2023 IT Examiner School

Steering Committee Responsibilities • Steering Committees (IT/Cyber) is ultimately expected to: • Oversight of the Information Security Program. • Act as Liaison between Management, Information Technology, and Information Security. • Assess and incorporate the results of the risk activity into the decision-making process. • Ensure all stakeholders interest are addressed. • Oversees compliance activities.

Chief Information Security Officers

 Designated by Board or senior management.  Responsible for C-I-A  Conducts Risk Assessments

 Should be risk managers and not an IT resource.  Should report directly to the Board or Senior Management.  Reporting structure designed to prevent conflicts of interest.

 Program Management  Incident Management  Security Operations