OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cyber-council message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cyber-council] OASIS Cyber Standards User Council - Monthly Alignment Call Aug 7, 2017 - Meeting Minutes

The council has a perspective that is distinct from the  TCs  as users of the products of TC efforts, hence a unique emphasis on adoption, effectiveness and operationalization challenges of current and prospective users.
So, as was discussed on the call,  the council's feedback to the TC's should include assessments and recommendations of TC efforts/products along  usage/utility focused dimensions. 

I also think  that the council has an additional and strategic interest in the relationships and usages across TC efforts (i.e across threat, vulnerability, C2 communications intelligence, context, risk modeling, mitigation, remediation, attestation, analytics... information ). The council's cross cutting feedback may be beyond the internal scope of any of the TCs in isolation, but should be  considered from a more comprehensive cyber security standards portfolio perspective.

So, I'd like to suggest an ongoing  work stream of the council, that focuses on developing a cybersecurity standards user "big picture" and "portfolio gap analysis" that would focus on how a) the various cyber security standards TC scopes fit together , and b) whether the adequately cover cyber security need/opportunity. The resulting efforts could provide significant insight into how we might better address misalignment, misconfiguration, complexity and operational efficiency across the standards-enlightened security portfolio. :-)

I hope this makes sense, and I would volunteer my efforts in this direction, if the council agrees.


Dennis Moreau
Senior Engineering Architect
Office of the CTSO

On Aug 7, 2017, at 10:15 AM, JE <je@cybersecurityscout.eu> wrote:

Dear all,


Thanks for participating the call today. Please find below the minutes of the call – feel free to comment and enhance. As soon as the wiki is set-up I’ll place this there.


Discussion on topics and way to proceed reg. “content” we identified to streams to follow-on in parallel:

- Learning about landscape, practises and expriences

- Identify topics/goals to focus on


Further we agreed to follow on providing input on interop group (=who can take lead on this?) and MISP (see my email during the call) and follow on the discussion raised during the f2f in NYC  about possible use cases that are currently not covered by existing standards to put those on our todo list as well (=who can take lead on this?).


Administrative topics:
- Set-Up Wiki (via Chet) and send note once this is set-up (Joerg)
- List upcoming events, conferences etc. on the website (Carol, all)
- Recruit co-chair candidates to , as discussed on call would be good to have at least one person from financial industry, possibly one from healthcare and one from critical infrastructures (Carol, all)

Discussion on need for voting/authorization “mechanism”:
- adhere to standard oasis customs reg. voting rights and continuity vs. informal style of participation on base of interest/occasion and voting
- procedure required to "authorize" official communication/output of the council is required. Assumption is to start with general consensus and detail or formalize when needed
- reach out for feedback to the members
=> Pls give us your opinion and thoughts on this topics to follow the rather strict approach (e.g. voting right tied to regular participation and contribution) vs. a more informal approach as some members might only be interested in certain topics but should be able to vote on those .


Best wishes from sunny Cologne,




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]