segments and then classify each of the 36 vendors into the appropriate segment based on functionality. We also provide information on key industries the vendors support and any reference customers they […]

In my new report, Now Tech: Bot Management, Q4 2021, I discuss the ongoing scourge of bad bots and define the vendor landscape for bot management solutions. I chatted with my research associate, Isabelle Raposo, about this report over the course of the research process. This is the first time we’ve worked on a report […]

Following up the previously published Now Tech report, I’m excited to announce that The Forrester Wave™: Enterprise Fraud Management In Asia Pacific, Q4 2021 is now live. Forrester defines enterprise fraud management (EFM) as “a solution that integrates data from multiple payment and non-payment transaction processing systems, online portals, and threat information sources and provides transaction monitoring, risk […]

Maybe it’s the amazing talks coming up today and tomorrow at the Forrester Security & Risk (S&R) Forum or maybe I’ve watched “The Little Mermaid” with the family one time too many — either way, I was inspired to write a little ditty about the forum, sung to the tune of “Part of Your World.” […]

Passwordless authentication, in the form of inherence factors (e.g., fingerprint, facial) or in the form of possession factors (e.g., device, app, token/certificate) and supplemented by other factors (e.g., location, user behavior), is an emerging authentication technology that will protect organizations from brute force attacks, credential stuffing, phishing, and social engineering tactics. If carefully selected and […]

Forrester’s Security & Risk Forum is just days away, and I am really looking forward to it. The theme for this year’s event is “Grow Trust. Drive Business.” We chose this theme for good reason — we believe companies that earn and retain trust among customers, employees, and partners drive revenue-generating loyalty behaviors like retention […]

Before I joined Forrester, my colleagues Jeff Pollard and Amy DeMartine initiated our product security research, leading to our first report on the topic, Secure What You Sell: CISOs Must Tackle Product Security To Protect Customers. In those bygone days of 2018 and 2019, we identified that: Forrester was the first to market with this […]

I’ve been living and breathing the security awareness and training (SA&T) market since joining Forrester 3.5 years ago, working closely with most vendors in this market, as well as our clients. I have seen a significant elevation in the conversation and client expectations, with vendors rushing to innovate and disrupt to meet these new expectations. […]

In the wake of chronic caution fatigue, US consumers are looking to their most trusted brands to provide a sense of stability and reliability.

It can be the carrot or the stick, but the key to a successful vaccination incentive is to make a definitive decision.

As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]

Application security budgets are on the rise. Find out which sectors of the market will see the most dramatic investment and why.

Security programs founded in fear will reduce employee engagement and stifle creativity. Learn how to nurture positive behavior and foster a more positive security culture.

Find out why enterprise risk management (ERM) professionals are taking a hard look at compliance in the cloud.

What’s the most important thing a security leader can do to empower their direct reports? Delegate. Learn how to do it effectively from VP, Principal Analyst Jeff Pollard in this week’s episode.

As new generations enter the workforce, your security strategy needs to meet their needs as well. Get tips on how to strike the right balance in this blog post.