January 15, 2015 Meeting Page

From IDESG Wiki
Jump to: navigation, search

SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft

Meeting Date: January 15, 2015

Attendees

  • Adam Madlin
  • Adam Migus
  • Andrew Hughes
  • Ann Racuya-Robbins
  • Bev Corwin
  • Christopher Spottiswoode
  • Hans Vargas
  • Jerry Kickenson
  • Linda Braun, Global Inventures
  • Ryan Galluzzo
  • Sal D’Agostino
  • Suzanne Lightman


Meeting Notes

  • Notes taken by Linda Braun
  • Approve meeting notes
    • January 8, 2015 notes – Sal asked for a small correction to be made before approving.
  • General updates:
    • Plenary planning for Security Committee breakout
      • Adam asked people to register for the Plenary even though if only attending remotely. Current count is 60+ people attending in person. Thursday mostly about committee requirements and Friday is follow-up session with FMO, next steps. The Code of Conduct is also on the schedule for early afternoon. Plenary Keynote on Wednesday morning - Media Perspectives with Pulitzer Prize winners Hank Kilbanoff and Anita Sharp of special interest.
      • Security Committee breakout has been scheduled for Thursday, January 29 at 4:30pm EST for 90 minutes. Security Committee requirements are on the wiki. FMO has been notified. External feedback process initiated. There is a meeting tomorrow morning for all pilot participants. FMO is leading this feedback session around our requirements. Security Committee breakout at Plenary is to review this feedback and process accordingly. Security Committee Breakout session will be available via conference dial-in and video.
  • Security standards nomination
    • Ryan sent out email earlier in the day requesting time on agenda to discuss a new requirement from the Healthcare Committee to include reference to logging and time-stamping in the draft set of security requirements. A short discussion followed. The Security Committee agreed to include this requirement; Ryan will update the document, post to wiki and will notify the FMO that the document has been updated.
  • Security standards nomination
    • Input received from a number of sources and input into a spreadsheet that the SC started to discuss. Other suggestions will be added over the next few weeks and information expanded regarding each proposed standard. Committee wants to submit standards that are important to the IDESG and not include standards that are not relevant to security. Anyone can nominate a standard to the Standards Committee, but the Security Committee as a whole should nominate. There will probably be more guidance coming from the Plenary on the process.
    • Adam will post spreadsheet to the wiki before next meeting.
    • The Standards Committee looking forward to receiving submissions from committees. ISO270001 has already been submitted. A suggestion was made to call out standards that the Security Committee references the most in our documents; this would help prioritize. Many standards will be obvious and some will need to be talked through. Grouping like standards might be a good way to start. Proposal on table: Look at ISO 270001, ISO 270002, NIST-SP-800-53, and NIST-SP-800-37 as first set of standards to be nominated by the Security Committee. No objections from the Security Committee to nominating these.
    • Adam took action to fill out Standards Nomination Form.
    • Ryan will take the spreadsheet and identify which standards apply to existing requirements and which ones do not.
  • Attributes Assurance Proposal
    • December 10, 2014 update is on the wiki. Adam requested that a brief session on forming an Attributes Assurance Committee be included on the Plenary agenda. Andrew said Friday might be the best time. Adam took the action to follow-up with Andrew to schedule. Should there be a separate committee established and what is the scope.
  • New business/other topics
    • None.

Action Items

  • Linda to update January 8 notes on wiki.
  • Ryan to update requirements document to include request from Healthcare.
  • Adam to post standards spreadsheet to the wiki.
  • Adam to fill out Standards Nomination Form.
  • Ryan to identify which standards apply to the Security Committee and update spreadsheet.
  • Next meeting January 22, 2015




Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content