• United States



Security Committee

Apr 15, 20052 mins
CSO and CISOData and Information Security

Marshall Sanders didn’t have to scream and holler to get a converged security department after joining Level3 Communications in 1999. In fact, it was his mandate from senior executives. Security’s high profile at his company manifests itself in the corporate risk management council, which provides strategic direction for security.

The council was formed in January 2002 and meets every other month, or as required. It’s chaired by the chief legal officer. Besides Sanders, other members include the corporate vice chairman, the CTO, the CFO, the president of European operations and the global vice presidents of transport and infrastructure, intellectual property and data systems, global sales, and HR. “The council helps drive convergence,” says Sanders. “It provides a cross-functional view of managing risk.”

Keith Antonides also relies on his executive oversight committee for information security for strategic guidance. Antonides, the corporate information security director at Rohm and Haas, a large specialty chemical company, serves on the committee (and leads the meetings) along with the CIO (who chairs it), the head of manufacturing, the general counsel, the head of HR, the global IT infrastructure director, the controller, the director of internal audit, and the corporate security director. “The charter was to put a higher focus on infosecurity in the organization and make sure it was supported at the executive level,” he says of the group, which was established in 2000.

The committee has helped IT folks and the process control engineers build better relations, critical to ensuring the security of the company’s process control networks, Antonides says.