Home
About Us
Contact Us
Advertise
Facebook
Twitter
RSS Feed
Printable version
ITGRC: A Security Approach That's Not for Sale
By
Alex Handy
May 13, 2008 —
(Page 1 of 3)
When Jonathan Penn, research director at Forrester, walked around April's RSA conference, he was appalled by what he saw. “The vendors are destroying what's a very useful approach by claiming for themselves. If you're not an ITGRC vendor, just shut up,” said Penn.
What angered him were the sheer number of products available at the security conference claiming to be tailor-made for Information Technology Governance, Risk and Compliance, or ITGRC. This approach to security, said Penn, cannot be bought in a box, though many vendors at RSA would have you believe otherwise.
“The message is just meaningless at this point,” said Penn of the marketing messages now seen around ITGRC. “They need to figure out how they fit into an ITGRC program, not just be an ITGRC product. The last thing security people need is to go worrying about products again. That's what got us into this mess in the first place. We end up with a lot of tools that are difficult to manage.”
Penn and his Forrester colleague Marc Othersen, senior analyst for security and risk management, have been working on a report about ITGRC in enterprises, and they've figured out a way to cut through all the marketing hype.
“The way we segment the market is, 'What, in essence, does the technology automate?' ” said Othersen, describing the pair's method for sorting the ITGRC wheat from the chaff.
“ITGRC is an incredibly valuable approach to security,” said Penn. “What I like about it is it's a good way to structure what IT does. But it's much more a practice than a product. The tools that manage things at a high level, those are the ITGRC products.”
An Immature Market
For Othersen, ITGRC products aren't even mature enough to be taking on the G in ITGRC. He said that ITGRC is still a young concept, and that the governance aspects of this approach to IT security are still far too new conceptually to have been effectively addressed in commercial products.
Next Page
Related Search Term(s):
Security
Pages
1
2
3
Share this link:
http://www.sysmannews.com/link/32188
Related Articles
Metadata Security for SharePoint Adds Security Permissions
Titus Metadata Security for SharePoint allows permissions to be assigned based on the recipient's Active Directory properties
New Database Reporting Console Tracks Compliance
Application Security's Analytics 1.0 is used in conjunction with the company's DbProtect database security suite. It is based on Cognos' business intelligence suite and contains dashboards that cover compliance and security key performance indicators.
The Data Center: Security, Compliance Issues Holding Back the Clouds
Cloud computing is still gaining steam as a concept and practice in the industry. Acceptance of it is being hindered by flaws in its application and by lingering doubts to its effectiveness, things that can or will soon be addressed.
Add comment
Name*
Email*
Country
United States
Canada
Afghanistan
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua & Barbuda
Antilles, Netherlands
Arabia, Saudi
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas, The
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Brazil
British Virgin Islands
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo
Cook Islands
Costa Rica
Cote D'Ivoire
Croatia
Cuba
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
East Timor (Timor-Leste)
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
Gabon
Gambia, the
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guinea
Guinea-Bissau
Guinea, Equatorial
Guyana
Haiti
Holland (see Netherlands)
Honduras
Hong Kong, (China)
Hungary
Iceland
India
Indonesia
Iran, Islamic Republic of
Iraq
Ireland
Israel
Italy
Jamaica
Japan
Jordan
Kazakhstan
Kenya
Kiribati
Korea (North)
Korea (South)
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libyan Arab Jamahiriya
Liechtenstein
Lithuania
Luxembourg
Macao, (China)
Macedonia, TFYR
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States of
Moldova, Republic of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar (ex-Burma)
Namibia
Nauru
Nepal
Netherlands
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestinian Territory
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russia (Russian Federation)
Rwanda
Saint Helena
Saint Kitts and Nevis
Saint Lucia
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia & Montenegro
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
Spain
Sri Lanka (ex-Ceilan)
Sudan
Suriname
Swaziland
Sweden
Switzerland
Syrian Arab Republic
Taiwan
Tajikistan
Tanzania, United Republic of
Thailand
Timor-Leste (East Timor)
Togo
Tokelau
Tonga
Trinidad & Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
Uruguay
Uzbekistan
Vanuatu
Vatican City State (Holy See)
Venezuela
VietNam
Virgin Islands, British
Virgin Islands, U.S.
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zanzibar
Zimbabwe
[Not specified]
Comment
Preview