July 24, 2014 Meeting Page

From IDESG Wiki
Jump to: navigation, search

SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES

Meeting Date: July 24, 2014

Attendees

  • Adam Migus
  • Ann Racuya-Robbins
  • Cathy Tilton
  • Christopher Spottiswoode
  • Jerry Kickenson
  • Mike Garcia
  • Paul Grassi
  • Robert Faron
  • Ryan Galluzzo
  • Sal D’Agostino
  • Sean Brooks
  • Steve Orrin


Meeting Notes

  • Notes taken by Adam Migus
  1. Roll call; Quorum determination
  2. IPR policy reminder - https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
  3. Administrative
    • Sal chaired the meeting as previously agreed upon because Adam Madlin is away
    • Motion to approve 7/10 draft minutes by Adam Migus; seconded by Steve
    • Robert pointed out the misspelling of his last name in 7/17 draft minutes.
    • Motion to approve 7/17 draft minutes by Robert after correcting the spelling of his name; seconded by Ann
  4. Attributes Adhoc Group
    • Jerry drafted and sent out File:IDESG Attribute Assurance Proposal.docx with a comments matrix sheet
    • Meeting was held yesterday but only 3 people attended
    • There were some comments; Jerry will update the proposal and send it out
    • Jerry and Sal agreed that it should be shared with the chairs
    • Jerry proposed a comments deadline of August 18th
  5. Interaction Model
    • Ryan recapped the idea of separating out the interaction model from the functional model
    • The requirements meeting had minimal attendance so discussion was deferred to the meeting on Monday
    • We will be discussing the requirements and looking for other sources of requirements as input
      • Sal reiterated that we are trying to leverage existing controls such as the previously mentioned [Cloud Security Alliance] [Cloud Controls Matrix] which has a mapping of controls across function. We are looking to emulate that approach in that we map controls to our own functional elements.
  6. Functional Model
    • Sal confirmed that we have already agreed to separate out the Interaction Model
    • Steve suggested add "requirements" to "policy/rule" under the GRC section
    • Ann suggested we add words to indicate that GRC is external to the entity
    • Debated the name of the "Business Operations" box
      • The consensus was to call it "Administration and Operations"; Steve motioned and Adam Migus seconded
  7. New business - none


Actions

  • Mike to send out an updated version of the document before the next meeting.




Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content