Prepare for the Inevitable With an Effective Security Incident Response Plan
|
|
- Sabina Chapman
- 7 years ago
- Views:
Transcription
1 G Prepare for the Inevitable With an Effective Security Incident Response Plan Published: 19 July 2012 Analyst(s): Rob McMillan A serious security incident is a question of "when," not "if," for most enterprises. This reality makes developing effective response plans a critical concern for any chief information security officer. Analysis Why You Need to Prepare Eventually, your security will fail. Maybe not today, maybe not tomorrow, but it will fail. The question is not whether security incidents will occur, but rather when they will occur. This troubling reality makes effective incident response that is, reducing the risk of incidents and mitigating the damage they cause a critical concern for security professionals. Incident preparedness is part of the standard of due care. This is encapsulated in some regulated industries globally (for example, financial services). It is also recommended in standards such as ISO/IEC and others. The real cost of these incidents can be huge well into the tens or hundreds of millions of dollars in extreme cases. The expectation is, therefore, set in regulation and legal precedent that a response to minimize the impact is required. Gartner predicts that, through 2016, 75% of chief information security officers (CISOs) who experience publicly disclosed security breaches and lack documented, tested response plans will be fired. Incident response is unquestionably one of the core security processes that any CISO must define, develop, implement and prioritize to protect the enterprise and to demonstrate security's value to the business. Action: CISOs should adopt and implement Gartner's guidelines for effective incident response, as outlined in this research.
2 "Predicts 2012: Sophisticated Attacks, Complex IT Environments and Increased Risks Demand New Approaches to Infrastructure Protection" This discusses why it is important to prepare adequately for security incidents. "The Security Processes You Must Get Right" This provides context for the incident response process and outlines characteristics that would be expected in a mature process. "Crisis/Incident Management Defined, 2012" This provides guidance on how to recognize incidents and crises, and the key elements to their management. The Decisions You Must Make Advance preparation is crucial to effective incident response, but it is also extremely difficult, especially in complex, distributed enterprises. Adequate preparation means that you have already determined what your most critical assets are, that you are able to detect that an incident has occurred or is occurring, that you have a procedure in place to resolve the incident and manage the consequences, and that the people involved know what their role will be. Once your organization is under attack, either by an external party or from somebody within, it is too late to consider these elements. You will inevitably be forced to make decisions on the fly and, consequently, carry a higher risk of making counterproductive decisions. Action: Prepare now for an incident that may occur in the future. Decide on your priorities, have the right procedures documented and available, and ensure that the participants know what roles they will be required to fill. "Six Decisions You Must Make to Prepare for a Security Incident" This identifies the key decision factors that CISOs must take into account when developing enterprise-specific incident response plans. "Toolkit: Security Incident Response Preparation" This offers a user-customizable framework for establishing incident response priorities and developing appropriate response plans. "How to Write a Security Incident Response Procedure Document" This lays out best practices for this challenging and crucial task. Page 2 of 5 Gartner, Inc. G
3 The Actions You Must Take The enforced transparency produced by an information leak requires an effective response capability that encompasses the entire impact of the incident, not just the impact on IT. You must develop the right expertise to lead the response to a security incident and, ultimately, survive it. For many enterprises, this takes the form of a computer security incident response team (CSIRT). It is equally important to exercise the response to an incident so that, when an actual incident occurs, the people who have roles to play will be adequately prepared for what they must do. This extends beyond the members of the CSIRT an effective response to a serious incident often requires the active participation