[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Updated: (MQTT-118) Summary of editorial issues Security SC WD03
[ http://tools.oasis-open.org/issues/browse/MQTT-118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Richard Coppen updated MQTT-118: -------------------------------- Description: Line 136: Section 5 provides an example implementation of how the MQTT Cybersecurity Framework can be used. --> Section 5 provides a worked example of how the MQTT Cybersecurity Framework can be used. Line 140: each function presented here is non-exhaustive and merely provides a starting point --> each function presented here is non-exhaustive and provided as a starting point Line 175: The organization may implement some portions of the Framework on an irregular, case-by-case basis due to varied experience or information gained from outside sources. --> The organization might implement some portions of the Framework on an ad hoc basis due to varied experience or information gained from outside sources. Line 181: In addition, risk-informed, management approved processes and procedures are defined and implemented and staff has adequate resources to perform their Cybersecurity duties. In addition, risk-informed, management approved processes and procedures are defined and implemented. Staff have adequate resources to perform their Cybersecurity duties. Line 189: These updates to the Profile enable the organization to actively adapt to a changing Cybersecurity landscape and emerging/evolving threats. Risk-informed policies, processes, and procedures are part of the organizational culture and evolve from previous activities (and from information shared by other sources) to predict and address potential Cybersecurity events. --> These updates to the Profile enable the organization to adapt to an evolving Cybersecurity landscape and address emerging threats. Risk-informed policies, processes, and procedures are part of the organizational culture and are reviewed regularly - including feedback from lessons learned and information shared from other sources - to predict and address potential Cybersecurity events. Line 204: thus revealing gaps that should be addressed to meet MQTT Cybersecurity risk management objectives. --> thus revealing gaps that could be addressed to meet MQTT Cybersecurity risk management objectives. Line 204: Figure 1 shows the two types of Profiles --> Figure 1 illustrates two such Profiles Line 215: of a roadmap that organizations should implement to reduce MQTT related Cybersecurity risk. --> of a roadmap that organizations could implement to reduce MQTT related Cybersecurity risk. Line 217: consider changing "USA energy provider" to "Large energy provider" to achieve a more general example applicable to a wider audience. Line 218 This section illustrates puts the Framework in practice by applying the different components in a concrete use case. --> This section provides a worked example to show how the Framework can be applied to help manage MQTT Cybersecurity risk. Line 226: To leverage the capacity and augment the capability of an energy provider standards-based, modular communication platform (e.g. a "communications node"), the company is executing a pilot project to define, test, and implement an open-source, broker-agnostic, and distributed field message bus architecture. --> The organization is looking to build a new architecture around an open-source, broker agnostic 'communication node' concept and is running a pilot project to assess feasibility, and integration within its wider message bus. Line 292 (Diagram) Not clear where the target state come from for this example - was it a regulatory requirement or a management decision ? Consider adding narrative earlier in the example, maybe to the introduction. was: Line 136: Section 5 provides an example implementation of how the MQTT Cybersecurity Framework can be used. --> Section 5 provides a worked example of how the MQTT Cybersecurity Framework can be used. Line 140: each function presented here is non-exhaustive and merely provides a starting point --> each function presented here is non-exhaustive and provided as a starting point Line 175: The organization may implement some portions of the Framework on an irregular, case-by-case basis due to varied experience or information gained from outside sources. --> The organization might implement some portions of the Framework on an ad hoc basis due to varied experience or information gained from outside sources. Line 181: In addition, risk-informed, management approved processes and procedures are defined and implemented and staff has adequate resources to perform their Cybersecurity duties. In addition, risk-informed, management approved processes and procedures are defined and implemented. Staff have adequate resources to perform their Cybersecurity duties. Line 189: These updates to the Profile enable the organization to actively adapt to a changing Cybersecurity landscape and emerging/evolving threats. Risk-informed policies, processes, and procedures are part of the organizational culture and evolve from previous activities (and from information shared by other sources) to predict and address potential Cybersecurity events. --> These updates to the Profile enable the organization to adapt to an evolving Cybersecurity landscape and address emerging threats. Risk-informed policies, processes, and