Analysts Reports: Enterprise Security Management & Log Management

Gartner

Security Information and Event Management Complement Identity and Access Management Audits

August 13, 2007 (Must subscribe to Gartner to access full report.)

Security information and event management (SIEM) user activity monitoring and identity and access management (IAM) audit and reporting functions are complementary. Broadscope user activity and resource access monitoring is needed for compliance reporting, breach detection and fraud detection.

www.gartner.com
Forrester

Trends 2007: Physical And Logical Security Convergence

August 17, 2007 (Must subscribe to Forrester to access full report.)

The integration of enterprise physical security controls and management regimes with enterprise IT security architectures is a nascent trend that has been forecast as imminent for several years. But despite the clear benefits to be gained from increased overall enterprise security risk management, the convergence trend is sluggish in taking hold among enterprises. Lack of clear exemplar converged architectures and a dearth of rich convergence-oriented vendor offerings are part of the reason. But the federal government's HSPD-12 initiative and key recent vendor announcements suggest that the convergence trend might finally be gaining some momentum.

www.forrester.com
Forrester

Chief Privacy Officers Coordinate Enterprise Data Protection

August 7, 2007 (Must subscribe to Forrester to access full report.)

Forrester recently interviewed 21 chief privacy officers (CPOs) to better understand the roles and responsibilities of their positions. We found that the CPO role is primarily employed by organizations for three specific areas of responsibility: 1) setting corporate strategy and policy; 2) educating employees and third parties; and 3) assessing the effectiveness of the organization's privacy protection.

www.forrester.com
Gartner

Addressing HIPAA Security, Part 1: The Standards

June 26, 2007 (Must subscribe to Gartner to access full report.)

Covered entities and other affected organizations must comply with the Health Insurance Portability and Accountability Act Security Rule. This rule has a great deal of built-in flexibility, so the key is to build a defensible position of compliance.

www.gartner.com
Enterprise Management Associates

Making the Most of the Convergence of IT Risk and Operations Management

June 2007 (Must subscribe to Enterprise Management Associates to access full report.)

IT spending is a constant, essential to keeping up with a pace of change that determines competitive advantage in today’s technology-dependent world. Yet the security and compliance spend is dictated, not by strategic business priorities, but by external demands—and the investment is constant, since the risk posture changes continually. How can the enterprise balance its investment in managing these risks with the need to preserve resources essential to maintaining competitive advantage?

http://www.emausa.com/research/ema_product.php?product=4500_1373
Forrester

Defining An Effective Security Metrics Program

May 16, 2007 (Must subscribe to Forrester to access full report.)

In a recent survey, Forrester found that the majority of security metrics programs are still in their infancy or planning phases. The respondents cited two main challenges in developing their metrics programs: finding the right metrics and translating the security metrics into business language. A lot of security managers are focused on gathering and reporting tactical and status update information.

http://www.forrester.com/Research/Document/0,7211,42354,00.html
Gartner

Security Information and Event Management Magic Quadrant

May 8, 2007 (Must subscribe to Gartner to access full report.)

Funding for security information and event management (SIEM) technology deployments is driven in large part by the need to quickly address regulatory compliance issues, but most organizations also want to improve security monitoring capabilities. An optimal solution will support the real-time collection and analysis of log data from host systems, security devices and network devices; will support long-term storage and reporting; will not require extensive customization; and will be easy to support and maintain.

www.gartner.com
Forrester

What's Top Of Mind For CISOs In 2007

April 17, 2007 (Must subscribe to Forrester to access full report.)

Most CISOs today are optimistic about their security controls and feel confident that they are equipped to adequately handle the majority of their organizations' security issues. They also find that executive management is more aware of security threats, and they're finding it easier to get the budgets to deploy security controls.

http://www.forrester.com/Research/Document/0,7211,42050,00.html
Forrester

Calculating The Cost Of A Security Breach

April 10, 2007 (Must subscribe to Forrester to access full report.)

Trying to determine the cost of a data breach is no easy task. After calculating the expenses of legal fees, call centers, lost employee productivity, regulatory fines, stock plummets, and customer losses, it can be dizzying, if not impossible, to come up with a true number. In reality, there are many different factors that should be part of the data breach cost calculation — and it's more than just losing money.

http://www.forrester.com/Research/Document/0,7211,42082,00.html
Forrester

Successful GRC Strategy Requires A Federated Approach

April 9, 2007 (Must subscribe to Forrester to access full report.)

Faced with complex, dynamic, and distributed business operations, organizations are turning to a structured approach for governance, risk, and compliance (GRC) to manage their business environments. This involves implementing a federated GRC organizational structure where enterprise risk and compliance are aligned centrally with corporate governance and reporting but are distributed to lines of business to assign ownership and accountability for risk and compliance.

http://www.forrester.com/Research/Document/0,7211,42005,00.html
Forrester

The Top 10 Things You Should Know About PCI Compliance

March 23, 2007 (Must subscribe to Forrester to access full report.)

Visa and MasterCard released the Payment Card Industry (PCI) Data Security Standard (DSS) two years ago to ensure consistent security standards for the protection of credit card data. Since then, American Express, Diners Club International, Discover Bank, and JCB International Credit Card have also endorsed the standard and are asking their customers to adopt it.

http://www.forrester.com/Research/Document/0,7211,41871,00.html