of senior management. Finally, it is obviously preferable to avoid an incident if at all possible. Security threat intelligence services, for example, can be extremely useful even essential in identifying current and emerging security threats, and can help the enterprise minimize its exposure to potentially serious security incidents. Actions: Develop the in-house capability you need to lead the response to an incident. Run incident response exercises so that the people who will take part in the response understand their roles and will be equipped to make the right decisions at the right time. Consider using a third-party threat intelligence capability to gain as much warning as possible about emerging threats before they become the source of your next security incident. "Seven Steps to Creating an Effective Computer Security Incident Response Team" This presents a phased approach to developing and maintaining an incident response team that will identify, contain, escalate, investigate and remediate incidents in a timely and efficient manner. "Prepare Now for Tomorrow's Information Leaks" This provides insight into the issues that the CSIRT must consider when responding to an incident. "Toolkit: Sample Job Description for a CSIRT Manager" This offers a user-customizable template for selecting the leader of this team. "Toolkit: Security Incident Planning Scenarios" This presents simple mechanisms for testing specific incident types and ensuring security readiness. "How to Select a Security Threat Intelligence Service" Gartner, Inc. G Page 3 of 5
4 This discusses ways enterprises can identify their threat intelligence needs and determine what type of provider can deliver the high-quality, actionable threat information that is appropriate to their specific needs. All this research which will be supplemented by updates and other documents in the coming months is designed to guide CISOs as they set up the people, processes and technology necessary to prepare effectively and efficiently for a serious security incident. This is not a simple task, but it is an essential one for the enterprise and the CISO. Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Predicts 2012: Sophisticated Attacks, Complex IT Environments and Increased Risks Demand New Approaches to Infrastructure Protection" "The Security Processes You Must Get Right" "Crisis/Incident Management Defined, 2012" "Six Decisions You Must Make to Prepare for a Security Incident" "Toolkit: Security Incident Response Preparation" "How to Write a Security Incident Response Procedure Document" "Seven Steps to Creating an Effective Computer Security Incident Response Team" "Prepare Now for Tomorrow's Information Leaks" "Toolkit: Sample Job Description for a CSIRT Manager" "Toolkit: Security Incident Planning Scenarios" "How to Select a Security Threat Intelligence Service" Page 4 of 5 Gartner, Inc. G
5 Regional Headquarters Corporate Headquarters 56 Top Gallant Road Stamford, CT USA European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM Japan Headquarters Gartner Japan Ltd. Atago Green Hills MORI Tower 5F Atago, Minato-ku Tokyo JAPAN Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, andar World Trade Center São Paulo SP BRAZIL Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner s prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity on its website, ombudsman/omb_guide2.jsp. Gartner, Inc. G Page 5 of 5
Ensure Emerging Trends and Technologies Advance Your Marketing Strategy
Ensure Emerging Trends and Technologies Advance Your Marketing Strategy Richard Fouts, Jackie Fenn and Gartner Fellow Lead Author Richard Fouts, Richard Fouts guides digital marketers on best practices
More informationRisk Intelligence: Applying KM to Information Risk Management
Research Publication Date: 19 September 2007 ID Number: G00151742 Risk Intelligence: Applying KM to Information Risk Management French Caldwell Risk intelligence is the alignment of information governance
More informationAgenda for Supply Chain Strategy and Enablers, 2012
G00230659 Agenda for Supply Chain Strategy and Enablers, 2012 Published: 23 February 2012 Analyst(s): Michael Dominy, Dana Stiffler When supply chain executives establish the right strategies and enabling
More informationGartner's View on 'Bring Your Own' in Client Computing
G00217298 Gartner's View on 'Bring Your Own' in Client Computing Published: 20 October 2011 Analyst(s): Leif-Olof Wallin Here, we bring together recently published research covering the hot topic of supporting
More informationRecognize the Importance of Digital Marketing
