PSWG Minutes 07 24 2013 by lizzy2008


               PRIA Security Workgroup Face-to-Face Meeting
                                July 24, 2008
                              9:45 – 11:00 MST
                                 Phoenix, AZ


Nancy Sotomayor                           Ted Adams
Mark Ladd                                 Jack Arrowsmith
Karen Snow                                Kate Teal
Karen Anderson-Kinsey                     Erik Blomquist
Leesa McCrary                             Bill Mori
Marcey Toepel

This session began with a recap of the July 22nd session when the Threats &
Vulnerabilities matrix was presented and discussed. After assessing the
comments and questions that arose during the July 22nd session, the workgroup
suggested that rather than including the matrix in the whitepaper as a definitive
exercise, it would serve better as an educational and self-assessment tool.

The next step the workgroup anticipates will be to define mitigation strategies for
those areas deemed as high risk – potentially offering a variety of solutions from
very simple to more complex.

An example would be:
Collecting/Rogue Submitter/Poor Authentication – Use of SOAP, firewalls,
trusted business partner agreements, digital certificates

It was suggested that rather than getting too granular in detail, the document
should instead provide a list of resources that can be accessed to guide a
detailed self-assessment.

Discussion ensued regarding ranking risk based on the cost of mitigation vs. the
cost of the impact itself. While this is difficult to quantify for each specific
situation some broad assumptions could be made that would still be helpful.

Scope of the document needs to be defined better. Focus should be on
eRecording transactions rather than broader security issues. Physical security
recommendations relate to securing the eRecording process rather than
courthouse security per se.
The workgroup briefly reviewed the existing whitepaper draft. It was suggested
that the document be reorganized to reduce the repetitiveness that appears
currently. Define categories of risk that span the entire process and that general
mitigation strategies can be developed for. Document format needs to be more

Discussion followed regarding scheduling of conference calls. Calls will be
scheduled for the 2nd & 4th Tuesdays of each month at 1:00 Eastern. August
calls were set for the 12th & 26th.

Concern was expressed that the fall-off in attendance between Tuesday’s
session and this session may be due to the current documents being too difficult
for many to understand. Re-organize and re-format the whitepaper, then send to
all attendees, requesting feedback – prior to the August 12th call.

Meeting adjourned.

To top