| || |
Background and Goals
In order to achieve the above mentioned goals or desired state, the Steering Committee’s initial efforts focused on an organizational planning phase that produced the following deliverables:
|At the February 2012 Department Heads Meeting the Enterprise Security Committee was given the green light to begin working on the following goals: |
- Work to reduce threats to physical and information security, while looking for solutions that make efficient use of resources.
- Protect customer’s private/personal information.
- Prevent loss of property.
- Development, oversight, and monitoring of Compliance Program.
The Charter and Guiding Principles provided the foundation for the committee to develop the Strategic Plan which adheres to the following methodology:
- Staffing Subcommittees,
- Developing a Charter,
- and Developing Guiding Principles.
Although the Guiding Principles are not a specific step in formulating the Strategic Plan, they guide the decision making process at each step.
- Identify Actual State of security
- Identify Desired State
- Identify Objectives. These objectives must be aligned with the organization’s strategic objectives.
- Define a Strategy that will give the highest probability of success in achieving the Objectives. Cost, risk, duration, available resources, etc., will help define the Strategy.
- Identify steps / Projects needed to achieve Objectives. The collection of these projects constitutes the Security Program.
- Projects within the Security Program are identified as Short-term, Mid-term, and Long-term. Normally the classification in terms of duration is less than 3 months for Short-term, 3 to 6 months for Mid-term, and over 6 months for Long-term projects.
- Finally, projects identified in step 5, are prioritized in terms of risk and cost.
Security Committee Charter
Governance Organization Chart