Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IIW NSTIC Zygma slides 2011-10-19


Published on

Some thoughts on how to approach the subject of standards for NSTIC.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

IIW NSTIC Zygma slides 2011-10-19

  1. 1. NSTIC & Standards<br />?<br />How and where do standards fit into NSTICWho should be developing standards<br />What standards are requiredRichard G. WilsherCEO, Zygma LLC[www. | RGW@]<br />1<br />1<br />
  2. 2. NSTIC & Standards<br />Should NSTIC foster (another) SDO?<br />Not directly<br />Perhaps be a Standards DirectingOrganization <br />Standards Management Organization (SMO)<br />Identifying the needs<br />Adopting best practices<br />Optimizing / re-using existing frameworks & stds<br />Creating the glue<br />Funding specific (infrastructural standards) needs<br />2<br />
  3. 3. NSTIC & Standards<br />Identifying the needs<br />Information security management<br />Policies, Procedures<br />Risks<br />Control selection<br />Review & audit<br />Formal certification<br />Service provision & usage<br />Technical<br />API<br />ProvidesIndependentAssurance …<br />… that thesethings arebeing donecorrectly<br />3<br />
  4. 4. Accept existing standards<br />Adopt existing standards<br />Profile for specific needs<br />Render assessable<br />Where justified, define and develop standards<br />Development, refinement, profiling all progress more rapidly with dedicated resources = NSTIC funding<br />The Steering Group needs a Standards Manager<br />4<br />NSTIC & Standards<br />
  5. 5. NSTIC & Standards<br />essential that holistic approach is taken<br />the whole business has to be secure, so establish the Id framework within a larger context – <br />‘Identity’ may not be the business’ primary function<br />international recognition is a must<br />5<br />
  6. 6. Assessment / Evaluation is key<br />Need independent assessment of service providers and of users of those services<br />E.g. Kantara’s extension from Id Service Providers to recipients of id-related data (so-called Relying Parties)<br />Standards need to support assessment as well as<br />service provision & usage<br />technical inter-operability<br />6<br />NSTIC & Standards<br />
  7. 7. AND(just for laughs) …Don’t let NIST write Standards!!(we can talk about this)<br />