Register as Guest | Client Login
Skip Navigation LinksHome > Research > Coverage Area > SRMS Research

Security and Risk Management

  • Risk management and business drivers
    • Proactive security models
    • Malware defense
    • Practical risk management frameworks and approaches
  • Distributed security architectures
    • Perimeters and zones
    • Securing mobile devices
    • Network access and admission control
  • Application and information-centric security architecture
    • Application and database security
    • Content filtering, encryption and key management
    • Vista security
Published Content List IconPublished Content List

  • Security management technologies, products and suites
    • Security event information monitoring
    • Vulnerability management
  • Security management processes
    • Security programs
    • Compliance and policy management tools

Umbrella Technology Focus:

Planning and creation of security architecture, infrastructure, and programs for complex global enterprise networks. Technology focused reports on vendor product offerings.

Primary Areas of Focus for 2008

  • DISTRIBUTED SECURITY ARCHITECTURES, PERIMETERS, AND ZONES: Centralized policy management systems with distributed policy enforcement points; layered protections, including network zones and other separation approaches; network admission or access control (NAC); firewalls; and intrusion detection and response systems (IDRS)

  • SECURITY MANAGEMENT AND AUDIT: Configuration, patch, and vulnerability management; security event information management systems that aggregate data for analysis, monitoring, reacting, and reporting; and feedback and audit trails

  • GOVERNANCE, RISK, AND COMPLIANCE: Organizational processes for governing, managing risk, and handling compliance; effecting round-trip management; e-discovery and payment card industry (PCI) data security standard

  • SECURITY EVALUATION: Optimizing security spending, managing non-quantifiable risks; evaluating risk management approaches, insider defense and separation architectures, host security, content security, and application security testing

  • SECURITY METRICS: Top strategic security metrics; communicating essential quantitative data to management; understanding organizational "vital signs"; knowing what to count

  • ENDPOINT SECURITY: Assessment, enforcement, quarantine, and remediation mechanisms for hosts and mobile devices; host intrusion prevention; and trusted system technologies

  • CONTENT SECURITY: Pre-empting malicious software (malware) through integrated anti-virus, anti-spam, anti-spyware, and anti-phishing defenses; message (email and IM) filtering/hygiene; file and disk encryption; information leakage detection or prevention; and rights management technologies

  • APPLICATION AND DATABASE SECURITY: Code scanning; web application firewalls, securing the SDLC, Web 2.0 security, database monitoring and encryption

Additional Areas of Focus for 2008

  • Security software suites
  • Privilege control and least privilege
  • Secure messaging
  • Centralized key management
  • Windows Server 2008 security
Published Content List

Consulting Services

Security Metrics worksho p- Security Metric Matter

Burton Group
IT1 Brochure

Download Brochure

© 2008 Burton Group. All rights reserved