procedures are part of the organizational culture and are reviewed regularly - including feedback from lessons learned and information shared from other sources - to predict and address potential Cybersecurity events. Line 204: thus revealing gaps that should be addressed to meet MQTT Cybersecurity risk management objectives. --> thus revealing gaps that could be addressed to meet MQTT Cybersecurity risk management objectives. Line 204: Figure 1 shows the two types of Profiles --> Figure 1 illustrates two such Profiles Line 215: of a roadmap that organizations should implement to reduce MQTT related Cybersecurity risk. --> of a roadmap that organizations could implement to reduce MQTT related Cybersecurity risk. Line 218 This section illustrates puts the Framework in practice by applying the different components in a concrete use case. --> This section provides a worked example to show how the Framework can be applied to help manage MQTT Cybersecurity risk. Line 226: To leverage the capacity and augment the capability of an energy provider standards-based, modular communication platform (e.g. a "communications node"), the company is executing a pilot project to define, test, and implement an open-source, broker-agnostic, and distributed field message bus architecture. --> The organization is looking to build a new architecture around an open-source, broker agnostic 'communication node' concept and is running a pilot project to assess feasibility, and integration within its wider message bus. > Summary of editorial issues Security SC WD03 > -------------------------------------------- > > Key: MQTT-118 > URL: http://tools.oasis-open.org/issues/browse/MQTT-118 > Project: OASIS Message Queuing Telemetry Transport (MQTT) TC > Issue Type: Improvement > Components: SecuritySC_edits > Reporter: Richard Coppen > > Line 136: Section 5 provides an example implementation of how the MQTT Cybersecurity Framework can be used. --> Section 5 provides a worked example of how the MQTT Cybersecurity Framework can be used. > Line 140: each function presented here is non-exhaustive and merely provides a starting point --> each function presented here is non-exhaustive and provided as a starting point > Line 175: The organization may implement some portions of the Framework on an irregular, case-by-case basis due to varied experience or information gained from outside sources. --> The organization might implement some portions of the Framework on an ad hoc basis due to varied experience or information gained from outside sources. > Line 181: In addition, risk-informed, management approved processes and procedures are defined and implemented and staff has adequate resources to perform their Cybersecurity duties. In addition, risk-informed, management approved processes and procedures are defined and implemented. Staff have adequate resources to perform their Cybersecurity duties. > Line 189: These updates to the Profile enable the organization to actively adapt to a changing Cybersecurity landscape and emerging/evolving threats. Risk-informed policies, processes, and procedures are part of the organizational culture and evolve from previous activities (and from information shared by other sources) to predict and address potential Cybersecurity events. --> These updates to the Profile enable the organization to adapt to an evolving Cybersecurity landscape and address emerging threats. Risk-informed policies, processes, and procedures are part of the organizational culture and are reviewed regularly - including feedback from lessons learned and information shared from other sources - to predict and address potential Cybersecurity events. > Line 204: thus revealing gaps that should be addressed to meet MQTT Cybersecurity risk management objectives. --> thus revealing gaps that could be addressed to meet MQTT Cybersecurity risk management objectives. > Line 204: Figure 1 shows the two types of Profiles --> Figure 1 illustrates two such Profiles > Line 215: of a roadmap that organizations should implement to reduce MQTT related Cybersecurity risk. --> of a roadmap that organizations could implement to reduce MQTT related Cybersecurity risk. > Line 217: consider changing "USA energy provider" to "Large energy provider" to achieve a more general example applicable to a wider audience. > Line 218 This section illustrates puts the Framework in practice by applying the different components in a concrete use case. --> This section provides a worked example to show how the Framework can be applied to help manage MQTT Cybersecurity risk. > Line 226: To leverage the capacity and augment the capability of an energy provider standards-based, modular communication platform (e.g. a "communications node"), the company is executing a pilot project to define, test, and implement an open-source, broker-agnostic, and distributed field message bus architecture. --> The organization is looking to build a new architecture around an open-source, broker agnostic 'communication node' concept and is running a pilot project to assess feasibility, and integration within its wider message bus. > Line 292 (Diagram) Not clear where the target state come from for this example - was it a regulatory requirement or a management decision ? Consider adding narrative earlier in the example, maybe to the introduction. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]