http://www.burtongroup.com/Research/DocumentList.aspx?cid=6 SRMS will empower you to build, deploy, and manage a security infrastructure that meets your organization's risk management requirements. SRMS will provide practical strategies for tying security management to your organization's governance structure and incorporating appropriate levels of risk assessment into business decision-making processes. en-us © 2010 Burton Group. All rights reserved http://webstager.tbg.com/Client/Research/Document.aspx?cid=2072 http://webstager.tbg.com/Client/Research/Document.aspx?cid=2072 Secure web gateways (SWGs) enforce acceptable use of the web, protect against malware attacks, and support or integrate with data leakage prevention (DLP) functionality. Yet as the web has grown more complex, so have SWG deployment options. Although most large enterprise deployments remain premise-based, more cloud-based options are emerging. Once-simple Uniform Resource Locator (URL)-filtering solutions now support website-reputation analysis, dynamic URL classification, real-time content inspection, and application control. This assessment will help readers understand the use cases, technology trends, strengths, and weak areas where SWGs still need to improve. Assessment (Single Instance Use Case) Thu, 02 Sep 2010 01:00:00 GMT http://webstager.tbg.com/Client/Research/Document.aspx?cid=2071 http://webstager.tbg.com/Client/Research/Document.aspx?cid=2071 With the end of extended Windows XP support approaching in 2014, Windows 7 migration for most organizations is a question of “When,” not “If.” In this guidance document, Distinguished Analyst Dan Blum advises on what to expect from Windows 7 security and recommends that organizations treat the rollout strategically to advance the security of managed desktops and web browsing. He also provides guidance on when to leverage security features such as BitLocker, AppLocker, and DirectAccess and when to consider third-party product alternatives. Guidance Tue, 24 Aug 2010 01:00:00 GMT http://webstager.tbg.com/Client/Research/Document.aspx?cid=850 http://webstager.tbg.com/Client/Research/Document.aspx?cid=850 Information confidentiality is of paramount importance to all organizations. Whether the information is intellectual property, customer identity data, or some other restricted information, enterprises must choose how to protect data in motion, at rest, and in use. In this Decision Point update, Gartner presents an architecture framework for confidentiality in various infrastructure layers: network, identity and access, application, repository, point-of-use systems, and data itself. Decision Point Thu, 29 Jul 2010 01:00:00 GMT http://webstager.tbg.com/Client/Research/Document.aspx?cid=17 http://webstager.tbg.com/Client/Research/Document.aspx?cid=17 This document is the root template for the Security and Risk Management Strategies service. It describes an information security model (or security control system) for enterprises. This includes a control layer, which is used to configure and respond to policy enforcement points, sensors, and actuators—all of which exist within the resource and infrastructure layers. Root Template Wed, 07 Jul 2010 01:00:00 GMT http://webstager.tbg.com/Client/Research/Document.aspx?cid=2084 http://webstager.tbg.com/Client/Research/Document.aspx?cid=2084 Strategies for securing network traffic are evolving as enterprises embrace cloud delivery models, the shift to open networks, and start to leverage new standards and vendor capabilities. In this TeleBriefing, Service Director Phil Schacter will examine key tends in securing open networks and offer guidance on choosing between alternative architecture approaches. TeleBriefing Tue, 29 Jun 2010 14:00:00 GMT http://webstager.tbg.com/Client/Research/Document.aspx?cid=656 http://webstager.tbg.com/Client/Research/Document.aspx?cid=656 All too often, organizations think that they can achieve appropriate information security simply by purchasing various security products and services. In reality, a systematic, comprehensive approach is needed to manage the risk to information within an organization. This overview discusses the risk management, security posture, people, process, physical security, lifecycle, and other components of such an approach. Overview Thu, 24 Jun 2010 01:00:00 GMT http://webstager.tbg.com/Client/Research/Document.aspx?cid=2020 http://webstager.tbg.com/Client/Research/Document.aspx?cid=2020 In this security information and event management (SIEM) field research study, Burton Group examined 50 organizations that operate or plan to implement SIEM products or services. Based on 40 structured interviews and 10 freeform discussions, participants provided information on SIEM specifics and SIEM in light of a broader security monitoring and analysis topic, respectively. In this field research summary, Analyst Ramon Krikken combines customer voices and analyst opinions to discover drivers, requirements, architecture, operations, and future concerns for security audit logging and event analysis. Field Research Summary Fri, 11 Jun 2010 01:00:00 GMT http://webstager.tbg.com/Client/Research/Document.aspx?cid=1905 http://webstager.tbg.com/Client/Research/Document.aspx?cid=1905 Burton Group has examined four risk assessment standards—now it’s time to compare them with one another. In this assessment, Principal Analyst Trent Henry stacks up the National Institute of Standards and Technology (NIST); Information Security Forum (ISF); Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE); and Information Systems Audit and Control Association (ISACA) risk frameworks. Assessment (Comparison Use Case) Fri, 04 Jun 2010 01:00:00 GMT http://webstager.tbg.com/Client/Research/Document.aspx?cid=2001 http://webstager.tbg.com/Client/Research/Document.aspx?cid=2001 Current practices of organizations with risk assessment programs are examined in this summary of field research conducted by Burton Group Security and Risk Management analysts. Topics covered include governance of a risk program, use of risk assessment methodologies and tools, program scope and approach, quantitative versus qualitative risk evaluation, and how results are determined and reported. Field Research Summary Fri, 28 May 2010 01:00:00 GMT http://webstager.tbg.com/Client/Research/Document.aspx?cid=2000 http://webstager.tbg.com/Client/Research/Document.aspx?cid=2000 Organizations need a strategy to leverage cloud computing in a secure manner. In this guidance document, Burton Group Principal Analyst Dan Blum discusses how to align cloud computing governance with security organizations, IT groups, and business units. This document also discusses architectural considerations, cloud computing use cases, service provider assessment criteria, and cloud-enabling the organization’s IT security infrastructure. Guidance Fri, 21 May 2010 01:00:00 GMT