Data Security

Data Security Working Group Meeting - 2/29/24

Summary

• In the meeting, the upcoming Cloud Threats and Vulnerability Summit and the recently concluded Financial Services Summit were mentioned. The publication of the 'six pillars of DevSecOps' was discussed, with the last pillar focusing on collaboration and integration. The main focus of the meeting was to discuss and evaluate a report, deciding which questions to keep and reduce. A working session for survey completion was suggested, with a proposed time of Friday at 8 AM or after Pacific time. Concerns were raised about some survey questions requiring in-depth conversations. A final session involving other team members was suggested to make decisions on the report. Data security regulations like DORA, data resiliency regulations, and data privacy regulations such as GDPR, CCPA, and state privacy regulations were discussed. Changes to the survey were agreed upon, and concerns were raised about reducing clicks and improving the user experience. The participants decided to add a 'don't know' option for question number 6. Concerns were expressed about the number of options for question number 9, and question numbers 13 and 14 were prefixed for better context. Alex suggested wrangling people up to join an official group and recommended Gopi and Oliver for reviewing MITRE ATT&CK frameworks. Tasks and projects for the group were mentioned. Gopi mentioned being selected as a speaker at the RSA conference and expressed interest in speaking at cloud security alliance summits. Gopi requested to be informed about any speaking slots related to data security for CSA.

Questions for 2024 Survey on Resiliency

• https://docs.google.com/document/d/12wrjA5EeEOVF1DP_McNEgRvWJdD6Yb_d/

Topics & Highlights

• Upcoming Events
  • The speaker mentions the upcoming Cloud Threats and Vulnerability Summit, which is scheduled for March 26th and 27th. They also mention the recently concluded Financial Services Summit.
  • The speaker discusses the publication of the 'six pillars of DevSecOps' and mentions that the last pillar is about collaboration and integration. They also mention the integration of DevSecOps with ZeroTrust, AIOps, and EmeraldOps.
  • The speaker mentions that the main focus of the meeting is to discuss a report and evaluate it. They mention the need to decide which questions are worth keeping and which need further reduction.
• Survey Completion Placeholder
  • The speaker suggests having a working session for survey completion and proposes sending the survey on a Friday at 8 AM or after Pacific time.
  • The speaker expresses concern about some of the survey questions that may require in-depth conversations or have a lot of answers.
  • The speaker suggests having a final session to make decisions on the report and involve other team members, such as Troy and John.
• Data Resiliency Regulations
  • The discussion includes mentioning data security regulations like DORA, data resiliency regulations, and the importance of data privacy regulations such as GDPR, CCPA, and state privacy regulations.
  • The participants agreed to merge related questions about data resiliency regulations and make changes to the survey.
  • A concern was raised about reducing the number of clicks required to complete the survey and improving the user experience.

• Formation of Data Privacy Engineering group
  
  • Alex asks if Josh Buker has reached out to Gopi and Oliver regarding a collaboration on a new data privacy-related initiative
  • Alex mentions an email from Josh Buker on Data Security and Data Privacy Engineering Group and asks Gopi and Oliver to respond if interested.
• Speaking Opportunity at RSA Conference
  • Gopi mentions being selected as a speaker at RSA conference.

------------------------------
Alex Kaluza
Research Analyst
Cloud Security Alliance
------------------------------