Team Selection: The Chief Executive and the Information Security Manager (ISM) identify the team members.
Selection Criteria: Given the above Mission, Goals and Objectives, the team needs to include members at an executive level of authority. The team also must be sufficiently broad so that all staff and vendors are in a management chain led by a member of the team, i.e., every staff member and vendor is ‘represented’ by a member of the team. Vertically, the team must extend upwards to executive levels and horizontally, there are to be no ‘orphans.’
Required Team Members
- Information Security Manager (ISM)
- Chief Financial Officer
- Highest-ranking IT person: CIO, CTO, Director of IT, IT Manager
- Chief Risk Officer (if present)
- Chief Legal Officer (if present)
- If highest-ranking IT person is not an Officer, then the person to whom the highest-ranking IT manager reports
Additional Team Members
Other Team members are to be selected as appropriate to the organization’s size and organizational structure. These may include
- Chief Operations Officer
- Director of Human Resources
- Other Department Heads: Sales, Marketing, Manufacturing, etc.
- Partner-in-Charge of Administration (in a professional services firm)
- Head of the Technology Committee (in a professional services firm)
- Director of Development (in a non-profit)
Subject Matter Expertise
The Team is to include, or be supported by, information security subject matter expertise.
The Team is to have available, using as appropriate, subject matter experts in leadership and culture.
The ISM chairs the Information Security Management & Leadership Team.
The Team is to meet at least monthly.
Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.