I don't have any examples of charter documents, but I can give you a few recommendatations. First, make sure top management supports this steering committee in wriitng in the charter. They need to sign the committee's charter document. They may choose to be a part of the group, but they don't have to as long as they show they support the group and the work it does. You are on the right track including both IT and business line management. You may want to include representatives from the user community or at least have a sub-committee of users that you can discuss potential policies and technologies with. End users are not very happy to see a bunch of changes that impact their day-to-day lives come out of a management committee where they have no input. Finally, I would recommend keeping everyone educated and up-to-date on items the committee is discussing. Security is often a very hush-hush or secret topic that scares end users. Talk about security openly and get your users involved.
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Security management
Dig Deeper on Information security program management
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.