Security Working Group
A Security Working Group (SWG) meets to oversee security practices and decision-making.
A SWG reports to other working groups within the capability, such as the Capability Integration Working Group (CIWG).
Delivery teams are responsible for making sure security considerations are part of a capability’s governance structures.
For complex capabilities, the creation of a SWG is recommended.
Other capabilities may be able to achieve the outcomes through existing governance mechanisms but must be able to show that security is part of the agenda.
SWG’s make sure continual assurance is achieved by receiving regular reports from capabilities.
These reports, shared through governance boards, working groups, and at major milestones, provide confidence that teams are effectively managing the security of their capabilities.
A SWG reports to other working groups within the capability, such as the Capability Integration Working Group (CIWG).
Delivery teams are responsible for making sure security considerations are part of a capability’s governance structures.
For complex capabilities, the creation of a SWG is recommended.
Other capabilities may be able to achieve the outcomes through existing governance mechanisms but must be able to show that security is part of the agenda.
SWG’s make sure continual assurance is achieved by receiving regular reports from capabilities.
These reports, shared through governance boards, working groups, and at major milestones, provide confidence that teams are effectively managing the security of their capabilities.
Benefits
The benefits of a SWG include:
- establishes a central point for coordinating all security activities relating to the capability
- makes sure security is an agenda topic
- formal governance structure allows for escalation where necessary
- by working closely with other teams, security is built into every aspect of the capability
- keeps everyone (including relevant stakeholders) informed through regular reports
Outcomes
The outcomes of your SWG are:
- SWG terms of references and minutes
- evidence that security is being effectively managed, for example, risk remediation plans
- accountability and strategic alignment of security efforts
Responsibility
Who is responsible:
- delivery team lead
- project management office (PMO)
- delivery team security lead
When to carry out a security working group
You should conduct SWG:
- at pre-concept or concept stages
- through life