Recognize the Importance of Digital Marketing Laura McLellan, Lead Author Laura McLellan, Laura McLellan serves CMOs and other marketing executives, sharing how digital strategies are being integrated
More informationUse These Guidelines for Making Better CRM Consulting Provider Selections
Research Publication Date: 7 July 2006 ID Number: G00141062 Use These Guidelines for Making Better CRM Consulting Provider Selections Matthew Goldman, Ed Thompson, Lorrie Scardino Gartner sees many inconsistencies
More informationGartner's Business Intelligence and Performance Management Framework
Research Publication Date: 9 October 2006 ID Number: G00142827 Gartner's Business Intelligence and Performance Management Framework Bill Hostmann, Nigel Rayner, Ted Friedman The use of business intelligence
More informationCloud IaaS: Service-Level Agreements
G00210096 Cloud IaaS: Service-Level Agreements Published: 7 March 2011 Analyst(s): Lydia Leong Cloud infrastructure-as-a-service (IaaS) providers typically offer SLAs that cover the various elements of
More informationKey Issues for Identity and Access Management, 2008
Research Publication Date: 7 April 2008 ID Number: G00157012 for Identity and Access Management, 2008 Ant Allan, Earl Perkins, Perry Carpenter, Ray Wagner Gartner identity and access management research
More informationGartner Research Methodologies. Technology-related insights for your critical business decisions
Gartner Research Methodologies Technology-related insights for your critical business decisions Why research matters As digitalization continues to transform the way organizations do business, every technology
More informationDutch University's Successful Enterprise System Implementation Yields Valuable Lessons
Industry Research G00232987 Dutch University's Successful Enterprise System Implementation Yields Valuable Lessons Published: 28 March 2012 Analyst(s): Ron Bonig When Vrije Universiteit in Amsterdam implemented
More informationModify Your Storage Backup Plan to Improve Data Management and Reduce Cost
G00238815 Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost Published: 4 October 2012 Analyst(s): Dave Russell IT leaders and storage managers must rethink their backup procedures
More information2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase
Research Publication Date: 20 April 2010 ID Number: G00176029 2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase John E. Van Decker, Cathy Tornbohm This Gartner Financial
More informationResponsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users
Research Publication Date: 17 October 2006 ID Number: G00144061 Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Amrit T. Williams, John Pescatore, Paul E. Proctor
More informationIT Cost Savings With Information Governance
G00232238 IT Cost Savings With Information Governance Published: 17 April 2012 Analyst(s): Debra Logan By systematically eliminating redundant information, Cisco has retired multiple legacy systems, eliminated
More informationCase Study: Bonobos Uses Social Media to Grow Revenue 65 Percent
Case Study: Bonobos Uses Social Media to Grow Revenue 65 Percent Jennifer S. Beck Distinguished Analyst and Gartner Fellow Jenny Sussin Principal Research Analyst Lead Author Jennifer S. Beck, Distinguished
More informationData Center Consolidation: Top 10 Best Practices for Project Success
Research Publication Date: 2 May 2011 ID Number: G00212551 Data Center Consolidation: Top 10 Best Practices for Project Success David J. Cappuccio Many data center consolidation projects fail to meet overall
More informationGamification Meets Analytics With Kaggle
G00228640 Gamification Meets Analytics With Kaggle Published: 1 June 2012 Analyst(s): Rita L. Sallam This note describes how Kaggle is bringing "the collective" to "the predictive" to help companies overcome
More informationThe Six Triggers for Using Data Center Infrastructure Management Tools
G00230904 The Six Triggers for Using Data Center Infrastructure Management Tools Published: 29 February 2012 Analyst(s): Rakesh Kumar This research outlines the six main triggers for users to start using
More informationIntegrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process
Research Publication Date: 26 October 2010 ID Number: G00207031 Integrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process Kimberly Collins This research
More informationNAC Strategies for Supporting BYOD Environments
G00226204 NAC Strategies for Supporting BYOD Environments Published: 22 December 2011 Analyst(s): Lawrence Orans, John Pescatore Network access control (NAC) will be a key element in a flexible approach
More informationQ&A: How Can ERP Recurring Costs Be Contained?
