OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pbd-se message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pbd-se] Re: Holding meeting today - Privacy Maturity Models (PMM)

Hi Dr. Lang, 

I am Chet Ensign & I am in charge of overseeing the technical committee standards develop work at OASIS. 

All TC resources including document drafts and email lists are publicly visible. Anyone can follow them. As Frank has explained, in order to participate in the work of the TC, including sending email to the main TC list, you must be a member of OASIS and a member of the TC. 

If for whatever reason that is not feasible for you - and we certainly understand the careful choices smaller organizations have to make regarding use of resources - you can submit input to the Technical Committee from outside of OASIS by subscribing to and using the TC's comment list. For the PbD-SE TC, that list is pbd-se-comment-subscribe@lists.oasis-open.org . While it is not intended for ongoing discussion, you can send suggestions, observations, feedback, etc. to that list while staying within the OASIS IPR agreements. 

To submit  a comment: 

- Subscribe to the comment list by sending a blank email message to: pbd-se-comment-subscribe@lists.oasis-open.org

- Confirm your subscription request by replying to the confirmation email message you will receive from OASIS.

- Watch your inbox for a Welcome message indicating that your subscription is now active.

- Send your comment to: pbd-se-comment@lists.oasis-open.org

Best regards, 


On Wed, Feb 11, 2015 at 2:50 PM, Dawson Frank (Nokia-TECH/Irving) <frank.dawson@nokia.com> wrote:
Hei Ulrich.

The email list is public, as far as I understand. Decisions are also made by members with voting rights, through continued participation in meetings.

One one-hand, someone has to pay to keep these consoritia/standards groups going. There can also be procedural matters such as IP related to contributions, governance and all that.

Talk to our Oasis secretary, Gershon, as he knows current OASIS policy on Technical Committee participation.

For the rest of the list, my organization has reorganized. I am now within the legal & compliance group of Nokia Technologies. Still serving as privacy officer but my resources for regular participation on the PbD-SE TC has been reduced. I hope to monitor the list and contribute when there is something of value that I can offer, but it might be hard to attend our meetings on a regular basis. FYI.

From: ext Dr. Ulrich Lang [mailto:ulrich.lang@objectsecurity.com]
Sent: Wednesday, February 11, 2015 13:23
To: Dawson Frank (Nokia-TECH/Irving); 'Mike Davis'; 'Dawn Jutla'; jonathan_fox@mcafee.com; join@oasis-open.org
Cc: Fred.Carter@ipc.on.ca; ann.cavoukian@ryerson.ca; gershon@qroot.com
Subject: RE: [pbd-se] Re: Holding meeting today - Privacy Maturity Models (PMM)

Hello Frank, all,

Thanks, so it is necessary to become an OASIS member in order to join the list? I don’t think we can justify the corporate membership cost ($3520) just for joining the mailing list. And we can’t really get too involved in OASIS otherwise because as a small business we don’t have any dispensable team members that would have the spare time to interact with OASIS to the extent that would maybe justify the membership cost.

I understand from past experience that OASIS may feel there are intellectual property issues with non-members being part of the conversation. If that is the case, I would be happy to sign an NDA if that helps. If paid membership is necessary, then I guess we will have to observe from the outside.

Any thoughts on this?


From: Dawson Frank (Nokia-TECH/Irving) [mailto:frank.dawson@nokia.com]
Sent: Wednesday, February 11, 2015 11:06 AM
To: ulrich.lang@objectsecurity.com<mailto:ulrich.lang@objectsecurity.com>; 'Mike Davis'; 'Dawn Jutla'; jonathan_fox@mcafee.com<mailto:jonathan_fox@mcafee.com>; join@oasis-open.org<mailto:join@oasis-open.org>
Cc: Fred.Carter@ipc.on.ca<mailto:Fred.Carter@ipc.on.ca>; ann.cavoukian@ryerson.ca<mailto:ann.cavoukian@ryerson.ca>; gershon@qroot.com<mailto:gershon@qroot.com>
Subject: RE: [pbd-se] Re: Holding meeting today - Privacy Maturity Models (PMM)

Here is website to participation.


From: ext Dr. Ulrich Lang [mailto:ulrich.lang@objectsecurity.com]
Sent: Wednesday, February 11, 2015 13:01
To: 'Mike Davis'; 'Dawn Jutla'; jonathan_fox@mcafee.com<mailto:jonathan_fox@mcafee.com>; join@oasis-open.org<mailto:join@oasis-open.org>
Cc: Fred.Carter@ipc.on.ca<mailto:Fred.Carter@ipc.on.ca>; ann.cavoukian@ryerson.ca<mailto:ann.cavoukian@ryerson.ca>; gershon@qroot.com<mailto:gershon@qroot.com>; Dawson Frank (Nokia-TECH/Irving)
Subject: RE: [pbd-se] Re: Holding meeting today - Privacy Maturity Models (PMM)

Hello all,

Could you please sign me up (with email address ulrich-lp@objectsecurity.com<mailto:ulrich-lp@objectsecurity.com>) to this list? I am working with Mike Davis on our privacy C4P/OPF implementation architecture (which includes model-driven security) and also on a privacy ontology/DSL as part of a European EU FP7 project (“VACLRI”). I’d be interested in collaborating via this list.

Thank you!


PS if you would like to know what we are doing, feel free to watch the 2 minute cartoon on our website – thanks!

