Summary
Over the past few years, regulation, compliance, and an escalating threat landscape gradually pushed information security to mature into a formal discipline, and these drivers encouraged CISOs to formulate various governance bodies. Often, these were groups of interested parties hastily pulled together under the laudable, but rather vague, banner of "governing IT risk management across the enterprise." For a period, these groups sufficed. As the business consequences of information security failures escalated, however, there has been an increasing interest in reviewing the security steering committees to ensure that they were correctly focused and effective in their duties. Although the role of an information security governance committee can vary widely from one organization to another, this document explores the commonalities shared by the most effective governance bodies and explains how you can set up and manage a board that truly engages with the lines of business.
- Stay ahead of changing market and customer dynamics with the latest insights.
- Partner with expert analysts to make progress on your top initiatives.
- Get answers from trusted research using Izola, Forrester's genAI tool.