Research Publication Date: 18 December 2008 ID Number: G00163030 Q&A: How Can ERP Recurring Costs Be Contained? Peter Wesche Driven by increased pressure for cost containment, attendees at the 2008 Financial
More informationThe Four New Ps of Marketing That CMOs and CIOs Should Consider
G00227185 The Four New Ps of Marketing That CMOs and CIOs Should Consider Published: 18 May 2012 Analyst(s): Kimberly Collins Four new Ps of marketing align people and processes across the marketing ecosystem,
More informationHow to Choose Providers for Mobile Consumer Application Platforms
How to Choose Providers for Mobile Consumer Application Platforms Michael McGuire Lead Author Michael McGuire,, Mike McGuire guides digital marketers on best practices for developing strategies. He specializes
More informationKnowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets
Research Publication Date: 31 July 2009 ID Number: G00169664 Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets Regina Casonato This research
More informationBusiness Intelligence Focus Shifts From Tactical to Strategic
Research Publication Date: 22 May 2006 ID Number: G00139352 Business Intelligence Focus Shifts From Tactical to Strategic Betsy Burton, Lee Geishecker, Kurt Schlegel, Bill Hostmann, Tom Austin, Gareth
More informationResearch Agenda and Key Issues for Converged Infrastructure, 2006
Research Publication Date: 20 July 2006 ID Number: G00141507 Research Agenda and Key Issues for Converged Infrastructure, 2006 Sylvain Fabre Gartner's research will cover fixed-mobile convergence, the
More informationThe Value of Integrating Configuration Management Databases With Enterprise Architecture Tools
Research Publication Date: 13 January 2011 ID Number: G00210132 The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Ronni J. Colville, Patricia Adams As configuration
More informationSolution Path: Threats and Vulnerabilities
Solution Path: Threats and Vulnerabilities Published: 24 January 2012 Burton IT1 Research G00226331 Analyst(s): Dan Blum This solution path helps Gartner clients develop a strategy and program for managing
More informationBest Practices for Confirming Software Inventories in Software Asset Management
Research Publication Date: 24 August 2009 ID Number: G00167067 Best Practices for Confirming Software Inventories in Software Asset Management Peter Wesche, Jane B. Disbrow This research discusses the
More informationQ&A: The Impact of XBRL on Corporate Performance Management
Research Publication Date: 27 May 2008 ID Number: G00158184 Q&A: The Impact of XBRL on Corporate Performance Management Nigel Rayner Extensible Business Reporting Language is an XML-based standard that
More informationThe Five Competencies of MRM 'Re-' Defined
Research Publication Date: 14 March 2008 ID Number: G00155835 The Five Competencies of MRM 'Re-' Defined Kimberly Collins This research details the five key competencies of marketing resource management
More informationCharity Shows That You Don't Need a Big Budget to Succeed With Predictive Analytics
G00232733 Charity Shows That You Don't Need a Big Budget to Succeed With Predictive Analytics Published: 17 September 2012 Analyst(s): Joao Tapadinhas A U.K. charity has shown how the smallest organization
More informationX.509 Certificate Management: Avoiding Downtime and Brand Damage
G00226426 X.509 Certificate Management: Avoiding Downtime and Brand Damage Published: 4 November 2011 Analyst(s): Eric Ouellet, Vic Wheatman Organizations are often not aware of the scope or the validity
More informationManaging IT Risks During Cost-Cutting Periods
Research Publication Date: 22 October 2008 ID Number: G00162359 Managing IT Risks During Cost-Cutting Periods Mark Nicolett, Paul E. Proctor, French Caldwell To provide visibility into increased risks
More informationThe Current State of Agile Method Adoption
Research Publication Date: 12 December 2008 ID Number: G00163591 The Current State of Agile Method Adoption David Norton As the pace of agile adoption increases, development organizations must understand
More informationKey Issues for Data Management and Integration, 2006
Research Publication Date: 30 March 2006 ID Number: G00138812 Key Issues for Data Management and Integration, 2006 Ted Friedman The effective management and leverage of data represent the greatest opportunity
More informationThe Lack of a CRM Strategy Will Hinder Health Insurer Growth
Industry Research Publication Date: 15 October 2008 ID Number: G00162107 The Lack of a CRM Strategy Will Hinder Health Insurer Growth Joanne Galimi The Gartner 2008 healthcare payer application survey
