Guide

Setting up a security steering committee

December 06, 2018
#
Audit Risk consulting

In many cases, companies isolate security into their own segment. Responsibilities are typically split between low-level IT staff, who must juggle break/fix situations with technology investments, as well as security tasks. However, this scenario often results in security best practices being overlooked for the sake of convenience, and little alignment between the IT group and the rest of the organization regarding security decisions.

A recent survey of global business and security executives demonstrated that many organizations exhibit a significant disconnect between the business and cybersecurity efforts. Not surprisingly, more than half of the respondents had not established a steering committee to address cyberrisks or their effect on the business.

With the frequency and severity of cyberattacks on the rise, businesses must make an effort to gather stakeholders from across the organization to discuss security issues and make joint decisions. That is where security steering committees come into play.

Security steering committees provide an open forum for individuals and departments to raise concerns about existing policies and influence the creation of new guidelines. A security steering committee establishes the corporate stance on information technology (IT), demonstrating a dedication to maintaining systems and ultimately creating a cost-effective strategy to properly protect systems and data. The committee should represent a cross-section of the organization, with representatives from across the business whose responsibilities are adjacent to security concerns. 

Read our guide to learn more about establishing a security steering committee, including:

  • How a committee typically functions
  • Who should attend a security steering committee meeting?
  • What are the benefits of a security steering committee?

If your organization is suffering from a security communication breakdown, a security steering committee may be the right solution. An effective committee can provide buy-in across business units, create a channel to raise security issues with executive staff and board members and improve cultural adoption of security practices.

Related insights

Subscribe to Risk Bulletin

Our cybersecurity, risk and fraud professionals provide regular insights and regulatory compliance updates to help your organization manage risk.