[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cyber-council] OASIS Cyber Standards User Council - Monthly Alignment Call Aug 7, 2017 - Meeting Minutes
Hello Dennis, Sounds reasonable for me but we should discuss the effort & scope of the big picture … as I’m part of the EU CENELEC working group that updates a Cyber/IT Security standards landscape on the governance level (not even on technical level) each year I have a good idea what effort is demanded to do this with the needed level of depth and quality 😉 My suggestion would be clearly scope this to enable us being successful. Let’s see what our council fellows say and who will be volunteering as well. KR, Joerg From: Dennis Moreau [mailto:dmoreau@vmware.com] The council has a perspective that is distinct from the TCs as users of the products of TC efforts, hence a unique emphasis on adoption, effectiveness and operationalization challenges of current and prospective users. So, as was discussed on the call, the council's feedback to the TC's should include assessments and recommendations of TC efforts/products along usage/utility focused dimensions. I also think that the council has an additional and strategic interest in the relationships and usages across TC efforts (i.e across threat, vulnerability, C2 communications intelligence, context, risk modeling, mitigation, remediation, attestation, analytics... information ). The council's cross cutting feedback may be beyond the internal scope of any of the TCs in isolation, but should be considered from a more comprehensive cyber security standards portfolio perspective. So, I'd like to suggest an ongoing work stream of the council, that focuses on developing a cybersecurity standards user "big picture" and "portfolio gap analysis" that would focus on how a) the various cyber security standards TC scopes fit together , and b) whether the adequately cover cyber security need/opportunity. The resulting efforts could provide significant insight into how we might better address misalignment, misconfiguration, complexity and operational efficiency across the standards-enlightened security portfolio. :-) I hope this makes sense, and I would volunteer my efforts in this direction, if the council agrees. Thanks, Dennis
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]