Please report any problems to the Shared Tools Team at st-help@doit.wisc.edu    Broken Links? Missing Macros? WIKI Retiring Plugins
Child pages
  • CDM Policy Meeting 2016-10-19
Skip to end of metadata
Go to start of metadata

Continuous Diagnostics and Mitigation Policy Stakeholders Team

Oct 19, 2016, 3:00-4:00, Rm 2281 CS

Wiki page: https://wiki.doit.wisc.edu/confluence/display/POLICY/CDM+Policy

UW Box folder.

Agenda

  1. Agenda Review & Notes from previous meeting.

    Additional announcement. Mike Ippolito is leaving the team due to a change in employment. Mike, we will miss you!
      
  2. Report back from Services theme sub-team
    (Jeff Savoy, Daniel Simanek, Susan Weier, Josh Zimmerman)
    See the Private folder under https://uwmadison.box.com/v/IT-Policy-CDM
    Document titled:
    • Continuous Diagnostics and Mitigation Team - Service Theme - 2016-10-13
      
    Action:
    • Please see updates and corrections to the services team's report.
    • Sub-team will continue exchanging email on the side to further refine the draft language.
      • Gary will initiate email discussion, early next week.
      • Deadline for final languge: by 12/07.
    • Pariticipation by additional CDM team members would be welcome!
        
  3. Report Back from Operations theme sub-team
    (Steve Barnet, Susan Weier)
    See the Private folder under https://uwmadison.box.com/v/IT-Policy-CDM
    Documents titled:
    • Continuous Diagnostics and Mitigation Team - Operations Theme - 2016-10-11
    • CDM Process-2016-10-05
      
    Action:
    • Please see updates and corrections to the operations sub-team's report.
    • Sub-team will continue exchanging email on the side to further refine the process and language.
      • Gary will initiate email discussion, early next week.
      • Deadline for final languge: by 12/07.
    • Pariticipation by additional CDM team members would be welcome! (There are only three of us. The operations report could benefit from additional input.)
        
  4. Adjust/Prioritize the remaining themes
    In no particular order:
    • Governance (ongoing, completeness of the mix of services, etc.
    • Staffing/Resorces (distributed, central, important to address both)
    • Relationship with RMF (CDM is an integral part of the RMF, but also operates independently)
    • Policy and procedures

    Action:
    • Drop "Relationship with RMF...". Is covered in "Operations".
    • For the remaining three, prioritize and discuss:
      1. Staffing/Resources, on 11/2.
      2. Governance on 11/16.
      3. Policy and Procedures on 12/07. (Note: there will ongoing brief discussions of policy and procedures during Nov, re: privacy, operations, services, etc. On 12/07 will pull that together in final form.)
    • Co-chairs and facilitator will meet next week to start plan the staffing/resources discussions.
        
  5. CDM Policy Recommendations
    Handout: Email from Steve
      
    Action
    • There needs to be some kind of privacy statement, soon.
      • Cybersecurity Risk Management Policy has been revised to provider greater support for privacy protections.
    • There needs to be increased communications of what is happening, soon.
      • Development of that is already under way.
    • The team identified additional cases that may need to be covered.
      • UPDATE: Gary forwarded these to the CISO immediately after the meeting.
          
  6. Next steps

    Action:
    • Before next meeting:
      • Co-chairs and facilitator will meet.
      • Operations and Services sub-teams will start exchanging emails to further refine the language.
      • Attend Nov 03  UW-MIST meeting, if practical. There will ATP project status, and/or other info on ATP and CDM.
          
    • For next meeting (Nov 02):
      • Discussion of Staffing/Resources theme
      • Status of Services and Operations sub-teams.
          
    • Further out:
      • Attend Dec 01 UW-MIST meetings, if practical. There will ATP project status, and/or other info on ATP and CDM.

Ground Rules

  1. Everyone must be treated respectfully, whether present or not.
  2. Everyone present who wants to speak on a topic must have a chance to speak.
  3. Attend more often than not, and review materials when you can't attend.
  4. Don't be shy, or worry about perception of an idea - we need open borders for these discussions.
  5. Let's park side issues or extensive detail for future work by this team, or others.

Future agenda items

  • Discussion of Staffing/Resources theme. (11/03)
  • Review Staffing/Resources draft language (11/16)
  • Discussion of Governance theme. (11/16)
  • Review Governance draft language (12/07)
  • Discussion of Policy and Procedures theme. (12/07)
  • Final report of Operations sub-team. (12/07)
  • Final report of Services sub-team (12/07)
  • Review the final report (12/21)
  • Plan presentation to UW-MIST (12/21)

Future Meetings

Parked Items

  • ...

Team Members

MemberDeptMemberDeptMemberDept
Steve Barnet (co-chair)ICECUBETomomi ImamuraCybersecurityCurt ShombergL&S MIS
Gary De Clute (facilitator)IT PolicyKalaichelvan JesuthasanHousingJustin VorelHuman Ecology
Dave De CosterCAEJeff Savoy (co-chair)CybersecuritySusan WeierL&S
Siggi EckhardtCybersecurityDan SimanekVCRGEJosh ZimmermanLibraries

Attachments

File Size Creator Created Comment

cdm Policy recommendations.pdf

14657

GARY W DECLUTE

Oct 13, 2016 09:21  

Contact

  • No labels