This article can also be found in the Premium Editorial Download "Information Security magazine: How to be successful with your security steering committee."
Download it now to read this article plus other related content.
"The idea of the Executive Security Committee was to provide full disclosure of security for the business side. We're very aware of the need for integration for security and business," Freese says. "We can mandate security all we like in a vacuum, but as most companies have found out, that usually meets with a lot of resistance. The business has to be involved in all decisions that are made."
Having business stakeholders at the table enables security to lay out all the risks to the concerned parties, and, more importantly, provides an opportunity for discourse on the subject.
American Electric Power
Executive Security Committee
CHAIRED BY Jerry Freese
MONTHLY meetings with a fluid membership
COVERS security initiatives, compliance activities, and legislative and regulatory updates.
MEMBERSHIP includes HR, legal, finance, IT, government affairs representatives, reliability officers and compliance officers.
"The whole idea is to get whoever could be the decision maker on the business unit side apprised of what we're tying to do, what it means to them, what not doing it means to them from a risk perspective, giving them input from us, and asking them to provide feedback to us," Freese says.
"We want to provide full disclosure of all events on the security side."
With stringent NERC cybersecurity rules bearing down on organizations such as Freese's, bringing all sides to the table via a steering committee takes on greater importance than ever. Freese runs the monthly meetings; he sets the agenda, which runs the gamut from updates on major security initiatives to compliance activities that must be communicated to the enterprise's commercial operations units, as well as any legislative or regulatory updates. "It's quite a lot," Freese says.
The committee will be invaluable going forward, he adds, because of the new NERC mandates. NERC is demanding that utilities such AEP identify and protect critical infrastructure assets and ensure reliable operation of the bulk electric system.
This was first published in January 2009