Ulrich Lang, PhD

ObjectSecurity LLC,
1855 First Avenue, Suite 103, San Diego, CA 92101
101 The Embarcadero, Suite 200, San Francisco, CA 94105
Tel. +1-650-515-3391, Fax +1-360-933-9591

ObjectSecurity Ltd.  St. John's Innovation Centre, Cowley Road,
Cambridge CB4 0WS, UK , Tel: +44-1223-420 252, Fax: +44-1223-420 844

ulrich.lang@objectsecurity.com<mailto:ulrich.lang@objectsecurity.com>, www.objectsecurity.com<http://www.objectsecurity.com/>

From: Mike Davis [mailto:mike.davis.sd@gmail.com]
Sent: Wednesday, February 11, 2015 5:53 AM
To: 'Dawn Jutla'; jonathan_fox@mcafee.com<mailto:jonathan_fox@mcafee.com>
Cc: Fred.Carter@ipc.on.ca<mailto:Fred.Carter@ipc.on.ca>; ann.cavoukian@ryerson.ca<mailto:ann.cavoukian@ryerson.ca>; gershon@qroot.com<mailto:gershon@qroot.com>; frank.dawson@nokia.com<mailto:frank.dawson@nokia.com>
Subject: RE: [pbd-se] Re: Holding meeting today - Privacy Maturity Models (PMM)

Great topic!  Thanks.
I can’t make it today…  very interested in this topic.,, helping where I can

I like the AICPA/CICA Privacy Maturity Model (2011 version, web link below), as it is based on both CMM overall & GAPP (10 principles and 73 criteria used) – there framework has each criteria with 5 levels defined  out..
Seems using that as a baseline for discussion on a PMM is a good endeavor..

Roger Frank’s suggestions on considering “ISO 29190/Privacy Capability Assessment” too…
There may be  some utility in also seeing how these map to the NIST privacy items in 800-53a, rev 4…(26 or so)   and the NIST cyber security framework IA controls overall (105)


Cyber security is serious business for us all – so ACT accordingly!

From: pbd-se@lists.oasis-open.org<mailto:pbd-se@lists.oasis-open.org> [mailto:pbd-se@lists.oasis-open.org] On Behalf Of Dawson Frank (Nokia-TECH/Irving)
Sent: Wednesday, February 11, 2015 5:49 AM
To: ext Dawn Jutla; pbd-se@lists.oasis-open.org<mailto:pbd-se@lists.oasis-open.org>
Subject: RE: [pbd-se] Re: Holding meeting today

Hello Dawn and PbD-SE-ers.

Unfortunately, I will not be able to attend today, due to schedule conflicts.

With respect to the topic of privacy business process maturity, I would point also to the recent ISO publication of ISO 29190/Privacy Capability Assessment. It is a rather solid standard coming from ISO/IEC JTC1 SC27/WG5. Nokia piloted its use in 2013 to baseline privacy maturity of our privacy program. One of the strengths of that standard is that it uses a multi-dimensional review criteria, as privacy maturity is difficult to merely judge as a scalar value (EG, best represented with a tool like a spider-web graph to show maturity of a set of criteria). Also it is flexible to the organizational differences across industries, as well as differences in the structure of a privacy program across organizations.

BSIMM approach to measuring security program maturity is similarly structured, but also as implemented is based on feedback from a set of industry players.


From: pbd-se@lists.oasis-open.org<mailto:pbd-se@lists.oasis-open.org> [mailto:pbd-se@lists.oasis-open.org] On Behalf Of Dawn Jutla
Sent: Wednesday, February 11, 2015 4:33 AM
To: pbd-se@lists.oasis-open.org<mailto:pbd-se@lists.oasis-open.org>
Subject: [pbd-se] Re: Holding meeting today

Please see attached for the references that Jonathan supplied for our discussions.
Best regards, Dawn.

On Wed, Feb 11, 2015 at 8:28 AM, Dawn Jutla <dawn.jutla@gmail.com<mailto:dawn.jutla@gmail.com>> wrote:
Dear PbD-SE Committee:

With apologies for the late notice due to Gershon's and my recent demanding schedules. We are holding the meeting today as planned.

Our Jonathan Fox has kindly agreed to lead a discussion on his scan of Privacy Maturity Models to inform our work going forward.

1. CMM
3. BSIMM (See attached)
4. Open SAMM http://www.opensamm.org/
5. AICPA/CICA Privacy Maturity Model

Looking forward to our discussions at 1:30 p.m. EST today.

Kind regards, Dawn.

* Call-In Information:

Thanks to Saint Mary's University for providing the conference bridge.

Conference Reference: 147385
Participant Access Code: 9793565 #

Dial in numbers:
- North America:
877-385-4099<tel:877-385-4099> + Conference Access Code

- Overseas Locations provided with the exception of Greece:
International Access Code + 800-8358-7111<tel:%2B%20800-8358-7111> + Conference Access Code

Dr. Dawn Jutla,

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:


/chet   [§] 
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 

Check your work using the Support Request Submission Checklist at http://www.oasis-open.org/committees/download.php/47248/tc-admin-submission-checklist.html 

TC Administration information and support is available at http://www.oasis-open.org/resources/tcadmin

Follow OASIS on:
LinkedIn:    http://linkd.in/OASISopen
Twitter:        http://twitter.com/OASISopen
Facebook:  http://facebook.com/oasis.open

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]