As some of you know, Gartner GTP has a brilliant resource called Reference Architecture that is “a unique decision-making tool that provides tailored recommendations to guide IT architecture decisions”, including of course the decisions about security. Apart from Decision Points and Templates, the reference architecture includes Solution Paths that guide our clients to other documents useful for solving a particular problem or addressing the entire domain of information security (or, if you have to have it, “cybersecurity”)
Two of my Solution Paths just published, they are:
- “Solution Path: Vulnerability Assessment, Mitigation and Remediation” helps IT security professionals develop an approach for assessing, prioritizing, mitigating and remediating security vulnerabilities that may lead to data breaches and malware infections.
- “Solution Path: Detecting and Responding to Attacks and Incidents” helps to develop an approach for monitoring, investigating and responding to attacks and security incidents, including data breaches and malware.
These short documents are essentially mini-roadmaps for solving problems described in their titles using various Gartner resources while utilizing many different security tools and practices. The second Solution Path, for example, helps organizations tie their security monitoring with incident response and other security capabilities using SIEM, DLP, NFT, ETDR and other tools.
P.S. Access requires Gartner GTP subscription.
Other documents I’ve recently written:
- Our “Security Information and Event Management Futures and Big Data Analytics for Security” Paper Publishes
- My Incident Response Paper Publishes
- My Paper on Endpoint Tools Publishes
- All My Research Published in 2013
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.