On the Job: Checklist for Signing off on Information Security Projects
What's the most important factor in signing off information security projects at a bank? For Jon Pascoe, Director of Information Security at Arvest Bank located in Arkansas, the highest consideration is adequately protecting customer data and information and reaching higher standards in safeguarding confidential information.Other factors to be considered are:
"Banks take these factors very seriously while signing off security projects and ensure that priority is given to customer privacy as well as strategic objectives where in compliance plays a vital role says", Pascoe.
Usually, financial institutions have a multi disciplinary committee or an IT steering committee that provides guidance on planning, evaluating, controlling, selecting and prioritizing information security projects, adds Pascoe. This committee is a representation of members from all areas of expertise including IT, Finance, Security, Compliance, Audit, and Business, which reviews all aspects of the project, based on project need, requirements, cost-benefit analysis and overall probability of project's success.
The committee also approves the project from a security, privacy and governance standpoint and ensures that project processes and controls are aligned with federal regulations. The chairperson of this committee or the chief information security executive (CISO) generally has the final authority and say in signing off projects.