security risk management

I’m very excited to announce my latest research, “Best Practices: Successfully Influencing Employee Cybersecurity Behavior” — Forrester clients can access it here. Excited may not be the right word exactly, as this report was born out of the disappointment I started feeling when hearing of security leaders and teams implementing disciplinary sanctions for employees who […]

Find out why enterprise risk management (ERM) professionals are taking a hard look at compliance in the cloud.

What’s the most important thing a security leader can do to empower their direct reports? Delegate. Learn how to do it effectively from VP, Principal Analyst Jeff Pollard in this week’s episode.

As new generations enter the workforce, your security strategy needs to meet their needs as well. Get tips on how to strike the right balance in this blog post.

There is no executive role that better aligns with the trust imperative than the CISO. Find out why and how it may impact your organization directly.

It’s no secret that the security industry has a DEI problem. Yes, I just linked to six different articles or social media posts supporting that point, and I’ve barely scratched the surface. My colleagues, Jinan Budge, Jess Burn, Allie Mellen, and Alla Valente, authored a blog about gender bias in the security industry last month, […]

Written with Zaklina Ber, senior research associate, Forrester Forrester analyzed the career backgrounds of 168 chief information security officers (CISOs) with public profiles who are working for major organizations in Europe with listings in the highest stock market indexes in the UK (FTSE 100), France (CAC 40), Germany (DAX 30), Italy (FTSE MIB), Spain (IBEX […]

What’s driving the increase in ransomware attacks, and what can security leaders do to protect their organizations? Analysts Allie Mellen and Steve Turner provide insight in this episode.

Over the past year, breaches such as SolarWinds and Kaseya have woken us up to the realities of software supply chain risk. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to […]

Healthcare data is low-hanging fruit for hackers. Learn how adopting a Zero Trust strategy can help keep your data safe.

There’s a culture crisis in the IT security field that could be putting firms at risk. Learn about the causes and cures of a toxic security culture from Principal Analyst Jinan Budge in this episode of What It Means.

Attackers continue to abuse trust in unique and creative ways. Have you talked with your partners about security yet? Get three tips on how to do that effectively.

“The Forrester Wave™: European Cybersecurity Consulting Providers, Q3 2021,” launched today. Fifteen firms are featured in this report, representing a cross section of large international security consulting providers and more regionally based security pure plays. The European security consultancy market has seen a large transformation in the past 16 months in how it delivers value […]

You know, I really feel for security leaders and professionals. After a year of pandemic-related disruption and an uptick in ransomware and serious cyberattacks of all kinds — just as they’re firming up their policies and strategies to secure hybrid work for the foreseeable future — they get hit with an all-out assault of ransomware […]

We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]

With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]

Through a confluence of crises, public trust is shifting across the globe. In this episode, Senior Analysts Anjali Lai and Enza Iannopollo discuss the impact of those shifts and the importance of developing a trust strategy in your organization.

Earlier this week, an op-ed published on The Hill sent information security (infosec) Twitter into a tizzy by blaming cybersecurity industry best practices for recent high-profile security breaches. For the security team at Forrester, the op-ed furthered a number of security myths that we felt compelled to bust here. Myth #1: The Best Infosec Pros […]

La prochaine vague de transformation des entreprises sera celle du développement durable.