In Depth
How to Build a Security Management Team
How establishing a formal security management team can free you up to focus on strategy
By Anonymous
At the conclusion of each meeting, the team members review the minutes, then communicate the content to their departments and the business channels that they support. This follow-up communication flows nicely, since there is a unified voice from the SET. It reinforces the fact that the SET makes the decisions and that they are vetted thoroughly for the benefit of the entire department and organization.
When it’s all said and done—if everything goes well, that is—you will have created an environment where your key management team assembles regularly to debate and make decisions. As the leader, this means that you have effectively let go of the day-to-day minutiae of the security department and limited your focus. In my case, I have managed to narrow the time I spend on daily operations to the two days that my SET meets each month. Of course, I am free to insert myself more than that, either as my schedule allows or because of my interest in a topic. But I don’t have to get involved to count on things being done appropriately.
What does this mean? Now that this process is in place, I can move beyond the tactical. After all, this is what the organization really needs from the CSO: a focus on the long-term alignment and creative applications of the security mission with the direction of the business. Through this process, the CSO can effectively open up his or her calendar.
Also, I have found that a separate and welcome benefit of this team approach is that now I can periodically begin a SET meeting with a strategic topic. Having opened the door for my SET members to engage in unrestricted, constructive debate on key tactical issues, I can also sit back and enjoy the benefits of a strategic discussion, making use of collective team wisdom. n
CSO Undercover is written anonymously by a real CSO. Send feedback to csoundercover@cxo.com.
Undercover is written anonymously by a real CSO. Send feedback to csoundercover@cxo.com.
Other stories by Anonymous
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
