Quick recap
John initiated the meeting and introduced Vrettos, a Greek cybersecurity expert. The team discussed various collaboration opportunities, especially in operational resilience and IoT. Eric shared updates on the work of the SC 38 committee, delaying the focus on operational resilience. John proposed a new initiative on business continuity and operational resilience, which both Eric and the team supported. The team also discussed upcoming meetings, progress on documents, and the formation of a Cloud Computing Security Working Group. John updated the CSA working group members and stressed the importance of active participation. The meeting concluded with a discussion on reassessing collaboration with various working groups and integrating AI into the CSA working groups.
Summary

John initiated the meeting and waited for everyone to join, including Eric and a new participant, Vrettos. Vrettos,  introduced himself as a cybersecurity expert working for a Greek governmental institute and a member of several working groups. The team then wished each other a happy New Year and John expressed optimism for an exciting year ahead.

Operational Resilience and Cloud Computing Updates
John announced that the team is working on several collaboration opportunities, particularly in the areas of operational resilience and IoT. Eric then took over the discussion, sharing updates on a preliminary work item by the SC 38 committee, which is focusing on business continuity and resilience in cloud computing. Eric revealed that SC 38 decided to defer the broader topic of operational resilience until a later date. However, they assured that it's likely to be picked up by the IT side. Eric also mentioned that he chairs the IT Policy Cyber Security and Privacy Committee, which initiated a project to develop a framework for operational resilience. The project has been approved by the Standards Committee and is now waiting for Niscom's approval. Eric also indicated that a new working group, the Cloud Computing Security Working Group, will be formed on the IT side.

Initiating Business Continuity Initiative
John voiced their interest in spearheading a new initiative focused on business continuity and operational resilience, areas they believe are often overlooked by companies. Eric supported John's initiative and anticipates it could lead to other projects, highlighting the need for resilience. They also discussed upcoming meetings and the progress on various documents, including the privacy document 27018 and the consumer IoT labeling framework 27404. Eric mentioned that work groups would be meeting in different parts of England and that liaison reports would be needed. John suggested attending the AI summit and discussed the need to fill certain slots on steering committees.

CSA Working Group and Data Governance Updates
John updated the list of CSA working group members, stressing the importance of active participation. Claude reported the approval of the data governance domain taxonomies and shared their involvement in several other projects. The upcoming X9.125 committee meeting was discussed, with a focus on encryption and financial information management in the cloud. David raised a question about the status of a paper on domain taxonomies for data governance, which Claude promised to follow up on.

GDPR and 27701 Standard Discussion
John discussed the General Data Protection Regulation (GDPR) and its uptake among organizations. They highlighted that while the GDPR is a mandate in the EU, few organizations have sought certification under it due to potential legal and political issues. John also mentioned a shift towards adopting the 27701 standard as an alternative route to GDPR certification. They suggested that the CSA should map to the 27701 standard and recommended its adoption as it could provide a safer route for organizations. Additionally, John mentioned the Charter Review and promised to provide an editable version of it for the team.

Reassessing Collaboration With Working Groups
John and Eric discussed the need to reassess their collaboration with various working groups, such as the German Federal Office, and others. John suggested the need to decide on the depth of involvement with these groups for ongoing research and work. Eric clarified that John was seeking more formal liaisons rather than informal tracking. The discussion concluded without a clear decision on the future course of action. John and Eric discussed the idea of forming liaisons with certain groups they already have close relationships with, such as NIST,, IEEE and AICPA, and emphasized the importance of monitoring activities for other groups they do not have direct relationships with.

AI Integration and Collaboration in CSA Working Groups
John discussed the need to integrate AI into the CSA working groups and the importance of continuing to work on this aspect. They also emphasized the need for collaboration with research in the research lifecycle, suggesting the possibility of requiring review by ISC for certain papers before publishing to ensure the most up-to-date standards are being referenced and aligned with. They mentioned that the revised and approved structure should be completed in February. John also shared that he has taken on a new role as Director of Operations, Excellence and assured the team that they will continue to be involved with Isc. Lastly, they proposed the idea of adding another co-chair to assist Eric.
Next steps
• John will update the list of CSA working groups and make it available to everyone.
• Claude will talk to Lana and Katie about posting the latest paper on the Omg Cloud Working Group deliverables webpage.
• John will provide the editable version of the Charter for the group to review and suggest revisions.(Attached). You will have to ask for access so that we can maintain security and traceability. https://docs.google.com/document/d/1AQcOPP6Xg3IX734vkVE4AOmtVqr5riFV/edit

------------------------------
JOHN DIMARIA
ME
CSA
[email protected]
------------------------------

Updated Working Groups and SDO Steering Committee is now available. Please let me know if you are interested in being an liaison. You will have to request access.

https://docs.google.com/spreadsheets/d/1pFi2iMI92Imz53b-JfRw30wL483P1Dpk/edit#gid=328880528

------------------------------
JOHN DIMARIA
ME
CSA
[email protected]
------------------------------

