Premium Content

Access "Security steering committee force CISOs to connect with the business"

Published: 20 Oct 2012

Not long ago, the smart people at Carnegie Mellon University's CyLab security research and education center wrote a report on the disconnect between senior management, boards of directors, and those responsible for information security in the enterprise. The results were disturbing because they pointed out how little oversight executives and board members have over security, how unaware directors are of security and privacy budgets, and roles and responsibilities. Among a long list of recommendations coming out of the CyLab Governance and Enterprise Security report was the need to include IT risk in an enterprise risk management program, segregate responsibility for security oversight away from audit committees, and establish a separate risk committee that assesses enterprise risks, including IT risks. Also tucked away on the list was the suggestion to establish a cross-organizational entity that meets regularly to discuss security and privacy issues and include on that team, among others, legal, finance, HR, public relations, the CIO and security and ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free