InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
As technology continues to become a core part of how organizations do business, alignment between business and security leaders is critical. Having a security committee is a proactive, intentional strategy that helps drive partnership, engagement and
value by creating a dedicated forum for cross-collaboration across business and security. However, without guardrails, there will always be competing priorities across these groups.
This piece provides best practices committee creators can use to build a security charter that will provide needed input into governance; risk rankings and prioritization; policies, standards and guidelines; compliance requirements; and findings.
Establishing a security committee is a great way to encourage interdepartmental collaboration, gain buy-in and drive accountability. Because there are myriad challenges to resolve and opportunities to improve, it is important the founding member(s) of
the committee create a charter. The purpose of the charter is to define the committee’s structure, focus areas and goals to help prevent scope creep, establish boundaries and ensure all committee members work together toward the same goal.
Key components of the security committee charter include:
READ: Does Your Business Need a BISO?
For security to be a business enabler, security leaders must understand the business and its functions. It is not uncommon for leaders and staffers within shared services functions like security, audit and compliance to have just a base understanding of how business units are structured.
The security committee offers a great opportunity to disrupt this reality because it creates a forum for each business unit leader or function to educate not only security, but the remaining charter members on their business structure, customer profile,
product overview, challenges and big wins. Through these discussions, other business unit leaders often identify commonalities between their organization and others. This facilitates idea sharing, collaboration, streamlining and higher participation
in security efforts, which all benefit the overall security function.
There will always be a host of issues that security can help solve for the business, and the business will always have a list of things it wants the security function to improve. Many security functions get nothing done because they make the mistake of
attempting to “boil the ocean.”
A core exercise the security committee should practice is creating a list of the top five topics to focus on. The committee member who proposes each topic should present supporting data and perspective to justify the choice. Committee members should also
consider each ideal solution’s effort to implement and impact when considering items of priority. This exercise should be performed regularly, either each quarter or as items of priority are resolved by the committee.
READ: Build a Stronger Security Culture with a BISO
Creating a security council can be a secret weapon for security leaders to solve the common challenges of relationship management and security prioritization within an organization. It creates a trusted forum of leaders with decision-making capability
and influence, enabling them to share insight into their business that may not be considered by risk and security teams. To ensure your security committee is successful:
The following resources might also be helpful when building a security committee charter:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 6, 2022
By IANS Research
Improve your attack surface management plan using 9 steps to mitigate risk and strengthen enterprise security posture.
December 1, 2022
By IANS Faculty
Improve your vendor management program using six focus areas to benchmark program maturity and identify key pitfalls to avoid.
November 29, 2022
Learn how to integrate IT, OT and physical security programs to reduce risk, improve efficiency and streamline processes across the organization.