Information security steering committee best practices


This article can also be found in the Premium Editorial Download "Information Security magazine: How to be successful with your security steering committee."

Download it now to read this article plus other related content.

"The idea of the Executive Security Committee was to provide full disclosure of security for the business side. We're very aware of the need for integration for security and business," Freese says. "We can mandate security all we like in a vacuum, but as most companies have found out, that usually meets with a lot of resistance. The business has to be involved in all decisions that are made."

Having business stakeholders at the table enables security to lay out all the risks to the concerned parties, and, more importantly, provides an opportunity for discourse on the subject.

    Requires Free Membership to View

By Committee
American Electric Power Executive Security Committee

CHAIRED BY Jerry Freese

NOT chartered

MONTHLY meetings with a fluid membership

COVERS security initiatives, compliance activities, and legislative and regulatory updates.

MEMBERSHIP includes HR, legal, finance, IT, government affairs representatives, reliability officers and compliance officers.

"The whole idea is to get whoever could be the decision maker on the business unit side apprised of what we're tying to do, what it means to them, what not doing it means to them from a risk perspective, giving them input from us, and asking them to provide feedback to us," Freese says.

"We want to provide full disclosure of all events on the security side."

With stringent NERC cybersecurity rules bearing down on organizations such as Freese's, bringing all sides to the table via a steering committee takes on greater importance than ever. Freese runs the monthly meetings; he sets the agenda, which runs the gamut from updates on major security initiatives to compliance activities that must be communicated to the enterprise's commercial operations units, as well as any legislative or regulatory updates. "It's quite a lot," Freese says.

The committee will be invaluable going forward, he adds, because of the new NERC mandates. NERC is demanding that utilities such AEP identify and protect critical infrastructure assets and ensure reliable operation of the bulk electric system.

This was first published in January 2009

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: