Skip to main content

Save or Share this Report

For Security & Risk Professionals

Create And Manage An Effective Security Governance Board

September 4, 2013

Primary author headshot

Authors

  • By Andrew Rose
  • with Christopher McClean,
  • Nick Hayes,
  • Jessica McKee

Why Read This Report

Over the past few years, regulation, compliance, and an escalating threat landscape gradually pushed information security to mature into a formal discipline, and these drivers encouraged CISOs to formulate various governance bodies. Often, these were groups of interested parties hastily pulled together under the laudable, but rather vague, banner of "governing IT risk management across the enterprise." For a period, these groups sufficed. As the business consequences of information security failures escalated, however, there has been an increasing interest in reviewing the security steering committees to ensure that they were correctly focused and effective in their duties. Although the role of an information security governance committee can vary widely from one organization to another, this document explores the commonalities shared by the most effective governance bodies and explains how you can set up and manage a board that truly engages with the lines of business.

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($745 USD).

Purchase

Table of Contents

  • CISOs Are Denied A Valuable Ally As Governance Boards Fall Short
  • Common Practices Pervade In Successful Governance Boards
  • Use A Charter To Drive Excellence Within Your Governance Board
  • WHAT IT MEANS

  • Security Programs Require Governance Boards To Stay Relevant
  • Related Research Documents