Computerworld UK "Forrester View: Security & risk"

What did we learn from the Cyber Shockwave?

Wed, 24 Feb 2010 13:40:00 GMT

On 16 February the US Bipartisan Policy Centre hosted a mock cyber attack called Cyber Shockwave.

Don't sign here please

Thu, 18 Feb 2010 10:29:00 GMT

Visa has announced the expansion of their No Signature program.

Trends in mobile payments are frightening

Mon, 15 Feb 2010 10:46:00 GMT

Enormous buzz lately about all of the new players trying to turn iPhones and other mobile devices into credit card swipe terminals. Very scary. Just because someone can create a website does not mean they understand payments.

The changing nature of governance, risk, and compliance

Thu, 11 Feb 2010 11:46:00 GMT

In my ongoing work with clients, I try as often as possible to stress the importance of flexibility in GRC programs.

Virtual network segmentation for PCI

Sat, 06 Feb 2010 01:02:00 GMT

Several clients have recently been asking about "Virtual Network Segmentation" products that claim to segment networks to reduce PCI compliance.

Plain speaking about industrial spying

Mon, 01 Feb 2010 09:49:00 GMT

Google’s revelation that it was hacked by (likely) Chinese actors has helped propel another round of stories, blog posts, and analyses about What It Means.

Cyber security sees the light of day

Tue, 26 Jan 2010 12:55:00 GMT

NIST has published release 1.0 of the smart grid interoperability standards. Most notably, this is the first attempt to address cyber security in smart grid deployments. This release points to various standards that can be used for implementing interoperability and security controls, and it’s fair to say that it plants the seeds for what should become comprehensive, control-driven guidelines for implementing various aspects of smart grid.

Google and Microsoft, not cloud computing, were at fault for China hack

Fri, 22 Jan 2010 12:04:00 GMT

Much has been written about last week’s attack on Google, Yahoo, and more than 30 other companies.

The Devil's Dictionary, InfoSec Edition

Thu, 21 Jan 2010 10:49:00 GMT

Ambrose Bierce’s The Devil’s Dictionary is a wickedly witty piece of work (and website). It slyly redefines common words and phrases, usually with a bitter, contrarian, or comic touch.

What Google v. China tells us about how the security market is changing

Tue, 19 Jan 2010 00:45:00 GMT

What Google v. China tells us about how the security market is changing

The attack on Google: What it means

Mon, 18 Jan 2010 10:30:00 GMT

Unless you have been living under a rock for the past few days, you probably have heard about some big changes Google has made regarding an attack on its infrastructure. Here is what we know:

Growing concern over risks to (and of) the system

Thu, 14 Jan 2010 11:16:00 GMT

By the end of this year, we will likely all be sick of the phrase “systemic risk.”

Thoughts on EMC's acquisition of Archer

Tue, 05 Jan 2010 11:27:00 GMT

What a good way to kick off what should be another exciting year in GRC.

Security Predictions For 2010

Sat, 26 Dec 2009 09:08:00 GMT

Trying to avoid the obvious and the already underway, here are my predictions for 2010.

Facebook's new privacy settings

Mon, 21 Dec 2009 12:19:00 GMT

Last week, Facebook upgraded its privacy settings. I am sure by now many of you have gone through the new privacy setting wizard. But do you know all the ins and outs of the new settings and how to navigate them?

Cloudy with a chance of non-compliance

Tue, 15 Dec 2009 09:54:00 GMT

Compliance, along with security and privacy, is a big topic when firms consider cloud services. I recently did a Forrester Webinar on the topic of compliance for cloud computing. You can access the recording here. This blog entry is a recap of the Webinar.

A shift in security & risk research

Mon, 14 Dec 2009 10:31:00 GMT

If you’ve been reading the blog, you’ll notice that “shift" is a common theme here with the Security & Risk team. We believe 2010 represents a shift in how CISOs will support their businesses.

Hacking the human network

Thu, 10 Dec 2009 11:14:00 GMT

A couple of network televisions shows have lately caught my eye.

The new ISO 31000 risk management standard . . . well-written, but not earth-shattering

Tue, 08 Dec 2009 10:08:00 GMT

By now, many of you have read the newly released ISO 31000 Risk management -- Principles and guidelines standard. (Others may have seen its release draft or be familiar with its predecessor the AS/NZS 4360 standard.)

Note to CISOs: Be the automator, not the automated

Thu, 03 Dec 2009 10:43:00 GMT

I’d like to take a small commercial break from your regularly scheduled security & risk programming to bring you the following observation . . .

To Facebook or not to Facebook (40% of companies said yes)

Wed, 02 Dec 2009 14:20:00 GMT

Forrester recently received a flurry of inquiries concerning social network access inside enterprises. Many firms are reluctant to deny their employees’ access to social networking sites but at the same time are worried about consequences such as malware threat, data loss, and the loss of productivity.

Google's Achilles' heel

Wed, 25 Nov 2009 14:15:00 GMT

Sure, people trust Google to come out with cool technology. But do they trust Google with their data and their privacy? Many don’t.

Cloud security front and centre

Wed, 25 Nov 2009 00:09:00 GMT

Cloud computing is the latest trend that has the industry abuzz. Everywhere you go, there are cloud services for every functionality imaginable.

Chrome OS is coming, and it is impressive

Tue, 24 Nov 2009 01:16:00 GMT

Google has made its first public announcements about Chrome OS, a Linux-derived operating system that it positions as secure and easy to use. I listened in on the Web cast, and had some initial impressions

The Madoff scandal widens to include IT

Mon, 23 Nov 2009 09:46:00 GMT

The US Securities and Exchange COmmission announced on Friday that it is charging two computer programmers for their alleged participation in the Ponzi scheme for which Bernard Madoff pleaded guilty and headed off to jail last March.