More informationUnderstanding Vulnerability Management Life Cycle Functions
Research Publication Date: 24 January 2011 ID Number: G00210104 Understanding Vulnerability Management Life Cycle Functions Mark Nicolett We provide guidance on the elements of an effective vulnerability
More informationClients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in
Research Publication Date: 15 March 2011 ID Number: G00210952 Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in Tim Zimmerman Enterprises must
More informationKey Issues for Consumer Goods Manufacturers, 2011
Industry Research Publication Date: 1 March 2011 ID Number: G00210698 Key Issues for Consumer Goods Manufacturers, 2011 Don Scheibenreif, Dale Hagemeyer Gartner's 2011 consumer goods manufacturing research
More informationKey Issues for CRM Customer Service Strategies, 2010
Research Publication Date: 11 March 2010 ID Number: G00174743 Key Issues for CRM Customer Service Strategies, 2010 Michael Maoz Through 2013, tying together service interaction channels, integrating social
More informationCost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products
Research Publication Date: 10 December 2008 ID Number: G00163195 Cost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products Lawrence Orans, Greg Young Most
More information2010 FEI Technology Study: CPM and BI Show Improvement From 2009
Research Publication Date: 22 March 2010 ID Number: G00175233 2010 FEI Technology Study: CPM and BI Show Improvement From 2009 John E. Van Decker Many organizations recognize that current financial management
More informationReal-Time Decisions Need Corporate Performance Management
Research Publication Date: 26 April 2004 ID Number: COM-22-3674 Real-Time Decisions Need Corporate Performance Management Frank Buytendijk, Brian Wood, Mark Raskino The real-time enterprise model depends
More informationEight Criteria for Evaluating Software License Metrics
G00213489 Eight Criteria for Evaluating Software License Metrics Published: 1 June 2011 Analyst(s): Alexa Bona, Jane B. Disbrow, Peter Wesche Procurement executives and software asset managers are struggling
More informationCloud E-Mail Decision-Making Criteria for Educational Organizations
Research Publication Date: 10 June 2011 ID Number: G00213675 Cloud E-Mail Decision-Making Criteria for Educational Organizations Matthew W. Cain Educational organizations sometimes struggle to choose between
More informationData in the Cloud: The Changing Nature of Managing Data Delivery
Research Publication Date: 1 March 2011 ID Number: G00210129 Data in the Cloud: The Changing Nature of Managing Data Delivery Eric Thoo Extendible data integration strategies and capabilities will play
More informationNow Is the Time for Security at the Application Level
Research Publication Date: 1 December 2005 ID Number: G00127407 Now Is the Time for Security at the Application Level Theresa Lanowitz Applications must be available, useful, reliable, scalable and, now
More informationDeliver Process-Driven Business Intelligence With a Balanced BI Platform
Research Publication Date: 12 April 2006 ID Number: G00139377 Deliver Process-Driven Business Intelligence With a Balanced BI Platform Kurt Schlegel To enable process-driven business intelligence, IT organizations
More informationToolkit: Reduce Dependence on Desk-Side Support Technicians
Gartner for IT Leaders Publication Date: 23 April 2007 ID Number: G00147075 Toolkit: Reduce Dependence on Desk-Side Support Technicians David M. Coyle, Terrence Cosgrove The IT service desk and PC life
More informationBackup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity
Research Publication Date: 11 August 2011 ID Number: G00215300 Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity John P Morency, Donna Scott, Dave Russell For the
More informationOrganizations Should Implement Web Application Security Scanning
Research Publication Date: 21 September 2005 ID Number: G00130869 Organizations Should Implement Web Application Security Scanning Amrit T. Williams, Neil MacDonald Web applications are prone to vulnerabilities
More informationEmerging PC Life Cycle Configuration Management Vendors
Research Publication Date: 20 January 2011 ID Number: G00209766 Emerging PC Life Cycle Configuration Management Vendors Terrence Cosgrove Although the PC configuration life cycle management (PCCLM) market
More informationHow To Create A Cloud Computing System
