OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] CTI-Outreach Sub-Committee Nominations/Discussion


All,
I agree with need this SC and am happy to help. I have been doing a lot this as part of my role as  DTCC's CISO in addition to my Soltra role.  I have been presenting/meeting in the US, Europe and Asia. I spend a lot of time with legislators, policy makers, and global financial regulators on information sharing and why automation is a key part of capablity needs.  By the same token most of the challenges in the global context are not purely technical but national and regualtory impediments.  Not to say the technical things we are doing in CTI commitee in Oasis isn't also critical as it certianly is, but that if we only address the technical side of this problem we won't achieve the risk mitigation benefits we all desire.

So at some level what do we think "engagement" means vs. "outreach"?  

-Mark


Mark Clancy
Chief Executive Officer
SOLTRA | An FS-ISAC and DTCC Company
+1.813.470.2400 office | +1.610.659.6671 US mobile |​  +44 7823 626 535  UK mobile
mclancy@soltra.com | soltra.com

One organization's incident becomes everyone's defense.

​

________________________________________
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Peter F Brown <peter@peterfbrown.com>
Sent: Tuesday, June 23, 2015 6:37 PM
To: tony@yaanatech.com; Rich Struse
Cc: cti@lists.oasis-open.org
Subject: RE: [cti] CTI-Outreach Sub-Committee Nominations/Discussion

+1
Also agree with comment in an earlier thread that this SC ought to have engagement as a core focus rather than outreach - and that ought to be reflected in the name of any proposed SC.
Regards,
Peter


-----Original Message-----
From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Tony Rutkowski
Sent: 22 June, 2015 13:08
To: Rich Struse
Cc: cti@lists.oasis-open.org
Subject: Re: [cti] CTI-Outreach Sub-Committee Nominations/Discussion

Hi Rich,

There is a great symmetry occurring here on a global scale.

The first day of the annual cybersecurity workshop was held this afternoon here in Sophia Antipolis in France's approximation of Silicon Valley in the hills of Valbonne, France.  There are people here from around the world, but this afternoon was somewhat Euro centric with key officials describing what was essential to regional and national cybersecurity.  Perhaps not by coincidence, cyber threat intelligence sharing was at the top of their lists - along with security assurance.

The four people who were engaged at this session were:

o Florent Frederix who heads the key Network Information Security
(NIS) initiative of the the European Commission and has some responsibilities at the Directorate level similar to Rich Struse's as the execution arm of the EU cybersecurity strategy - the analog of the White House's framework initiatives.

o Chris Ensor who heads up cybersecurity work in the UK's CESG organization - also similar to Rich's responsibilities.

o Marc Henauer of Switzerland's MELANI organization that is similar the principal Swiss threat intelligence sharing body.

o Edri an Belmonte, who plays the lead role in this area in ENISA

All of the presentations except Cris Ensor's are available at:
http://docbox.etsi.org/Workshop/2015/201506_SECURITYWEEK/SECURITYWS/S01_SETTINGTHESCENE/

In the discussion session following the presentations, speaking at the ETSI TC CYBER threat intelligence sharing rapporteur, I had the opportunity to explain the creation of the new TC CTI committee and how the platforms being pursued in CTI were proven best-of-breed models and structured information sharing specifications that provided an ideal match to each of their objectives.

It was quite amazing how each of the parties - even in Europe - was rather independently pursuing similar objectives.

We also discussed how the work of TC CYBER was to survey the global cybersecurity ecosystem and make use of the most successful existing standards and not pursue duplicative work.  Everyone seemed in agreement, and going forward, there seems like an excellent basis for convergence with the CTI work now getting underway.

There will be further discussion at the workshop over the next two days as well as definitive actions at the TC CYBER meeting on Thursday and Friday.  It was a good beginning that was continued usefully over local provence wine and hors d'oeuves this evening (and setting a useful precedent for future TC CTI physical gatherings).

--tony




---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]