Original Message:
Sent: Jan 18, 2024 12:27:17 PM
From: JOHN DIMARIA
Subject: Meeting Summary for International Standards Council Monthly Meeting Held January 18, 2023

Meeting Summary for International Standards Council Monthly Meeting

Jan 18, 2024 08:55:56 Central Time (US and Canada) ID: 871 7560 3515

Attendees: John DiMaria, Vrettos Moulos, Claude Baudoin (cébé) #493, David Harris, Claude Baudoin (OMG), Eric Hibbard (Co-Chair)

Quick recap
John initiated the meeting and introduced Vrettos, a Greek cybersecurity expert. The team discussed various collaboration opportunities, especially in operational resilience and IoT. Eric shared updates on the work of the SC 38 committee, delaying the focus on operational resilience. John proposed a new initiative on business continuity and operational resilience, which both Eric and the team supported. The team also discussed upcoming meetings, progress on documents, and the formation of a Cloud Computing Security Working Group. John updated the CSA working group members and stressed the importance of active participation. The meeting concluded with a discussion on reassessing collaboration with various working groups and integrating AI into the CSA working groups.
Summary

John initiated the meeting and waited for everyone to join, including Eric and a new participant, Vrettos. Vrettos,  introduced himself as a cybersecurity expert working for a Greek governmental institute and a member of several working groups. The team then wished each other a happy New Year and John expressed optimism for an exciting year ahead.

Operational Resilience and Cloud Computing Updates
John announced that the team is working on several collaboration opportunities, particularly in the areas of operational resilience and IoT. Eric then took over the discussion, sharing updates on a preliminary work item by the SC 38 committee, which is focusing on business continuity and resilience in cloud computing. Eric revealed that SC 38 decided to defer the broader topic of operational resilience until a later date. However, they assured that it's likely to be picked up by the IT side. Eric also mentioned that he chairs the IT Policy Cyber Security and Privacy Committee, which initiated a project to develop a framework for operational resilience. The project has been approved by the Standards Committee and is now waiting for Niscom's approval. Eric also indicated that a new working group, the Cloud Computing Security Working Group, will be formed on the IT side.

Initiating Business Continuity Initiative
John voiced their interest in spearheading a new initiative focused on business continuity and operational resilience, areas they believe are often overlooked by companies. Eric supported John's initiative and anticipates it could lead to other projects, highlighting the need for resilience. They also discussed upcoming meetings and the progress on various documents, including the privacy document 27018 and the consumer IoT labeling framework 27404. Eric mentioned that work groups would be meeting in different parts of England and that liaison reports would be needed. John suggested attending the AI summit and discussed the need to fill certain slots on steering committees.

CSA Working Group and Data Governance Updates
John updated the list of CSA working group members, stressing the importance of active participation. Claude reported the approval of the data governance domain taxonomies and shared their involvement in several other projects. The upcoming X9.125 committee meeting was discussed, with a focus on encryption and financial information management in the cloud. David raised a question about the status of a paper on domain taxonomies for data governance, which Claude promised to follow up on.

GDPR and 27701 Standard Discussion
John discussed the General Data Protection Regulation (GDPR) and its uptake among organizations. They highlighted that while the GDPR is a mandate in the EU, few organizations have sought certification under it due to potential legal and political issues. John also mentioned a shift towards adopting the 27701 standard as an alternative route to GDPR certification. They suggested that the CSA should map to the 27701 standard and recommended its adoption as it could provide a safer route for organizations. Additionally, John mentioned the Charter Review and promised to provide an editable version of it for the team.

Reassessing Collaboration With Working Groups
John and Eric discussed the need to reassess their collaboration with various working groups, such as the German Federal Office, and others. John suggested the need to decide on the depth of involvement with these groups for ongoing research and work. Eric clarified that John was seeking more formal liaisons rather than informal tracking. The discussion concluded without a clear decision on the future course of action. John and Eric discussed the idea of forming liaisons with certain groups they already have close relationships with, such as NIST,, IEEE and AICPA, and emphasized the importance of monitoring activities for other groups they do not have direct relationships with.

AI Integration and Collaboration in CSA Working Groups
John discussed the need to integrate AI into the CSA working groups and the importance of continuing to work on this aspect. They also emphasized the need for collaboration with research in the research lifecycle, suggesting the possibility of requiring review by ISC for certain papers before publishing to ensure the most up-to-date standards are being referenced and aligned with. They mentioned that the revised and approved structure should be completed in February. John also shared that he has taken on a new role as Director of Operations, Excellence and assured the team that they will continue to be involved with Isc. Lastly, they proposed the idea of adding another co-chair to assist Eric.
Next steps
• John will update the list of CSA working groups and make it available to everyone.
• Claude will talk to Lana and Katie about posting the latest paper on the Omg Cloud Working Group deliverables webpage.
• John will provide the editable version of the Charter for the group to review and suggest revisions.(Attached). You will have to ask for access so that we can maintain security and traceability. https://docs.google.com/document/d/1AQcOPP6Xg3IX734vkVE4AOmtVqr5riFV/edit

------------------------------
JOHN DIMARIA
ME
CSA
[email protected]
------------------------------