Previous
IBM TotalStorage DS4000 Storage Considerations for SAS 9 on the IBM eServer p590: Results and Findings of Disk Layout Testing
White Papers This paper presents the storage findings and recommendations for SAS 9.1 with IBM TotalStorage DS4000 disk arrays (formerly known as FAStT). In addition to the DS4400, most of the storage findings and layout recommendations can be applied toward...
[November 9, 2005, 0:00]
Findings From the 'All Company' Research Meeting: Understanding Insourcing After Outsourcing Decisions
White Papers High-profile instances of insourcing after outsourcing have caused many to believe insourcing is a trend. Its analysis reveals that these decisions were made when the drivers for outsourcing were superseded by business, leadership and...
[October 5, 2009, 0:00]
Findings From 'Security and Risk' Meeting: Augment FISMA Reporting With Technical Controls to Improve Operational Security
White Papers Federal Information Security Management Act compliance can become a distraction from improving security. Organizations facing such compliance should use it as an opportunity to improve their operational security posture.
[October 5, 2009, 0:00]
Findings From Gartner 2006 Global Research Meeting: Security Infrastructure Prerequisites for a High-Trust Environment
White Papers Security infrastructure conditions and capabilities are the prerequisites for unfettered interaction between businesses and consumers. Changes in these conditions and capabilities can lead to a more-restrictive business environment.
[October 5, 2009, 0:00]
Findings for Deploying Web Application Firewalls
White Papers Although a long-term market will not exist for stand-alone Web application firewalls, these firewalls are good application-shielding safeguards. Look to deploy them within existing application delivery controllers.
[October 5, 2009, 0:00]
Findings From the 'Compliance and Risk' Research Community: Treat Risk Management as a Discipline
White Papers Too many companies are practicing a reactive approach to risk management. It is time to start treating risk management as a proactive discipline that creates an environment in which regulatory risk is not unduly controlling decisions.
[October 5, 2009, 0:00]
Findings From the 'Information Security, Privacy and Risk' Research Community: Windows Vista's BitLocker Planning Starts Now
White Papers While most enterprise deployments of Windows Vista won't start until 2008, enterprises must make some immediate changes in their hardware procurement specifications to be ready for the full-drive encryption called "BitLocker.
[October 5, 2009, 0:00]
Findings for Secure Use of Employee-Owned PCs
White Papers Shifting to the use of employee-owned PCs can reduce costs, but companies should be aware of the pitfalls. Security approaches must be implemented to securely use non-corporate PCs without putting business systems and processes at risk.
[October 5, 2009, 0:00]
Findings From the 'Client Inquiry': VLAN Separation Is Not Security Separation
White Papers A virtual local-area network is an acceptable component of an Internet demilitarized zone, but VLANs alone do not create a true DMZ. Firewalling and basic security best practices are necessary elements of VLAN-based Internet DMZs.
[October 5, 2009, 0:00]
Findings for URL Filtering: Just One Component of a Multifunction Secure Internet Gateway
White Papers The uniform resource locator filtering market is maturing, with many vendors offering solutions that are adequate for a typical enterprise. Yet, more change lies ahead, as URL filtering will increasingly be purchased as a feature of broader gateway...
[October 5, 2009, 0:00]
Findings From the 'Compliance and Risk' Research Meeting: Outsourcing Internal Audits for Sarbanes-Oxley Is Not a Panacea
White Papers Most companies use audit firms to help with Sarbanes-Oxley (SOX) preparations, but in case study, a midsize business also outsourced the internal audit function, mainly because it didn't have internal audit staff.
[October 5, 2009, 0:00]
Findings From the 'Information Security and Risk' Meeting: Web Application and Source Code Vulnerability Scanning Tools Face Widespread Adoption Challenges
White Papers Web application and source code vulnerability scanners promise automated security testing of applications to identify issues that may lead to an exploitable vulnerability. However, these technologies face significant challenges, both technical and...
[October 5, 2009, 0:00]
Findings From the 'Compliance and Risk' Research Community: Multifunction Products Can Create Compliance Headaches
White Papers The latest generation of multifunction products includes hard drives (and/or flash memory), scan-to-e-mail and fax modems, and embedded systems that can be accessed and controlled remotely through a browser.
[October 5, 2009, 0:00]
Findings From the 'Compliance and Risk' Research Community: Use Auditor Demands to Get the Controls You Want
White Papers Many auditors are making unnecessary demands on IT organizations for effective, long term Sarbanes-Oxley compliance. The key is to ensure that technology initiatives for audit remediation deliver material business benefits and process improvements.
[October 5, 2009, 0:00]
Findings From the 'Compliance and Risk' Research Community: Beware Hastily Added Compliance Features
White Papers Vendors continue to take advantage of the fear, uncertainty and doubt inspired by new government regulations to market well-established tools by adding compliance features of dubious value. Users should maintain a skeptical attitude as to the...
[October 5, 2009, 0:00]
Findings From the 'Information Security and Privacy' Group: Convergence of Liberty and WS-Federation Must Become a Reality
White Papers Even though SAML 2.0 has achieved significant penetration in the federated identity area, convergence of the protocols for handling SAML and other tokens is a requirement. Gartner believes that identity federation is crucial for advanced identity...
[October 5, 2009, 0:00]
Findings From 'Security and Privacy' Research Meeting: Operational Realities Trump Common Sense
White Papers Negotiating with auditors over Sarbanes-Oxley compliance often means compromise. Pick fights carefully. In many cases, compliance with the Sarbanes-Oxley Act or other regulations ends up being a negotiation with auditors or attesting/certifying...
[October 5, 2009, 0:00]
Findings From the 'Compliance and Risk' Research Community: Look for the Intersections Between Risk Assessment and Control Objectives
White Papers To ensure a level of due care, one needs to keep focus on those control objectives that overlap with the reasonably anticipated risks likeliest to affect regulatory, security or business objectives. Internal controls are measures that are put in...
[October 5, 2009, 0:00]
What Makes a Great Workforce Planner?: Findings From a Global Study of Practitioners
White Papers Many organizations are discovering that a 12-18 month headcount plan is insufficient for solving the talent changes they are experiencing or anticipating in the future. Every organization is heading towards a future influenced by current trends and...
[September 12, 2009, 1:22]
Findings for Information Security: Watch Out for the Hidden Cost of Leave-Behind Security Tools
White Papers Security groups should evaluate "Leave Behind" tools from consultants with respect to training and ongoing support costs. Security consultants sometimes bring custom tools to assessment or implementation projects.
[October 5, 2009, 0:00]