G00230221 Five Cloud Computing Trends That Will Affect Your Cloud Strategy Through 2015 Published: 10 February 2012 Analyst(s): David W. Cearley, David Mitchell Smith In this Impact Assessment, we focus
More informationThe Next Generation of Functionality for Marketing Resource Management
G00212759 The Next Generation of Functionality for Marketing Resource Management Published: 11 May 2011 Analyst(s): Kimberly Collins This research defines the next generation of marketing resource management
More informationIT Architecture Is Not Enterprise Architecture
Research Publication Date: 17 November 2010 ID Number: G00206910 IT Architecture Is Not Enterprise Architecture Bruce Robertson Many enterprise architecture (EA) teams and their stakeholders still use
More informationEight Critical Forces Shape Enterprise Data Center Strategies
Research Publication Date: 8 February 2007 ID Number: G00144650 Eight Critical Forces Shape Enterprise Data Center Strategies Rakesh Kumar Through 2017, infrastructure and operations managers, architects
More informationSingapore Empowers Land Transport Planners With Data Warehouse
G00219502 Singapore Empowers Land Transport Planners With Data Warehouse Published: 18 October 2011 Analyst(s): Eric Thoo The Land Transport Authority (LTA) of Singapore wanted to improve planning and
More informationEmbrace Virtual Assistants as Part of a Holistic Web Customer Service Strategy
Research Publication Date: 19 August 2010 ID Number: G00205618 Embrace Virtual Assistants as Part of a Holistic Web Customer Service Strategy Johan Jacobs Customers are insisting on multiple methods to
More informationE-Mail Is a Commodity and Other Fairy Tales
G00210585 E-Mail Is a Commodity and Other Fairy Tales Published: 9 February 2011 Analyst(s): Matthew W. Cain A deep understanding of the operational, architectural, policy and feature requirements of an
More informationOrganizations Must Employ Effective Data Security Strategies
Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security
More informationGovernance Is an Essential Building Block for Enterprise Information Management
Research Publication Date: 18 May 2006 ID Number: G00139707 Governance Is an Essential Building Block for Enterprise Information Management David Newman, Debra Logan Organizations are seeking new ways
More informationGartner Defines Enterprise Information Architecture
Research Publication Date: 20 February 2008 ID Number: G00154071 Gartner Defines Enterprise Information Architecture David Newman, Nicholas Gall, Anne Lapkin As organizations look for new ways to exploit
More informationTactical Guidelines for Narrowing Your Choices When Evaluating WCM Vendors
Research Publication Date: 24 December 2008 ID Number: G00163788 Tactical Guidelines for Narrowing Your Choices When Evaluating WCM Vendors Mick MacComascaigh CIOs and other IT leaders responsible for
More informationResearch. Key Issues for Software as a Service, 2009
Research Publication Date: 6 February 2009 ID Number: G00164873 Key Issues for Software as a Service, 2009 Robert P. Desisto, Ben Pring As organizations' capital budgets dry up, clients evaluating SaaS
More informationThe Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption
Research Publication Date: 3 February 2009 ID Number: G00164356 The Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption James Holincheck Gartner surveyed 123 customer references
More informationFor cloud services to deliver their promised value, they must be underpinned by effective and efficient processes.
Research Publication Date: 15 October 2010 ID Number: G00208009 ITIL 'in the Cloud' George Spafford, Ed Holub The cloud-computing delivery model is generating a lot of interest from organizations wishing
More informationEstablishing a Strategy for Database Security Is No Longer Optional
Establishing a Strategy for Database Security Is No Longer Optional Published: 29 November 2011 G00226793 Analyst(s): Jeffrey Wheatman The options for securing increasingly valuable databases are very
More informationTactical Guideline: Minimizing Risk in E-Mail Hosting Relationships
Research Publication Date: 26 February 2008 ID Number: G00154838 Tactical Guideline: Minimizing Risk in E-Mail Hosting Relationships Matthew W. Cain This report discusses the often hidden risks in moving
More informationThe What, Why and When of Cloud Computing
Research Publication Date: 4 June 2009 ID Number: G00168582 The What, Why and When of Cloud Computing David Mitchell Smith, Daryl C. Plummer, David W. Cearley Cloud computing continues to gain visibility.
