Security Committee
Executive security councils help guide convergence
By Todd Datz
April 15, 2005 — CSO — Marshall Sanders didn't have to scream and holler to get a converged security department after joining Level3 Communications in 1999. In fact, it was his mandate from senior executives. Security's high profile at his company manifests itself in the corporate risk management council, which provides strategic direction for security.
The council was formed in January 2002 and meets every other month, or as required. It's chaired by the chief legal officer. Besides Sanders, other members include the corporate vice chairman, the CTO, the CFO, the president of European operations and the global vice presidents of transport and infrastructure, intellectual property and data systems, global sales, and HR. "The council helps drive convergence," says Sanders. "It provides a cross-functional view of managing risk."
Keith Antonides also relies on his executive oversight committee for information security for strategic guidance. Antonides, the corporate information security director at Rohm and Haas, a large specialty chemical company, serves on the committee (and leads the meetings) along with the CIO (who chairs it), the head of manufacturing, the general counsel, the head of HR, the global IT infrastructure director, the controller, the director of internal audit, and the corporate security director. "The charter was to put a higher focus on infosecurity in the organization and make sure it was supported at the executive level," he says of the group, which was established in 2000.
The committee has helped IT folks and the process control engineers build better relations, critical to ensuring the security of the company's process control networks, Antonides says.
Read more about data protection in CSOonline's Data Protection section.
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
- Teenage hackers could be our last, best hope
I got an email yesterday asking if teenage hacking is on the rise. At first I balked. Teenage hackers have always been in abundance, so the question seemed stupid to me. Then I remembered something about teens that the SANS Institute's Alan Paller mentioned at a conference last week. Let's start with that press release, which framed the scenario this way: - Busted: When security tools fail
- Hey Linux, Mac and Windows users: It's ALL vulnerable
More Salted Hash with Bill Brenner
