Home > Information Security Magazine > Features > Information security steering committee best practices
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Information security steering committee best practices
by Michael S. Mimoso
Issue: Jan 2009
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >

"The idea of the Executive Security Committee was to provide full disclosure of security for the business side. We're very aware of the need for integration for security and business," Freese says. "We can mandate security all we like in a vacuum, but as most companies have found out, that usually meets with a lot of resistance. The business has to be involved in all decisions that are made."

Having business stakeholders at the table enables security to lay out all the risks to the concerned parties, and, more importantly, provides an opportunity for discourse on the subject.


[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] By Committee [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
American Electric Power Executive Security Committee

CHAIRED BY Jerry Freese

NOT chartered

MONTHLY meetings with a fluid membership

COVERS security initiatives, compliance activities, and legislative and regulatory updates.

MEMBERSHIP includes HR, legal, finance, IT, ...



government affairs representatives, reliability officers and compliance officers.


[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]

"The whole idea is to get whoever could be the decision maker on the business unit side apprised of what we're tying to do, what it means to them, what not doing it means to them from a risk perspective, giving them input from us, and asking them to provide feedback to us," Freese says.

"We want to provide full disclosure of all events on the security side."

With stringent NERC cybersecurity rules bearing down on organizations such as Freese's, bringing all sides to the table via a steering committee takes on greater importance than ever. Freese runs the monthly meetings; he sets the agenda, which runs the gamut from updates on major security initiatives to compliance activities that must be communicated to the enterprise's commercial operations units, as well as any legislative or regulatory updates. "It's quite a lot," Freese says.

The committee will be invaluable going forward, he adds, because of the new NERC mandates. NERC is demanding that utilities such AEP identify and protect critical infrastructure assets and ensure reliable operation of the bulk electric system.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts