- The first is the "CYA" crowd. These are people looking to cover their backsides for decisions they want to make. They've done their homework, they know what they want to do, and they are looking for the name-brand research firm to validate their decisions so senior management will let them move forward.
- The second group is lazy. These people don't want to do any work, so they look to the research firm to tell them exactly what to do. They look at the quadrant reports and call the vendors in the top-right corner. To be clear, the research firms definitely frown upon this use of their research, but it happens every day.
- The third category includes those that are looking to get smarter and use the research firm as a broad and long educational process on a certain topic. Clearly every company is different, but most published research tends to be generic.
Depending on which category an organization falls into, what it needs out of a research company will differ. As a CYA, the big brand name is important. For someone in group two, i.e. looking to get out of work, then the brand name usually suffices, but there are a number of smaller specialists that do deep technical and architectural work.
For someone in the third group, most of the research firms will do a decent job because the process is run by the enterprise. The enterprise security officer can direct the analysts to give the needed information and then verify decisions as he or she learns more about the topic.
And yes, I think it's worth the money -- as long as the buyers are educated and actually use the information they purchase to make good decisions and take positive action toward building a better security program.
Dig Deeper on Information security policies, procedures and guidelines
Related Q&A from Mike Rothman
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them ... Continue Reading
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.