As information security matures into a formal discipline, it needs formal governance mechanisms. Over the past 12 months, Forrester has seen increased interest and activity in establishing security steering committees. If structured and developed appropriately, a security steering committee will ensure alignment with business goals, appropriate decision structures, communication, and metrics that measure the effectiveness of the security program. Unfortunately, many security steering committees don't help, and in some instances, they can even hinder, the goals of the security organization by becoming yet another bureaucratic obstacle. Here are 10 tips for building a successful security steering committee.