Create And Manage An Effective Security Governance Board

September 4th, 2013

Andrew Rose

With contributors:

Christopher McClean , Nick Hayes , Jessica McKee

Summary

Over the past few years, regulation, compliance, and an escalating threat landscape gradually pushed information security to mature into a formal discipline, and these drivers encouraged CISOs to formulate various governance bodies. Often, these were groups of interested parties hastily pulled together under the laudable, but rather vague, banner of "governing IT risk management across the enterprise." For a period, these groups sufficed. As the business consequences of information security failures escalated, however, there has been an increasing interest in reviewing the security steering committees to ensure that they were correctly focused and effective in their duties. Although the role of an information security governance committee can vary widely from one organization to another, this document explores the commonalities shared by the most effective governance bodies and explains how you can set up and manage a board that truly engages with the lines of business.

Want to read the full report?

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.