Guide

Setting up a security steering committee

In many cases, companies isolate security into its own segment. Responsibilities are typically split between low-level IT staff, who must juggle break/fix situations with technology investments, as well as security tasks. However, this scenario often results in security best practices being overlooked for the sake of convenience, and little alignment between the IT group and the rest of the organization regarding security decisions.

A recent survey of global business and security executives demonstrated that many organizations exhibit a significant disconnect between the business and cybersecurity efforts. Not surprisingly, more than half of respondents had not established a steering committee to address cyber-risks or their effect on the business.

With the frequency and severity of cyberattacks on the rise, businesses must make an effort to gather stakeholders from across the organization to discuss security issues and make joint decisions. That is where security steering committees come into play.

Security steering committees provide an open forum for individuals and departments to raise concerns about existing policies and influence the creation of new guidelines. A security steering committee establishes the corporate stance on information technology (IT), demonstrating a dedication to maintaining systems and ultimately creating a cost-effective strategy to properly protect systems and data. The committee should represent a cross section of the organization, with representatives from across the business whose responsibilities are adjacent to security concerns.

Read our white paper to learn more about establishing a security steering committee, including:

How a committee typically functions
Who should attend a security steering committee meeting?
What are the benefits of a security steering committee?

If your organization is suffering from a security communication breakdown, a security steering committee may be the right solution. An effective committee can provide buy-in across business units, create a channel to raise security issues to executive staff and board members, and improve cultural adoption of security practices.

Download the guide

Related insights

Stay up to date on what matters most to your business.

Let us know your personal preferences for topics, industries and services to start receiving RSM updates in your inbox. Get the most from insights, events and offers from our team of first-choice advisors.

Subscribe now >

THE POWER OF BEING UNDERSTOOD

ASSURANCE | TAX | CONSULTING

RSM Canada LLP is a limited liability partnership that provides public accounting services and is the Canadian member firm of RSM International, a global network of independent assurance, tax and consulting firms. RSM Canada Consulting LP is a limited partnership that provides consulting services and is an affiliate of RSM US LLP, a member firm of RSM International. The member firms of RSM International collaborate to provide services to global clients but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmcanada.com/about for more information regarding RSM Canada and RSM International.

Strategic technology alliances

Featured technologies

Platform user insights and resources

About RSM

Experience RSM

Spotlight on culture

Work with us