Get Instant Access
to This Blueprint

Security icon

Improve Security Governance With a Security Steering Committee

Build an inclusive committee to enable holistic strategic decision making.

  • Security is still seen as an IT problem rather than a business risk, resulting in security governance being relegated to the existing IT steering committee.
  • Security is also often positioned in the organization where they are not privy to the details of the organization’s overall strategy. Security leaders struggle to get the full enterprise picture.

Our Advice

Critical Insight

  • Work to separate the Information Security Steering Committee (ISSC) from the IT Steering Committee (ITSC). Security transcends the boundaries of IT and needs an independent, eclectic approach to make strategic decisions.
  • Be the lawyer, not the cop. Ground your communications in business terminology to facilitate a solution that makes sense to the entire organization.
  • Develop and stick to the agenda. Continued engagement from business stakeholders requires sticking to a strategic level-focused agenda. Dilution of purpose will lead to dilution in attendance.

Impact and Result

  • Define a clear scope of purpose and responsibilities for the ISSC to gain buy-in and consensus for security governance receiving independent agenda time from the broader IT organization.
  • Model the information flows necessary to provide the steering committee with the intelligence to make strategic decisions for the enterprise.
  • Determine membership and responsibilities that shift with the evolving security landscape to ensure participation reflects interested parties and that money being spent on security mitigates risk across the enterprise.
  • Create clear presentation material and strategically oriented meeting agendas to drive continued participation from business stakeholders and executive management.

Improve Security Governance With a Security Steering Committee

Start here – read the Executive Brief

Read our concise Executive Brief to find out how to improve your security governance with a security steering committee, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

1. Define committee purpose and responsibilities

Identify the purpose of your committee, determine the capabilities of the committee, and define roles and responsibilities.

2. Determine information flows, membership & accountabilities

Determine how information will flow and the process behind that.

3. Operate the Information Security Steering Committee

Define your meeting agendas and the procedures to support those meetings. Hold your kick-off meeting. Identify metrics to measure the committee’s success.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.0/10


Overall Impact

$0


Average $ Saved

0


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Alabama Department of Corrections

Guided Implementation

9/10

N/A

N/A

Clark County, WA

Guided Implementation

8/10

$12,733

10

Pact Group PTY Ltd

Guided Implementation

10/10

N/A

18

Toronto District School Board

Guided Implementation

7/10

N/A

N/A


About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

Member Rating

9.0/10
Overall Impact

$0
Average $ Saved

0
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Try Our Guided Implementations

Get the help you need in this 3-phase advisory process. You'll receive 7 touchpoints with our researchers, all included in your membership.

Guided Implementation #1 - Define committee purpose and responsibilities
  • Call #1 - Identify the responsibilities and duties of the ISSC.
  • Call #2 - Draft the committee purpose of the ISSC.

Guided Implementation #2 - Determine information flows, membership & accountabilities
  • Call #1 - Determine SIPOC modeling of information flows.
  • Call #2 - Determine accountabilities and responsibilities.

Guided Implementation #3 - Operate the Information Security Steering Committee
  • Call #1 - Set operational standards.
  • Call #2 - Determine effectiveness metrics.
  • Call #3 - Understand steering committee best practices.

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019