Problem solve Get help with specific problems with your technologies, process and projects.

Recommendations for creating a security steering committee

I'm the Enterprise Security Manager for my company. I'm interested in spearheading a "Information Security Steering Committee" effort. I envinsion the group being executive level, comprised of both IT and business line management. I'm looking for some guidance (or better yet examples) of "charter" documents for this type of organization. Any suggestions? Thanks!

I don't have any examples of charter documents, but I can give you a few recommendatations. First, make sure top management supports this steering committee in wriitng in the charter. They need to sign the committee's charter document. They may choose to be a part of the group, but they don't have to as long as they show they support the group and the work it does. You are on the right track including both IT and business line management. You may want to include representatives from the user community or at least have a sub-committee of users that you can discuss potential policies and technologies with. End users are not very happy to see a bunch of changes that impact their day-to-day lives come out of a management committee where they have no input. Finally, I would recommend keeping everyone educated and up-to-date on items the committee is discussing. Security is often a very hush-hush or secret topic that scares end users. Talk about security openly and get your users involved.

For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Security management

This was last published in July 2002

Dig Deeper on Information security program management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.