This document provides an overview of Gartner's methodologies for evaluating technology products and vendors, including the Gartner IT Market Clock, Hype Cycle, MarketScope, Magic Quadrant, and Critical Capabilities research. It recommends specific Gartner research reports on topics like information security program structure, security processes, risk management techniques, and risk governance forums to help with information security planning and risk oversight. The document emphasizes speaking with a Gartner analyst in addition to reviewing reports.