Continuous Diagnostics and Mitigation Policy Stakeholders Team
May 31, 2016, 3:00-4:00, Rm 2281 CS
Wiki page: https://wiki.doit.wisc.edu/confluence/display/POLICY/CDM+Policy
Google Apps folder
- Agenda Review
- Review the revised team charter
Handout: Revised Charter
- Revised charter is OK.
- We can proposed revisions in the future if we need to.
- Process overview: Review Bob's UW-MIST May 5th presentation, and the CDM Cycle diagram (adapted from NIST SP 800-137)
Presentation (Jeff Savoy)
Handout: Presentation slides from CISO, and NIST diagram from CISO
- It was noted that both NIST (ISCM) and Department of Homeland Security (CDM) mainly provide a high level description.
- SANS provides more detailed guidance on critical security controls that need to be monitored.
- Review UW-MIST discussion results
Handout: Discussion results (clustered) (Wiki login required)
- Considerable discussion that lead to a number of possible recommendations the team could make. See the preliminary draft of the the recommendations, on UW Box.
- We raised the possibility of producing interrim recommendations by end of July, in order to provide early input into the work on ATP implementation.
- Next steps
QUESTION: Do we have enough data from the UW-MIST discussion results, or do we need to do further brainstorming?
- For next meeting:
- It does not appear that we need to do additional brainstorming. We can start refining and adding to the recommendations we've already identified.
- Gary will check with Jeff and Steve (co-chairs) to create the agenda for the next meeting.
- Before next meeting:
- TBD. Will communicate via the list, as needed.
- Everyone must be treated respectfully, whether present or not.
- Everyone present who wants to speak on a topic must have a chance to speak.
- Attend more often than not, and review materials when you can't attend.
- Don't be shy, or worry about perception of an idea - we need open borders for these discussions.
- Let's park side issues or extensive detail for future work by this team, or others.
Future agenda items
- Identify major themes, prioritize
- Start up between-meeting research on theme(s)
- Work through a major theme (theme TBD)
- Review draft recommendation language for the theme discussed at the previous meeting, start working through next major theme
- continue for as many themes as there are (we have time for 4, maybe 5 major themes)
- Review draft recommendataion language for final theme.
- Review draft executive summary
- Review the rest of the report.
- Plan presentation to UW-MIST
|Steve Barnet (co-chair)||ICECUBE||Tomomi Imamura||Cybersecurity||Curt Shomberg||L&S MIS|
|Gary De Clute (facilitator)||IT Policy||Kalaichelvan Jesuthasan||Housing||Justin Vorel||Human Ecology|
|Dave De Coster||CAE||Jeff Savoy (co-chair)||Cybersecurity||Susan Weier||L&S|
|Siggi Eckhardt||Cybersecurity||Dan Simanek||VCRGE||Josh Zimmerman||Libraries|