topic Re: Governance committee in decision task in CISSP Study Group

Governance committee in decision task

OliLue — Mon, 09 Oct 2023 10:44:07 GMT

Hi all,

i have a problem to understand the tasks of an governance committee. For my understanding the take care of handling procedure of decision making, validation of policy, but not in execute decisions.

Now I have the question of a merge of to companies with different security frameworks and how to handle this.

The correct answer is:

Use of a governance committee.

For my understanding governance make decisions. For me this should be done finally be senior management, after expert analysis. Something in this way.

How is your view?

Best regards

OliLue

Re: Governance committee in decision task

dcontesti — Mon, 18 Sep 2023 13:53:25 GMT

@OliLue

Please post entire question.

Re: Governance committee in decision task

Early_Adopter — Mon, 18 Sep 2023 15:21:08 GMT

Governance should flow down from the board and for security and data protection computers need good actually proposals with data to decide sign off on. After the experts/enthusiasts/best fit/stakeholder folk have created this the committee considers it and the output for that goes into your recorded designs for accountability. It’s important everyone has an opinion, but that no opinion is given too much weight.

Re: Governance committee in decision task

JayH — Mon, 23 Oct 2023 18:51:25 GMT

Governance groups contain members of senior management - which is a more fulsome answer.

Answers always take into account the "best" answer. Whereas yours is correct, the best answer is the Governance group.

When a governance group is spun up. TOR's (Terms of Reference) are created outlining their purpose and their scope of work/decisions.

The program sponsor and other key leaders would agree on the TOR.