Sign in to search Gartner Research
Sign in to search Gartner Research |
|
|
Security failures and data breaches – impacting some of the world's most high-profile enterprises – make headlines every day. At the same time, the worst economic downturn since the 1930s has focused intense attention on inadequate risk management practices. The key to addressing these complex, interlocking problems: a mature, capable security and risk management program.
Gartner's leading Security Analysts discuss the importance of risk assessment and prioritization.
26 March 2009
The CISO's responsibilities are increasingly comprehensive, strategic and enterprise-oriented. Effective performance in this role requires business management skills and technical expertise, especially under difficult economic conditions.
24 February 2011
Chief information security officers face intense pressure to demonstrate the value they deliver. Their first step is to develop a catalog of core security processes that defines the most-important services they deliver.
10 April 2009
Gartner's Activity Cycle for the security and risk management role provides a blueprint for creating and maintaining excellence through IT risk management, security, legal/audit/compliance, business continuity and privacy. This cycle of activities includes the govern, plan, build and run phases.
24 January 2011
The CISO must integrate security with the enterprise fabric. The first step is establishing a formal program that defines the enterprise's key information security principles, resources and activities.
17 February 2011
The first 100 days are the most crucial in any new chief information security officer's career. This step-by-step guide can aid the new CISO through the opportunities and pitfalls of this critical period.
4 May 2011
Clearly articulating the business value of information security remains one of the major obstacles that information security managers are facing. The benefits of information security must be translated into business terminology.
14 September 2010
Gartner's security, privacy, compliance, and risk-related Hype Cycles address key developments in mature as well as emerging areas. This guidance informs decision making for security and risk professionals in an environment of continuing economic uncertainty and still-constrained resources.
22 October 2010
Balanced scorecards can provide security teams with a critical communication tool necessary for demonstrating value to their enterprises by identifying and leveraging the myriad benefits of security activities across multiple business domains.
4 February 2010
The management of the security function in most organizations is more art than science. As a result, the relationship between the chief information security officer (CISO, or IT security director) and the chief information officer (CIO) can be fraught with tension, misaligned goals, and misunderstanding. Is there a fault line between the CIO and the CISO? What does the former want, and how does the latter see his/her role?
28 July 2010
Regulatory compliance continues to be a major driver in the sales of a wide variety of products that automate risk-relevant tasks.
31 May 2011
While the perception is that information security governance practices are comparatively mature, survey data indicates large variances in these governance practices.
13 June 2011
Signature-based solutions can't detect targeted and zero-day attacks and have difficulty removing deeply rooted malware from the underlying OS. To address advanced intrusions, enterprises should implement a proactive strategy that periodically resets high-risk workloads to a high-assurance state.
13 June 2011
To address advanced intrusions, enterprises should implement a proactive SWR strategy. However, this will require changes to how systems are managed and strong security processes and controls on the high-assurance libraries used to reprovision workloads.
A program maturity assessment is crucial to identifying gaps and risk across six security and risk management domains.
17 September 2010
Good security and risk management requires mature business continuity management, compliance, identity and access management, information security management, privacy, and risk management practices. Enterprises should periodically assess and improve their maturity in all these areas.
17 September 2010
An IT risk management program is crucial in not only managing the enterprise's exposure to risks, but also improving overall business decision making. Enterprises must periodically assess and continuously improve their risk management maturity levels.
17 September 2010
A comprehensive information security program can significantly limit enterprises' exposure to business-critical risks. To address current and future security needs, enterprises must continuously assess and improve the maturity of risk control processes.
17 September 2010
The need to protect the privacy of employees, customers and partners is an increasingly critical enterprise concern. Enterprises must periodically assess and improve the maturity of their privacy programs and practices to avoid legal liability, regulatory action and reputational damage.
17 September 2010
Identity and access management is a mission-critical technology-enabled information security, risk management and business discipline. Enterprises need to periodically assess and improve their IAM maturity to ensure the business value of their investments.
17 September 2010
A comprehensive compliance program can limit the enterprise's exposure to risks and improve business-critical processes. Enterprises must periodically assess and improve the maturity of their compliance programs to ensure that current and future needs are addressed.
17 September 2010
A natural disaster or other serious business-disrupting event is not a question of "if," but rather "when," for most enterprises. All enterprises must periodically assess and improve the maturity of their BCM programs to ensure that current and future operational needs are addressed.
|
|
|
|
|
|
|
|
 © 2013
Gartner, Inc. and/or its Affiliates. All Rights Reserved.
|
