This article can also be found in the Premium Editorial Download "Information Security magazine: How to be successful with your security steering committee."
Download it now to read this article plus other related content.
"It's a brand new thing for the electric sector.We have to come up with a lot of security implementations that we hadn't really dealt with before. Some of these are fairly significant projects that cost significant dollars," Freese says. "These are the type of things we have to explain why they are needed. I have a head start because it's a required set of initiatives; nevertheless, we have to come up with a cost-effective way to do this."
Freese says security organizations will eventually have to concede and formulate some sort of steering committee, otherwise they'll be operating in a vacuum and eventually impede business. For example, having legal and HR already at the table goes a long way toward solving any potential difficulties having to do with discovery or NERC compliance around HR management systems.
"[A steering committee] does a great deal to enhance the credibility of security if it's done correctly. I think it shows there are optimum solutions to protect the business as well as the company's data and networks," Freese says.
"It doesn't have to be adversarial. I think we're a good example. We've evolved into an organization that trusts that business and security will mesh and will sustain each other. It does change relationships a great deal."
This was first published in January 2009