United States

Setting up a security steering committee

WHITE PAPER  | 

Download white paper

In many cases, companies isolate security into its own segment. Responsibilities are typically split between low-level IT staff, who must juggle break/fix situations with technology investments, as well as security tasks. However, this scenario often results in security best practices being overlooked for the sake of convenience, and little alignment between the IT group and the rest of the organization regarding security decisions.

A recent survey of global business and security executives demonstrated that many organizations exhibit a significant disconnect between the business and cybersecurity efforts. Not surprisingly, more than half of respondents had not established a steering committee to address cyber-risks or their effect on the business.

With the frequency and severity of cyberattacks on the rise, businesses must make an effort to gather stakeholders from across the organization to discuss security issues and make joint decisions. That is where security steering committees come into play.

Security steering committees provide an open forum for individuals and departments to raise concerns about existing policies and influence the creation of new guidelines. A security steering committee establishes the corporate stance on information technology (IT), demonstrating a dedication to maintaining systems and ultimately creating a cost-effective strategy to properly protect systems and data. The committee should represent a cross section of the organization, with representatives from across the business whose responsibilities are adjacent to security concerns. 

Read our white paper to learn more about establishing a security steering committee, including:

  • How a committee typically functions
  • Who should attend a security steering committee meeting?
  • What are the benefits of a security steering committee?

If your organization is suffering from a security communication breakdown, a security steering committee may be the right solution. An effective committee can provide buy-in across business units, create a channel to raise security issues to executive staff and board members, and improve cultural adoption of security practices.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Receive Risk Bulletin by Email

SUBSCRIBE


Cybersecurity Rapid Assessment®

Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

LEARN MORE


Resources

Capabilities

Case Studies

COSO Resource Center

Consulting Careers



Events/Webcasts

LIVE WEBCAST

Regulatory update: Insurance investment risk analysis

  • November 20, 2019

LIVE WEBCAST

Why data privacy matters in a public world?

  • October 24, 2019