Security & Risk

Bringing big data to fraud management

Forrester Analysts — Thu, 09 May 2013 09:40:43 GMT

A common theme during the recent SAS and FICO user conferences was how to use Big Data to make fraud decisions faster, more accurately and without impacting the customers in any negative way. Big Data is basically about 3Vs: Volume,...

Samsung Galaxy S4: Why it is important for fraud management professionals

Forrester Analysts — Mon, 29 Apr 2013 14:29:23 GMT

Well, we just saw Samsung launch its latest ubergizmo with tons of interesting features, like pause video playback at the blink of the eye. However, there is an important hardware feature of the Samsung Galaxy S4 to note here: finally...

Collaborate with your non-security peers to see how objectives intersect

Forrester Analysts — Mon, 29 Apr 2013 12:54:43 GMT

“Enterprise rights management? What does that even mean?! You’re using security speak!” exclaimed my colleague TJ Keitt. TJ sits on a research team serving CIOs, and covers collaboration software. We were having a discussion around collaboration software and data security...

Observations on the 2013 Verizon Data Breach Investigations Report

Forrester Analysts — Thu, 25 Apr 2013 05:51:43 GMT

I was very excited to finally get a copy of the much-anticipated 2013 Verizon Data Breach Investigations Report (DBIR.) I have found the report to be valuable year after year. This is the 6th iteration and this year’s report includes...

How do S&R pros keep up with disruption?

Forrester Analysts — Fri, 19 Apr 2013 07:05:45 GMT

When I talk to security (S&R) leaders, they always tell me that in an ideal world, they would have enough advanced warning of impending business and technology disruptions in order to understand the security, privacy and overall risk implications and...

Two-step verification will end consensual impersonation

Forrester Analysts — Mon, 15 Apr 2013 13:47:50 GMT

I recently advocated killing your password policies and applying some other techniques instead to make existing use of passwords more effective (including my hobby horse: take the user-experience sting out of rotating ordinary static passwords by pushing them out to...

Avoid the social media binary

Forrester Analysts — Wed, 03 Apr 2013 14:05:31 GMT

Many organisations today get caught up in what I call the “social media binary,” where there are only two options to social media control: 1) Allow unrestricted access to social networks, and potentially expose the company to myriad security, regulatory,...

RSA 2013: The age of security commercialism

Forrester Analysts — Fri, 08 Mar 2013 12:42:41 GMT

Walking on the RSA 2013 show floor, it was a chaotic, noisy, and energetic place, pulsing with excitement. The industry has reasons to celebrate; the security space is white hot, with more VC money pouring into the space than ever...

Bit9's operational oversight is probably your operational reality

Forrester Analysts — Thu, 14 Feb 2013 12:24:47 GMT

You are now no doubt aware that Boston-based security firm Bit9 suffered an alarming compromise, which resulted in attackers gaining access to code-signing certificates that were then used to sign malicious software. See Brian Kreb’s article for more details. (Symantec...

A 'BYO' too far?

Forrester Analysts — Mon, 21 Jan 2013 17:00:00 GMT

Undoubtedly, most of you will have seen the amazing story about the developer who secretly outsourced his own role to China, investing 20 percent of his annual salary to free up almost all his work time. The rouse came to light...

The Atlantic Ocean divides financial aspirations for CISOs in 2013

Forrester Analysts — Wed, 16 Jan 2013 12:35:00 GMT

As 2012 came to a close, we studied the financial position of many CISOs and asked about their expectations for 2013. Unsurprisingly, it was apparent that 2012 was another difficult year and that CISOs had been keeping their belts tight...

A 2012 security incident recap by the numbers

Forrester Analysts — Thu, 10 Jan 2013 17:06:00 GMT

Before we get too far along into 2013, I’d like to take a moment to reflect back on the events of 2012. Thanks to our friends at CyberFactors*, this is what we saw:Overall1,468 (publicly reported) incidents. This includes everything from...

Make a resolution: Kill your P@55W0rD policies

Forrester Analysts — Wed, 02 Jan 2013 08:41:52 GMT

It has finally become hip not just to predict the demise of passwords, but to call for their elimination. The recent Wired article makes an eloquent case about the vulnerabilities that even "strong" passwords are subject to, such as social...

