security & risk

The California Attorney General just Published CCPA rules, and they're clear as mud.

As of September, I’m the new identity and access management (IAM) analyst on Forrester’s security and risk research team. I am grateful to have joined a very talented group of analysts at a company that is fun, intellectually stimulating, and committed to high-quality, objective research. In my role, I will be taking over some of […]

Having just been through an onslaught of work related to the Forrester Wave™ evaluation on Zero Trust eXtended ecosystem platform providers, I think that it’s worthwhile to put some guidance out there that might help folks as they interact with analysts (well, me, mainly, but maybe it will help with others, as well). And a […]

Cybersecurity Awareness Month Is Underway Executives consider cyberattacks the second leading global risk to doing business, per the World Economic Forum’s 2019 Global Risks Report. The US Senate passed a law to help firms suffering from ransomware attacks, and the NSA launched a new Cybersecurity Directorate. With a flurry of activity already underway, it’s going […]

Training alone can’t protect your organization from a phishing attack. Learn how a layered approach that combines technical controls and user education can.

Every once in a while, something happens that leaves you walking away feeling like you got away with murder. Today, I get to share with you one of my latest exploits. My coverage here at Forrester for the past 3-plus years has been vulnerability management, threat intelligence, detection technologies, and incident response. While each of […]

Many vulnerability risk management (VRM) solutions are limited and fail to provide meaningful metrics about the health of your VRM program. One example is the use of counting metrics such as the number of vulnerabilities identified in your organization. Counting stats don’t have any real value because they fail to provide context. These vulnerabilities could […]

IBM Reduces Rising Risks As Data Flows Between Partners With New Hybrid Cloud Data Protection Last week, IBM unveiled a new solution — IBM z15 — that provides data privacy passports and helps clients manage who gets access to data via policy-based controls. As Forrester’s security research has shown, one of the biggest risks in […]

Non-public 5G networks promise better privacy, data security, compliance, and cellular network performance; they also offer safer and more private features for dedicated user groups.

An Oklahoma court ordered Johnson & Johnson to pay $571M for involvement in “false, misleading, and dangerous marketing campaigns” that contributed to the state’s opioid crisis. Here’s both a risk and brand perspective on why business leaders should care. J&J Shares Recover — But Its Reputation May Not Our Security & Risk Analysts Alla Valente […]

Last week, an Oklahoma court ordered Johnson & Johnson to pay $571 million for involvement in “false, misleading, and dangerous marketing campaigns” that contributed to the opioid addiction crisis in the state. This case is interesting for a couple of reasons: 1) It’s the first ruling in the US to hold a drug manufacturer accountable […]

The US National Counterintelligence and Security Center has deemed September to be National Insider Threat Awareness Month to increase awareness about insider threats. 2019 is the first year that we’ll be acknowledging insider threat during the month of September. Insider threat, particularly threats posed by malicious insiders, certainly deserves our attention. In 2018, Forrester survey respondents […]

It’s back-to-school time, hurray! After the crazy nonstop shenanigans of the summer and having kids at home all day, it’s a bit like being paroled and finally seeing the sun again to have some quiet and be able to actually think. With school kicking off, I was surprised, nay, enthused, to see a course for […]

Gaze deeply into our security & risk crystal ball: We see cybersecurity professionals succeeding and growing. We also see some hard work ahead. Learn more.

Cybersecurity talent is scarce. Developing and retaining current employees can help you maintain your edge and defray expensive recruiting costs. Learn more.

On this episode of What It Means, VP and Group Director Stephanie Balaouras and VP and Principal Analyst Jeff Pollard dissect the myths, misconceptions, and half-truths within the current cybersecurity staffing shortage — and discuss a more effective way for security and risk leaders to build a complete, qualified team.

Yesterday, Broadcom announced a definitive deal to acquire the enterprise business of Symantec for $10.7 billion in cash. This deal caps weeks of speculation that Symantec was in play, initiated in May 2019 following the sudden resignation of Symantec CEO Greg Clarke in May and a downward revision to Symantec’s FY 2020 revenue guidance earlier […]

It's time to reconsider the whistleblower. It's in companies' best interests to know about and fix ethical missteps before they turn into full-blown scandals.

This week is Black Hat — the annual Hacker Summer Camp, as many folks call it. And this year is the first year in 14 years I haven’t been there. This year, I intentionally took an opportunity to punt on Hacker Summer Camp. Why? I had an invite to speak to a group of small-business […]