Our team has just released our annual security planning guide: “2014 Planning Guide for Security and Risk Management.” Every GTP customer should go and read it!
Its abstract states that “Planning for security and IT risk in 2014 requires supporting and balancing game planning, fortification, search and destroy, and (counter) intelligence approaches.”
Here are a few fun quotes:
- “Advanced attacks and malware get more common, but basic weaknesses remain most common.”
- “Gartner sees a steady increase in the cases where clients break with security tradition such as the “firewall sandwich,” encrypting everything at rest, and must-patch”
- “Visibility (also referred to as situational awareness) is key for finding such [i.e. left from advanced attacks] attack indicators, which must then be fed back into prevention, detection and response systems.”
- “Some of the indicators are unique to, or first seen at, a specific organization during a targeted attack. Therefore, organizations operating in particularly high-threat environments should consider additional capabilities to proactively analyze their security data and hunt for threats and attacks.”
BTW, please don’t hold it against us, but the document mentions the word “cybersecurity” a few times …
P.S. I am at Gartner Symposium now and thus my response to blog comments may be slow.
Past guides from GTP SRMS team (i.e. us):
Security Planning Guide for 2014
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.