In-Depth Research

VANTAGEPOINT 2010 Planning Guide: Security and Risk Management Strategies 9/23/2009 Planning Guide Security Strategies for the Recession 3/18/2009 Methodologies & Best Practices Shifting Defenses: Security Futures for Networks, Applications, and Data 7/11/2008 Overview VantagePoint 2008: Security Vital Signs 4/10/2008 Overview VantagePoint 2007: Information Security Trends 5/09/2007 Overview Security Landscape: Markets in Flux 9/07/2006 Overview Root Document Making Business Sense of Information Security 2/10/2006 Overview

RISK MANAGEMENT Managing Availability and Performance Risks in the Cloud: Expect the Unexpected 8/30/2010 Guidance Risk Assessment Methodologies: A Comparison 6/04/2010 Assessment (Comparison Use Case) Field Research Summary: Understanding Risk Assessment Practices 5/28/2010 Field Research Summary An Examination of the Information Risk Analysis Methodology (IRAM) from the Information Security Forum (ISF) 5/11/2010 Assessment (Single Instance Use Case) ISACA’s Risk IT Framework and Risk Assessment Methodology 4/29/2010 Assessment (Single Instance Use Case) Risk Assessment Methodologies: NIST Special Publication 800-30 4/22/2010 Assessment (Single Instance Use Case) The OCTAVE Risk Assessment Methodologies 4/22/2010 Assessment (Single Instance Use Case) A Guidance Framework for Managing Aggregated Risks 2/09/2010 Guidance Prioritizing Security Projects: An Examination of NIST SP 800-65 2/02/2010 Assessment (Single Instance Use Case) Threat Assessment in Dangerous Times 1/27/2010 Guidance Threat Landscape 1/18/2010 Guidance Electric Utility Cyber Security Standards: Practical Implementation Guidance 12/14/2009 Methodologies & Best Practices Field Research: Risk Assessment 12/03/2009 Field Research Results - Participants Speak Attacks, Fraud, and Loss: The Continuing Insider Threat 11/25/2009 Overview Security Key Performance Indicators 11/18/2009 Overview IT Contingency Planning for H1N1 Pandemic 11/05/2009 Assessment (Single Instance Use Case) Audit and Attestation in Virtual Environments 6/09/2009 Overview PCI DSS: The Newest “Risk Based” Standard 12/01/2008 Overview Security Compliance Orchestration: A Market Emerges Out of the IT-GRC Fog 8/08/2008 Report Thinking Strategically About Security Metrics 7/29/2008 Overview Products for Managing Governance, Risk, and Compliance: Market Fluff or Relevant Stuff? 3/18/2008 Report Governance, Risk, and Compliance 3/12/2008 Overview Implementing Security Controls in Outsourced and Offshore Environments 2/21/2008 Overview Introduction to Key Risk Indicators 10/22/2007 Methodologies & Best Practices Enterprise Security Control Standards: Which Ones and Where They Apply 10/01/2007 Overview Risk Management: Concepts and Frameworks 9/05/2007 Overview The Long Tail of Risk and the Dynamics of the Security Market 7/17/2007 Overview E-Discovery: No More Losing Needles in the Electronic Haystack 3/07/2007 Overview Managing Non-Quantifiable Security Risks 1/11/2007 Overview Show Me the Money! Optimizing Security Spending for Efficiency and Effectiveness 1/05/2007 Overview Surety Ratings of Security Mechanisms for Architecture Planning 11/17/2006 Overview IT Risk Management and COSO 5/24/2006 Overview Internal IT Audit: Friend, Not Foe 3/31/2006 Overview Backup and Recovery 1/24/2006 Overview The Role of Information Protection in Regulatory Compliance: Views from Catalyst North America 2005 10/28/2005 Methodologies & Best Practices Raising the Bar: Solving Medium-Risk Problems with Medium-Surety Solutions 9/27/2005 Overview Security Metrics: Horses for Courses 6/24/2005 Overview Pulling Up Your SOX: IT Impacts and Compliance 4/26/2005 Overview Security Governance for the Enterprise 3/31/2005 Overview Business Continuity Planning for IT 3/24/2005 Overview