More informationEHR Advantages and Disadvantages
Industry Research Publication Date: 3 February 2010 ID Number: G00174011 The Limits of Certification and Guarantees in Buying Electronic Health Records in the U.S. Wes Rishel It is important not to rely
More informationWhat to Consider When Designing Next-Generation Data Centers
Research Publication Date: 10 September 2010 ID Number: G00201044 What to Consider When Designing Next-Generation Data Centers David J. Cappuccio Leading-edge data centers are designed for flexibility,
More informationQ&A: The Many Aspects of Private Cloud Computing
Research Publication Date: 22 October 2009 ID Number: G00171807 Q&A: The Many Aspects of Private Cloud Computing Thomas J. Bittman Cloud computing is at the Peak of Inflated Expectations on the Gartner
More informationTransactional HR self-service applications typically get implemented first because they typically automate manual, error-prone processes.
Research Publication Date: 28 August 2008 ID Number: G00159897 HR Self-Service Applications Defined James Holincheck In this research, we discuss the different types of HR self-service and strategies for
More informationInvest in an analysis of current metrics and those missing, and develop a plan for continuous management and improvement.
Research Publication Date: 29 April 2008 ID Number: G00154802 Key Metrics for IT Service and Support David M. Coyle, Kris Brittain To evaluate IT service and support performance, senior management must
More informationData Center Redesign Yields an 80%-Plus Reduction in Energy Usage
Research Publication Date: 10 August 2011 ID Number: G00213049 Data Center Redesign Yields an 80%-Plus Reduction in Energy Usage Jay E. Pultz The National Renewable Energy Laboratory's (NREL's) data center
More informationEnergy savings from well-managed data centers can reduce operating expenses by as much as 20%.
Research Publication Date: 29 March 2010 ID Number: G00174769 DCIM: Going Beyond IT David J. Cappuccio Infrastructure and operations (I&O) leaders must now go beyond performance management of IT equipment
More informationBEA Customers Should Seek Contractual Protections Before Acquisition by Oracle
Research Publication Date: 15 February 2008 ID Number: G00155026 BEA Customers Should Seek Contractual Protections Before Acquisition by Oracle Peter Wesche, Jane B. Disbrow Oracle has announced an agreement
More informationCDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance
Industry Research Publication Date: 1 May 2008 ID Number: G00156708 CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance Barry Runyon Care delivery organizations (CDOs) are
More information2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities
Research Publication Date: 23 July 2009 ID Number: G00168896 2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities John E. Van Decker Many organizations recognize that existing financial
More informationGartner Clarifies the Definition of the Term 'Enterprise Architecture'
Research Publication Date: 12 August 2008 ID Number: G00156559 Gartner Clarifies the Definition of the Term 'Enterprise Architecture' Anne Lapkin, Philip Allega, Brian Burke, Betsy Burton, R. Scott Bittler,
More informationThe EA process and an ITG process should be closely linked, and both efforts should leverage the work and results of the other.
Research Publication Date: 4 April 2008 ID Number: G00155260 Integrate EA and IT Governance s Betsy Burton, R. Scott Bittler, Cassio Dreyfuss In many organizations, we find that IT governance (ITG) initiatives
More informationHow to Integrate Social Media Into Your Marketing Communications Strategy
How to Integrate Social Media Into Your Marketing Communications Strategy Richard Fouts, Carol Rozwell and Distinguished Analyst Lead Author Richard Fouts, Richard Fouts guides digital marketers on best
More informationIT asset management (ITAM) will proliferate in midsize and large companies.
Research Publication Date: 2 October 2008 ID Number: G00161024 Trends on Better IT Asset Management Peter Wesche New exiting trends will lead to a higher adoption of asset management methodologies. Tighter
More informationExtracting Business Intelligence from Social Networks
G00168222 Extracting Business Intelligence from Social Networks Published: 29 May 2009 Analyst(s): Carol Rozwell, Cassio Dreyfuss The structure of a network emerges when connective actions are explored
More informationIAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.
