The secretary of the Information Security Advisory Board (ISAB) gives the department an independent idea and suggestions on all the factors of information security standards, requirements, guidelines and practices. The Information Security Advisory Board plans yo make sure of the effective overview of the information and technology risk management and compliance practices. The ISAB committee of members is formed generally in order to achieve such goals. The ISAB committee advice and reviews on the invention and modification of the organizations information risk and securities policies. It also ensures the invention of the information security standards, requirements, guidelines and practices that are led by the Enterprise Security team. It also permits risk acceptances that are related to third party or vendor information technology and systems used enterprise wide or cross unit wise. The ISAB is generally comprised by few members who are appointed by the Chief Information Security Officer.
The ISAB members are responsible for participating in quarterly meetings or providing qualified designers when there is a vacancy in that posts, which are extremely important and hence cannot be made vacant. The members must ensure enterprise wide representation and identify representatives to sub working teams as per the focus of the working team. They must take participation in ISAB voting procedures. They must ensure the ISAB decisions and are communicated with their teams and are required to complete all the task assigned by ISAB.
As per the guidance of the Enterprise Security Team, ISAB creates working teams of subject matter experts in order to execute the development and modification of guidelines, standards, practices and requirements. These teams are supposed to meet on a monthly basis as long as they are in action and then report to the ISAB. A permanently working group is also created to access and evaluate risk acceptance activities. The Designee or CIO are supposed to give an Annual report to the Risk and Compliance Committee. The report must summarize a report on significant Information Security Activities and ISAB activities that are running currently in the present period of time.