PERIMETER AND INFRASTRUCTURE SECURITY Assessing Secure Web Gateways and Web Filtering Solutions 9/02/2010 Assessment (Single Instance Use Case) Making the Most of Windows 7 Security 8/24/2010 Guidance Field Research Summary: Security Information and Event Management 6/11/2010 Field Research Summary Comparing Security Controls for Handheld Devices 5/17/2010 Assessment (Comparison Use Case) Quick Start: Client Hypervisor Security 2/24/2010 Quick Start Endpoint Virtualization: Reducing Costs, Malware Risk, and Information Sprawl 11/12/2009 Assessment (Comparison Use Case) Catalyst 2009: Security and Identity Management in the Cloud 11/03/2009 Field Research Results - Participants Speak Client-Hosted Endpoint Virtualization Security Considerations 10/27/2009 Profile Server-Hosted Desktop Virtualization Security Considerations 10/22/2009 Profile Presentation Virtualization Security Considerations 10/15/2009 Profile Securing Mobile- and Home-Worker Access 8/10/2009 Overview Cloud Computing Security in the Enterprise 7/15/2009 Overview Making Authenticated Networks Work 4/28/2009 Methodologies & Best Practices Network Behavior Analysis: Moving Beyond Signatures 3/02/2009 Report Architectural Alternatives for Enforcing Network Admission Requirements 10/22/2008 Report Network Security in the Real World 10/06/2008 Overview Virtualization from the Security Practitioner’s Point of View 9/23/2008 Overview Windows Server 2008: Advancing Security in Multiple Roles 9/02/2008 Overview Network Intrusion Detection and Response: More Than Just Speed Bumps on the Network 5/08/2008 Report Enterprise Firewalls, Unified Threat Management Devices, and Perimeter Architecture 4/17/2008 Report Objectives and Policies for Securing Wireless LANs 2/15/2008 Methodologies & Best Practices Attacking and Defending Virtual Environments 1/03/2008 Overview SIEMese Twins: The Security Information Management and Security Event Management Markets 12/20/2007 Report Windows Vista Balances Security and Convenience: Your Mileage Will Vary 9/17/2007 Overview Architecture Inflection Point: Securing Networks Without Borders 8/22/2007 Overview Microsoft Security Capabilities Portfolio 5/23/2007 Overview Beyond Denial of Service: Is Availability a Security Issue? 10/12/2006 Overview Encryption for Mobile Hosts: Protection on the Fly 5/17/2006 Report Frameworks for Policy-Based Admission to Network Services 3/22/2006 Report Replacement HIPS? Enterprise Considerations for Selecting Host Intrusion Prevention Systems 3/10/2006 Report Firewall Futures: Can a Mature Technology Learn New Tricks? 1/04/2006 Overview Next-Generation Trustworthy Computing: Reality Falls Short of Potential 12/05/2005 Overview Wireless LAN Intrusion Detection Systems: Something’s in the "Air" 11/10/2005 Report Integrated Security Products and Suites Gain Breadth and Adoption 5/26/2005 Report Physical and Logical Security 1/17/2005 Overview Securing Open Source Infrastructure 11/19/2004 Overview

APPLICATION AND CONTENT SECURITY Anti-Malware 2007 Anti-Malware 2007: Security Software’s Largest Market in Transition 12/07/2006 Market Landscape Malware, Cybercrime, and a Full Spectrum Defense 12/07/2006 Technology & Standards McAfee Active VirusScan and Total Protection for Endpoint Suites 7/14/2008 Product Profile Trend Micro OfficeScan 6/30/2008 Product Profile F-Secure Client Security 7.1 5/14/2008 Product Profile Symantec Endpoint Protection (SEP) 11.0 4/24/2008 Product Profile Panda Software EnterpriSecure 2/28/2007 Product Profile ESET NOD32 2/14/2007 Product Profile CA Integrated Threat Management Anti-Malware 1/23/2007 Product Profile Kaspersky Lab Corporate Suite 1/15/2007 Product Profile Microsoft Forefront Client Security 12/20/2006 Product Profile Market Profile: Data Masking—Runtime Data Aliasing, 2010 4/07/2010 Market Profile Data Masking: Runtime Data Aliasing 4/02/2010 Assessment (Single Instance Use Case) Market Profile: Enterprise Rights Management, 2010 3/17/2010 Market Profile Enterprise Rights Management: Maturing Technology 3/11/2010 Assessment (Single Instance Use Case) Market Profile: Static Software Security Analysis 2010 1/11/2010 Market Profile Static Software Security Analysis 1/05/2010 Assessment (Single Instance Use Case) Market Insight: Data Leakage Prevention 2009 10/08/2009 Market Insight Software Security: Think Big, Start with What Matters 6/30/2009 Overview Web Application Firewalls: Where Do We Go from Here? 3/31/2009 Report Enhancing Compliance and Audit with Database Activity Monitoring 1/30/2009 Report Enterprise Key Management Systems 1/16/2009 Report Cryptographic Systems: An Information Security Foundation 12/19/2008 Overview SOA Security: Developing a Technical Control Strategy 9/17/2008 Overview Secure E-Mail: Still Too Many Choices 6/13/2008 Report Considerations for Risk Management When Choosing Software as a Service 1/29/2008 Methodologies & Best Practices Web Filtering: Completing the Evolution From Acceptable-Use to Serious Malware Defense 1/23/2008 Report Web Application Testing: Protecting the Front Lines 1/10/2008 Report Document Management Security: Not Receiving the Scrutiny It Should 7/30/2007 Report Instant Messaging Security: It’s Not Just Idle Chatter 6/05/2007 Report Securing “Web 2.0” Technologies 4/20/2007 Overview Information Classification: The Most Important Security Thing You're (Still) Not Doing 3/27/2007 Overview Database Encryption: The Hot Topic in Structured Information Protection 11/02/2006 Report Anti-Malware Battlefield Tools: Customer Perspectives and Reference RFI 8/21/2006 Methodologies & Best Practices Collaboration and Communication: Persistent and Pervasive but Are They Protected? 6/07/2006 Overview Web Services Security Standards 2006: Where Are We Now? 5/10/2006 Overview Enterprise Strategies for Defending Against Spyware 8/23/2005 Report Combating Spam: Messaging Hygiene Solutions Emerge to Fight Many Fronts 2/18/2005 Report

