Blog post

2019 Planning Guide for Security and Risk Management

By Anton Chuvakin | October 30, 2018 | 0 Comments


Our team has released our annual security planning guide: “2019 Planning Guide for Security and Risk Management.” Every Gartner GTP customer should go and read it (in fact, the above link requires just such a subscription)

The abstract states: “Security teams find it difficult to keep up with change, especially because the vendor security solution landscape has become hard to decipher. Technical professionals must understand these trends in order to continue practicing strong planning and execution of security initiatives in 2019.”

Here are a few quotes:

  • Establish security architecture as a foundational practice. Augment existing risk management and control frameworks with architecture models that factor in capabilities, maturity, and threats and attacks. Use these models for global and project-based gap assessments and roadmaps.” [this year we will cover the art and science of security architecture a lot more than in recent past due to this]
  • “Newer business technologies, such as increased use of robotic process automation (RPA) and the emergence of AI and machine learning (ML) in business processes and applications, are by and large uncharted cybersecurity territory.” [while a lot of us spend our days fighting the old threats, it is useful to be somewhat mindful that some new “digital” stuff have been built with total disregard for security – just like all the stuff before it….]
  • “Security teams are aware that they need to act as business enablers, but still often remain excluded from the start of a project.” [this here sounds ‘very 1990s’, but here is a twist: we’ve heard the cliché about ‘aligning security with business’ for decades, and it implied that security wants to stick to its tech roots; however, how do you align with business in cases where business refuses to let you align with it?]
  • “From a process perspective, undertake ongoing IR planning activities. Preparing for IR is typically one of the more cost-effective security measures an organization can take because well-planned IR reduces incident impacts and costs, and because security incidents are inevitable.” [I think we say this every year, but for gods’ sakes, this matters every year and so it needs to be said every year.]
  • “Logging and monitoring of privileged activity [for both OS and applications] are also key because the lines between compute, storage, network, database, application and security administration are often blurred. At a minimum, monitoring must enable reporting and post hoc investigations of events. These capabilities pave the way for adding real-time analytics, alerting and enforcement later on.” [well you can say that we predicted that the detection and monitoring will shift to application layer a few times… and we did. My impression is that it is finally happening, definitely in the cloud and then slowly on-premise too]
  • Discovery and visibility are key because it’s increasingly important to know which data is where, and to get deep insight into how users and machines access various applications and data sources.”

Enjoy our guide!

Past guides from Gartner GTP SRMS team:

Comments are closed