Research Publication Date: 1 September 2009 ID Number: G00161012 SIEM and IAM Technology Integration Mark Nicolett, Earl Perkins Integration of identity and access management (IAM) and security information
More informationGartner Updates Its Definition of IT Infrastructure Utility
Research Publication Date: 23 April 2004 ID Number: M-22-2393 Gartner Updates Its Definition of IT Infrastructure Utility Claudio Da Rold Our new definition of IT infrastructure utility clears away some
More informationSuccessful EA Change Management Requires Five Key Elements
Research Publication Date: 26 December 2007 ID Number: G00153908 Successful EA Change Management Requires Five Key Elements Richard Buchanan Change, in all its many aspects, is a critical aspect of the
More informationUse Heterogeneous Storage Virtualization as a Bridge to the Cloud
G00214958 Use Heterogeneous Storage Virtualization as a Bridge to the Cloud Published: 12 August 2011 Analyst(s): Gene Ruth Data center operators who are interested in private cloud storage technologies
More informationFive Steps to Licensing SAP Business Functionality
Research Publication Date: 21 May 2008 ID Number: G00157339 Five Steps to Licensing SAP Business Functionality Peter Wesche The five steps to licensing SAP business functionality provide procurement departments
More informationChoosing a Replacement for Incumbent One-Time Password Tokens
Research Publication Date: 21 April 2011 ID Number: G00212244 Choosing a Replacement for Incumbent One-Time Password Tokens Ant Allan This research outlines the options for enterprises seeking replacements
More informationCase Study: A K-12 Portal Project at the Miami-Dade County Public Schools
Industry Research Publication Date: 31 December 2007 ID Number: G00154138 Case Study: A K-12 Portal Project at the Miami-Dade County Public Schools Bill Rust The Miami-Dade County Public Schools a school
More informationEssilor Increases Business-to-Business and Businessto-Consumer
Research Publication Date: 3 October 2006 ID Number: G00142208 Essilor Increases Business-to-Business and Businessto-Consumer Revenue With CRM Isher Kaila Essilor increased the loyalty of 1,150 independent
More informationGovernment 2.0 is both citizen-driven and employee-centric, and is both transformational and evolutionary.
Industry Research Publication Date: 11 November 2009 ID Number: G00172423 Government 2.0: Gartner Definition Andrea Di Maio Given the increasing confusion and hype surrounding Government 2.0, it is important
More informationCase Study: Innovation Squared: The Department for Work and Pensions Turns Innovation Into a Game
Research Publication Date: 23 November 2010 ID Number: G00208615 Case Study: Innovation Squared: The Department for Work and Pensions Turns Innovation Into a Game Brian Burke, Mary Mesaglio The U.K.'s
More informationPrivate Cloud Computing: An Essential Overview
Research Publication Date: 23 November 2010 ID Number: G00209000 Private Cloud Computing: An Essential Overview Thomas J. Bittman Private cloud computing requires strong leadership and a strategic plan
More informationKey Issues for Business Intelligence and Performance Management Initiatives, 2008
Research Publication Date: 14 March 2008 ID Number: G00156014 Key Issues for Business Intelligence and Performance Management Initiatives, 2008 Kurt Schlegel The Business Intelligence and Performance Management
More informationSecurity and Identity Management Auditing Converge
Research Publication Date: 12 July 2005 ID Number: G00129279 Security and Identity Management Auditing Converge Earl L. Perkins, Mark Nicolett, Ant Allan, Jay Heiser, Neil MacDonald, Amrit T. Williams,
More informationResearch. Mastering Master Data Management
Research Publication Date: 25 January 2006 ID Number: G00136958 Mastering Master Data Management Andrew White, David Newman, Debra Logan, John Radcliffe Despite vendor claims, master data management has
More information