security risk management

Learn three key shifts European CISOs are making to address the COVID-19 pandemic and new regulations.

We are thrilled to announce the publication of “The Forrester Wave™: External Threat Intelligence Services, Q1 2021.” External threat intelligence services (ETIS) are important to security teams to fill gaps in their existing collection plans with specialized services that will enhance their existing cyber defense and reduce risk. External threat intelligence services are different in […]

After a tumultuous period of reactive steps, now is the right time for security and risk pros to get their long-term plans back on track.

Earlier this month, a US State Department spokeswoman announced that the US had identified three online publications that were attempting to discredit the Pfizer and Moderna vaccines, all of which were directed by Russian intelligence. In Forrester’s annual report on top security threats, we explore the top security threats that security professionals must monitor, including […]

Struggling to keep up with changing privacy requirements around the world? Learn the three major trends driving the changes and how a new tool can help.

First off, I’d like to express how thrilled I am to join Forrester’s security and risk research (S&R) team as a senior analyst. I’ve been working closely with this team for eight years in my previous role as a principal advisor to our chief information security officer (CISO) community, and I’m honored to join the […]

Forrester analysts take a detailed look at what's driving the unprecedented premium being paid in this acquisition.

The cybersecurity risk ratings (CSR) market is a bit like Marmite or SPAM (the pork product in a can, not the unwelcome emails) — some customers love it, others hate it. We see examples of both extremes in our customer interactions, interviews, and research on this market. Our responsibility as analysts is to highlight where […]

Struggling to define where GRC ends and IAM begins? Get a clear breakdown of how the two functions should work together in a broader risk management strategy.

Yesterday, the city of Oldsmar, Florida conducted a press conference to disclose that an unknown person had remotely accessed the city’s water treatment system. The public was never in danger, since operators detected the breach quickly and reversed the changes made by the threat within moments. The change made to the system was “loud” — […]

Today’s enterprise security buyers evaluating a new endpoint security suite often begin with a security RFP layered thick with many existing endpoint security features and capabilities, including antimalware, host firewall, anti-exploit, and application control. However, as our evaluation in the “The Forrester Wave™: Endpoint Security Suites, Q3 2019” showed, the major differentiation between today’s endpoint […]

Operational technology (OT) and industrial control system (ICS) security are vitally important for the safety of the people who work in critical infrastructure and manufacturing. OT security is also necessary for the consumers of the energy, drinking water, and products made in our industrial facilities. OT security is a unique security domain of growing importance, and yesterday’s announcement of Dragos’ Series C funding round of $110 million is another validation of […]

Learn how the pandemic's increased uncertainty and volatility has produced some attractive M&A opportunities in DevOps and IT Management.

Bad puns in the title of this blog post aside (queue the rolling of the eyes, sigh, and slight smirk), we are pleased to announce that “The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020” is now live. While PIM vendors have been adding new capabilities and improved user experience over the past two years, […]

It’s not that I’m not a gamer. I enjoy board games and card games: Trivial Pursuit, Settlers of Catan, SET, Hive. I’m up to level 3056 in Two Dots. As a kid, I played Super Mario Land on my brother’s Game Boy and Sonic the Hedgehog on the family Sega Genesis. But I’ve never been […]

Today Paul Miller, Tracy Woo, and I released our report that examines the market impact of the GAIA-X project. France and Germany announced an initiative in 2019, which was formalized as the GAIA-X Foundation in early October 2020. For our report, we spoke with several of the GAIA-X founders and studied its potential impact for […]

Anyone who has seen the show Hoarders knows how people who fill their houses with unneeded stuff can literally bury themselves in junk. Security and risk (S&R) pros who manage employee access to apps, databases, and systems should notice the Hoarders parallel when it comes to IT access: Many employees unknowingly acquire access over time, […]

I was scouring some of the Black Friday ads this week, and the trend seems to be less “Black Friday” than “Black November and probably most of December, too.” Best Buy is touting, “Black Friday all season long.” Target offers weekly “Black Friday Now” deals. Walmart? “Black Friday Deals for Days!” None of this is […]