Home > Information Security Magazine > Features > Information security steering committee best practices
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Information security steering committee best practices
by Michael S. Mimoso
Issue: Jan 2009
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >

"The PASS Council serves to promote security in very advantageous ways, especially if you're doing it in language [business leaders] understand," Bailey says. "PASS helped me produce, as a product, a risk picture, a strategic plan associated with the risk picture, a budget associated with the strategic plan, and ongoing reporting to management with their approval and endorsement. It's hard for anybody not to listen to what I'm asking for when it represents the institutional risk officers behind it. How could you operate without it?"

It's crucial too to keep these meetings strategic and about mitigating risk to individual business units or the enterprise overall, otherwise interest and attendance will wane and the effectiveness of the group ends.


[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Failure is not an option [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Here are eight security steering commitee best practices to remember to keep your security steering committee afloat for the long haul.



>
1. Get the right buy-in from security, executives and business leaders that they will participate.

2. Don't get hung up on titles. Look for those who are interested in and could evangelize security or act as a liaison between security and the business.

3. Educate your committee members on how to think about risk and how it applies to their business; in turn they'll be able to make useful decisions.

4. Stay on topic. Don't talk about spam, vulnerabilities or patching. Keep meetings strategic and think about how you can steer the risk appetite of an organization.

5. Bring metrics to the table. This can't be a status meeting; you need metrics to be able to answer questions and make decisions based on historical data.

6. Charter the committee. Get formal sign-off from executive management and formalize roles and responsibilities for committee members.

7. Keep membership consistent and meet regularly.

8. Set the agenda and send out materials in advance.

SOURCES: Khalid Kark, Forrester Research; Kirk Bailey, Timothy McKnight, Jerry Freese.


[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts