|
"I get to move in without much argument because
they know it's done with the consent of the risk
manager, auditor and legal-it's hard for anyone to
object to our involvement," Bailey says, adding that
any complaints would eventually arrive at the desk
of a senior manager who is likely associated with the
council. "I know security pros are considered a little
autocratic, but truth is, in a preemptive action, this
council supports that need."
Bailey approaches incident mitigation and
response as a service, arriving not only with his
expertise, but with the necessary tools and forms
required to fend off disaster and appropriately document
it. Departments can use that documentation,
for example, to make their case for budget changes
to prevent future recurrences.
"If the PASS Council becomes involved, people
trust it. If you're a department manager who has
had a terrible breach, and you're looking at millions
of dollars worth of losses and worried about reputation,
if I knock at your door and say I'm here to
take over this incident with your help, people are
relieved," Bailey says. "(Public relations) is in place;
we have legal opinions at the ready, risk underwriting
ready to answer questions, all congealed into
one quick-acting service. If it's planned well, I can't
understand living without it."
Bailey says for a security steering committee to
flourish it's important that the membership remain
fluid and represent an institution's most important
risk and administrative areas. Ensure that the committee's
interactions meet the needs of its member
business units because that helps support its acceptance
and effectiveness as an institutional body. And,
he says, don't be afraid to expand the group's responsibilities
as chartered by providing services in areas
that might seem out of its scope, especially in terms
of IT policy development.
"If you want this to be well established, you
have to dedicate time to ...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
it as a security professional.
You've got to dedicate resources and energy to make
this happen and keep it vital," Bailey says. "I invest an
enormous amount of time in it to keep it growing
and thriving."
AUTHORITATIVE ROSTER
Northrop Grumman, similar to UW, has a chartered
information security steering committee that's been part of the
fabric of the defense contractor's information security
program for more than a decade. With a roster
of internal heavyweights including information and
industrial security, lines of business heads of security,
as well as representatives of legal and human resources,
Northrop Grumman's Corporate Security Council has
authority over everything pertaining to information
security from buyer contingency planning to investigative
issues, says Timothy McKnight, vice president
and CISO.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] By Committee
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Northrop Grumman Corporate Security Council
CHAIRED BY Timothy McKnight
CHARTERED for more than 10 years
QUARTERLY meetings are face-to-face;
monthly meetings are teleconferences
MEMBERS include information and
industrial security, HR, legal and
business unit heads of security.
OBJECTIVES Policy making and
procurement
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
|
 |
|