SECURITY CONCEPTS, TECHNIQUES, AND APPROACHES Vulnerability Management The Changing Face of Vulnerability Management 6/21/2007 Market Landscape Vulnerability Management Becomes Technical Security Policy Management 6/21/2007 Technology & Standards LANDesk Security Suite Version 8.8 11/13/2008 Product Profile Symantec Control Compliance Suite 8.6 and Other Vulnerability Management Products 6/04/2008 Product Profile BMC Products for Vulnerability Management 12/17/2007 Product Profile IBM Vulnerability Management Products 11/13/2007 Product Profile BigFix 7.0 11/07/2007 Product Profile CA Security Vulnerability Manager r11 10/30/2007 Product Profile Lumension Security PatchLink Vulnerability Management Solution 6.4 10/25/2007 Product Profile McAfee Vulnerability Management Products 8/29/2007 Product Profile A Systematic, Comprehensive Approach to Information Security 6/24/2010 Overview Developing a Cloud Computing Security Strategy 5/21/2010 Guidance An Objectives-Based Assessment Framework for Security Solutions 5/05/2010 Overview Field Research: Security Program and Governance Practices and Recommendations 4/12/2010 Field Research Results - Actions to Take Using Encryption to Protect Sensitive Data in Cloud Computing Environments 3/31/2010 Assessment (Single Instance Use Case) Field Research: How Security Influences and Collaborates 12/21/2009 Field Research Results - Participants Speak Field Research: Security Organization Structure and Governance 12/03/2009 Field Research Results - Participants Speak Field Research: Security Metrics 12/03/2009 Field Research Results - Participants Speak Field Research: Security Operations 10/01/2009 Field Research Results - Participants Speak Field Research Summary: Security Program and Governance 9/18/2009 Field Research Summary Leveraging Event and Log Information: A Strong Case for Standards 2/19/2009 Overview Going Global: Security Embassy Program Approach in a Global Enterprise 10/30/2008 Methodologies & Best Practices Results from Catalyst 2007: Security Management Practices and Posture 12/11/2007 Methodologies & Best Practices Concepts and Definitions 11/26/2007 Overview Technical Security Policy Management: Truth and Fiction 8/13/2007 Methodologies & Best Practices In Their Sites: Phishing and Pharming Attacks and Prevention 2/13/2006 Overview How to Develop a Security Technology Architecture Using Burton Group’s Reference Architecture 11/22/2005 Methodologies & Best Practices Recommendations for Developing an Information Security Program 1/27/2005 Methodologies & Best Practices Security Awareness, Training, and Education Programs for the Enterprise 1/17/2005 Overview Change Management for the Enterprise 1/17/2005 Overview

Information Confidentiality	7/29/2010
Vulnerability Management	5/21/2009
Encryption	5/12/2009
Host System Security Choices	4/13/2009
Malicious Software	3/26/2009
Information Integrity	3/10/2009
System Placement	2/24/2009
Endpoint Admission	12/8/2008
Network Perimeters	4/1/2008
Zones	12/5/2007
Network Intrusion Detection and Response	12/5/2007
Change Management with Assurance	1/14/2005

Data Center Network	11/4/2009
Vulnerability Management: Service Provider Model	11/24/2008
Vulnerability Management: Agentless Model	11/24/2008
Vulnerability Management: Agent-Based Model	11/24/2008
Protecting Data in Motion	11/17/2008
Protecting Data at Rest	11/17/2008
Discovering Sensitive Resources	11/17/2008
Network Intrusion Detection and Response: Demilitarized Security Zone (DMZ)	11/26/2007
Network Intrusion Detection and Response: Trusted Security Zone	11/26/2007
Network Intrusion Detection and Response: Restricted Security Zone	11/26/2007
Mitigating Malware and Spam	7/13/2007
Perimeter Template: Closed Architecture Model	5/1/2006
Perimeter Template: Control and Audit in the Layered Architecture Model	5/1/2006
Perimeter Template: Open Architecture Model	5/1/2006
Perimeter Template: Layered Architecture Model	5/1/2006

Architecture Alternatives for Securing Open Networks	6/30/2010
Unified Communications: Don’t Forget the Security	5/7/2010
Threat Assessment Guidance for Dangerous Times	2/18/2010
Information-Centric Security: What Are the Essential Elements?	12/9/2009
Endpoint Virtualization Approaches and Security Considerations	10/21/2009
Electric Utility Cyber Security Standards: Practical Implementation Guidance	8/26/2009
What the Future Holds: Looking at Trends in Security for the Second half of 2009 and 2010	6/24/2009
The Building Security in Maturity Model (BSIMM) and your Software Security Program	5/6/2009
Data Leakage Prevention, Information Labeling and Access Control	3/26/2009
Network Behavior Analysis	3/18/2009
Leveraging Event and Log Information: Customer and Industry Efforts to Make Progress	1/30/2009
Security in Cost Cutting Times	11/26/2008
PCI: A Candid Interview	10/16/2008
SOA Security: Control Architecture Design Scenarios	9/3/2008
Information-Centric Security in Five Years	7/22/2008
Secure Messaging	5/28/2008
Data Leakage Prevention	4/16/2008
Governance, Risk, and Compliance: Realistic Perspectives	3/5/2008
Security and Risk Management Strategies VantagePoint 2008: Security Vital Signs	1/23/2008
Smoke and Mirrors of Virtualization Security	11/21/2007
SIEMese Twins: The Security Information Management and Security Event Management Markets	10/10/2007
PCI Compliance: Everything you Wanted to Know but Were Afraid to Ask	8/22/2007
Just Like Yoda Said...	7/10/2007
Vulnerability Management: Where is it headed?	5/23/2007
Microsoft's Security Capabilities Portfolio	4/18/2007
New E-Discovery Rules: What's the IT Impact?	3/14/2007
VantagePoint 2007-2008: Information Security Trends	2/9/2007
Optimizing Security Spending	11/29/2006
Solutions for Orchestrating Security Compliance	10/26/2006
Not All Security Exposures are Risks	9/27/2006
Malware and Cybercrime Prevention Roundtable: Keeping our Systems Safe	8/23/2006
Lost or Stolen Data? …Have no fear encryption is here!	7/26/2006
Business Modeling for Risk Management	6/26/2006
Making Business Sense of Security	6/26/2006
The Web Services Security Real World: Implementation Case Studies	5/24/2006
Consumer and Enterprise Rights Management: Separate Destinies Amid Shared Issues	4/25/2006
Risk Management and COSO	3/29/2006
Intrusion Prevention - What is it? Where does it go?	3/1/2006
VantagePoint 2006-2007: Information Security Trends	1/31/2006
Together but Separate: Managing Network and Security Devices	12/6/2005
Information Confidentiality: The Content Filtering Approach	11/22/2005
Wireless LAN Intrusion Detection Systems	10/31/2005
Countering the Evil Insider	10/18/2005
Remote Access Security	9/29/2005
Developing a Security Architecture	9/22/2005
Application Security: Everybody's Problem	8/24/2005
Setting Boundaries: Intelligent Perimeters and Zones	7/15/2005
Audit and Compliance: Pitfalls of Technology-driven Approaches	7/15/2005
Vulnerability Management: It is not Just about Scanning Any More	7/1/2005
Security Event Information Management	5/25/2005
Business Continuity Planning for IT	4/27/2005
Raising the Bar for Information Security	3/23/2005
Fighting Spam with Messaging Hygiene Solutions	2/24/2005
VantagePoint 2005-2006	1/21/2005

Electric Utility Cyber Security Standards: Practical Implementation Guidance	12/14/2009
Making Authenticated Networks Work	4/28/2009
Security Strategies for the Recession	3/18/2009
Going Global: Security Embassy Program Approach in a Global Enterprise	10/30/2008
Objectives and Policies for Securing Wireless LANs	2/15/2008
Considerations for Risk Management When Choosing Software as a Service	1/29/2008
Results from Catalyst 2007: Security Management Practices and Posture	12/11/2007
Introduction to Key Risk Indicators	10/22/2007
Technical Security Policy Management: Truth and Fiction	8/13/2007
Anti-Malware Battlefield Tools: Customer Perspectives and Reference RFI	8/21/2006
How to Develop a Security Technology Architecture Using Burton Group’s Reference Architecture	11/22/2005
The Role of Information Protection in Regulatory Compliance: Views from Catalyst North America 2005	10/26/2005
Recommendations for Developing an Information Security Program	1/31/2005