SBP/07-0006
INCITS
InterNational
Committee for Information Technology Standards
INCITS Secretariat, Information Technology Industry Council
(ITI)
1250 Eye St. NW, Suite 200, Washington, DC 20005
Telephone 202-737-8888; Fax 202-638-4922
| Date: | September 20, 2007 |
| Reply to: | Jennifer Garner |
| Phone: | (202) 616-5737 |
| Email: | jgarner@itic.org |
Draft Minutes - Formation Meeting
INCITS Study Group on Security Best Practices
Meeting #1
The Boulders Resort and Golden Door Spa
34631 North Tom Darlington Drive
Carefree, Arizona 85377
Telephone: 866-397-6520
http://www.theboulders.com/
Wednesday, September 19, 2007 3:00 PM to 5:00
PM
All organizations attending the first meeting attain
voting rights at the start of the formation meeting unless they have
requested advisory (non-voting) membership.
1. Administrative
1.1 Call to Order and Introduction of Chairman
Mr. Stull, Chairman of the INCITS Study Group on Security Best Practices,
called the formation meeting to order at 3:00 PM. He welcomed the
participants and thanked DCR for arranging the meeting room and refreshments
in conjunction with the FST Summit.
1.2 Introduction of Participants
The meeting attendees were introduced and invited to provide some information on their backgrounds:
| Organization |
Representative(s) |
| Citigroup | Mark Clancy |
| Communication Intelligence Corporation | Russel Davis |
| Coventry Health Care | Robert Talbot |
| Credit Industriel et Commercial | Jean-Pierre Champigny |
| Direct Computer Resources (DCR) | Joe Buonomo George Lang Ed Stull Bill Vitiello |
| First American Trust FSB | Henry Jenkins |
| Financial Services Technology Consortium (FSTC) | John Fricke |
| Greater Bay Bank | Lyle Sweeney |
| HotSkills / Orange Parachute | Scott Erkonen |
| IBM | Christine Knibloe |
| Lehman Brothers | Lauren Barnes |
| PayPal | Jim Palmer |
| Questrade | Edward Knolodenko |
| Texas Instruments | Curtis Watson |
| Vineyard Bank | Cindy Jacobian |
| Webster Bank | John Jahne |
| Wells Fargo | David Foster |
| Zions Bancorporation | Preston Wood |
| INCITS/CS1 Liaison | Daniel Benigni - Liaison (non-voting member) |
1.3 Appointment of Recording Secretary
Mr. Stull noted that Ms. Garner, a member of the INCITS
Secretariat staff, would serve as Secretary for this meeting. He asked
the participants to consider serving as the Secretary going forward and encouraged
interested parties to contact him to discuss the anticipated roles and responsibilities
of the Secretary for the INCITS Study Group on Security Best Practices.
2. Chairman's Remarks
Mr. Stull noted that the main goals of this inaugural meeting were to introduce the officers and other participants and to establish a work plan for the Study Group. He observed that clear, organized, supported solutions and deployable standards were needed to assist insurance and financial services business leaders in achieving their objectives.
3. Approval of the Agenda
Mr. Stull invited the participants to review the agenda to determine if any changes were needed. The following motion was addressed:
(Erkonen/Clancy)
Move to approve the agenda.
There was no formal discussion of the motion.
Vote on the motion: 9-0-2=11
The motion passed.
REF: SBP/07-002
4. Document Distribution
Mr. Stull informed the participants that committee documents would be distributed electronically through their posting to the document register (http://www.incits.org/tc_home/sbp/sbpdocreg.htm) on the Study Group's web site (http://www.incits.org/tc_home/sbp.htm). He noted that the participants' access to documents, contributions and standards related to the Study Group's work would be of value to their organizations.
REF: SBP SD-01 (SBP Standing Document 1 – Document
Register)
5. Review of Approved Charter for the INCITS Study Group
on Security Best Practices
The Study Group reviewed its charter as approved at the July 2007 INCITS Executive Board meeting:
The INCITS Study Group on Security Best Practices will:
study the security needs and requirements of the financial and insurance services industries and assess what is missing in current standards and practices.
make a recommendation to the INCITS EB on an approach to create deployable best practices and frameworks for security in these industries. This may include creating Project Proposals for new INCITS Standards or Technical Reports.
complete its work and submit its report for consideration at the January 2008 INCITS EB meeting.
Mr. Stull noted that the charter
had been developed with the assistance and extensive expertise of two EB
members: Mr. Ed Barrett (Sony Electronics / SDB Chairman) and Mr. Scott Jameson (Hewlett-Packard
/ JTC 1 Chairman).
REF: SBP/07-001
6. Overview of the INCITS Mode of Operation and Antitrust
Guidelines
Ms. Garner referred the participants to the information package prepared for the formation meeting (SBP/07-0005) and explained the difference between voting, advisory (non-voting) and liaison (non-voting) memberships. All organizations in attendance at this formation would be considered voting members (with the exception of the INCITS/CS1 Liaison) unless they requested advisory membership. The highlights of the INCITS antitrust guidelines were reviewed. Mr. Stull reminded the participants of their obligation to terminate any discussion, seek counsel's advice or, if necessary, terminate any meeting if the discussion might be construed to raise questions under the INCITS antitrust guidelines.
It was noted that English was the official language of both INCITS and ISO/IEC JTC 1.
REF: http://www.incits.org/inatrust.htm
7. Overview of Services Provided by the
INCITS Secretariat
Ms. Garner reported that in addition to providing guidance, the INCITS Secretariat would post the committee's documents to the document register, update and maintain the membership database and the committee's email reflector. Citing the anticipated short duration of the Study Group, she noted that invoices would be issued using the newly possible anniversary date billing system at the rate of $800 per member organization.
8. Roles of Study Group Officers and their Introduction
Mr. Stull explained that the Study Group officers were responsible for ensuring the committee's smooth and effective functioning. He invited the participants to raise any concerns with respect to the proposed slate of officers:
Mr. Edward Stull - Chairman (DCR)
Mr. Scott Erkonen - Vice Chairman for Strategic Collaboration (Orange Parachute)
Mr. Mark Clancy - Vice Chairman for Financial Services (Citigroup)
Mr. Robert Talbot - Vice Chairman for Insurance (Coventry Health Care)
No concerns were raised.
Mr. Stull invited the potential liaison representatives in attendance to say a few words:
INCITS/CS1 Chairman, Mr. Benigni, noted that he has been formally approved to serve as the INCITS/CS1 Liaison to the INCITS Study Group on Security Best Practices. He reported that INCITS/CS1's work was focused almost exclusively on international projects within JTC 1/SC 27 and its 5 WGs.
Financial Services Technology Consortium (FSTC) - Mr. Fricke noted that FSTC's members would define the consortium's activity on the Study Group.
REF: SBP SD-02 (SBP Standing
Document 2 – Roles and Responsibilities)
9. Strategic Collaboration
Mr. Erkonen,
the Vice Chairman for Strategic Collaborations, explained that he worked
for Orange Parachute (formerly HotSkills). His expertise was in the
area of developing and maintaining relationships with international companies
and standards bodies. Mr. Erkonen noted that a password protected registry
of relevant standards was being compiled for use by the Study Group in
their future work. He invited the participants to provide information
about other organizations that should be involved in this activity.