How do you maintain your security edge?

Forrester Analysts — Fri, 14 Dec 2012 11:19:15 GMT

Keeping up with the threat and IT landscape, looking ahead to future technology and disruptive technologies, and keeping up with the regulatory landscape to identify what it means to your organisation is no small task. It’s also not a technology...

Yes, social media is risky - Find a way to make it work

Forrester Analysts — Mon, 03 Dec 2012 17:35:00 GMT

We just published a report explaining all the risks inherent in the use of social media and presenting best practice tools and techniques to manage those risks effectively.Social media is one of the top three concerns for enterprises in 2012,...

The Forrester Wave: Email content security

Forrester Analysts — Tue, 27 Nov 2012 18:00:00 GMT

It is with great pleasure that I announce the completion of my first Forrester Wave™: Email Content Security, Q4 2012. I’d like to thank the research associates (Jessica McKee and Kelley Mak) who assisted me with this project. We performed a...

The elephant and the Internet

Forrester Analysts — Mon, 26 Nov 2012 15:18:00 GMT

A little while ago I bumped into a journalist friend at a trade conference. We chatted about the event to try and identify hot topics and trends from our discussions and supplier meetings, and both sat there deflated when the...

InfoSec, structural engineering, and the Security Architecture Playbook

Forrester Analysts — Thu, 22 Nov 2012 16:04:34 GMT

Japan suffered a devastating disaster of unspeakable proportions last year. A massive earthquake on the eastern coast of the country triggered a deadly tsunami which caused the flooding of the Fukushima nuclear power plant. Three dominos fell at once, resulting...

Risk management & business technology resiliency - What's changed since 2009

Forrester Analysts — Wed, 07 Nov 2012 16:28:00 GMT

Take a second to think back to the year 2009. The US was in the thick of the financial crisis; companies were slashing budgets, and the unemployment rate was in double-digits. And do you remember a little thing called the...

Hurricane Sandy shows a dramatic improvement from botched Katrina response

Forrester Analysts — Tue, 30 Oct 2012 15:00:00 GMT

My house sits atop a hill overlooking the Atlantic Ocean (hence, the neighborhood name of “Beachmont”) and was built sometime in 1890. It’s one of the tallest houses in the neighbourhood and as I write this post, my house is swaying...

Information security metrics insanity, the 3Rs and dashboards

Forrester Analysts — Mon, 08 Oct 2012 10:54:00 GMT

I just finished a research document titled Measure The Effectiveness Of Your Data Security And Privacy Program for the The Security Architecture And Operations Playbook. This was a lot of fun to write, because I was able to look back...

Enterprise 'overextended'? You need to evolve your identity strategy

Forrester Analysts — Wed, 03 Oct 2012 16:30:00 GMT

The rapid adoption of mobile devices and cloud services together with a multitude of new partnerships and customer-facing applications has extended the identity boundary of today’s enterprise. For the extended enterprise, identity and access management (IAM) is more than just...

The biggest risk to BC preparedness - third-party risk

Forrester Analysts — Wed, 26 Sep 2012 17:00:00 GMT

At the recent Disaster Recovery Journal Fall World conference, I gave a presentation of the state of BC readiness. I had some great discussions with the audience (especially about where BC should report), but one of the statistics that really...

What are S&R pros doing about data security and privacy?

Forrester Analysts — Sun, 23 Sep 2012 11:00:00 GMT

Data security consistently tops the laundry list of security priorities because it must. Organisations are collecting data, creating data, using data, and storing data in some way or another. Mishandle data or disregard privacy, and you’ve got a public relations...

Incident response isn't about point solutions - it's about an ecosystem

Forrester Analysts — Sat, 22 Sep 2012 13:00:00 GMT

Today EMC announced the acquisition of Silicium Security. Silicium's ECAT product is a malware threat detection and response solution. ECAT did not adopt the failed signature based approach to malware detection and instead leveraged whitelisting and anomaly detection. Incident response...