Strategic Alliance Magazine Q1 2018 - 21

THE C HAN GIN G FACE OF DATA

The Nuts and Bolts of Creating Secure Systems
Responding to growing concerns about vulnerabilities in multi-party vendor relationships and
collaborations, the National Telecommunications
and Information Administration (a branch of the
United States Department of Commerce and the
principal adviser to the president on telecommunications policies)  and the FIRST Vulnerability
Coordination Special Interest Group (an international confederation of computer incident response
teams) recently released Version 1.0 of the "Guidelines and Practices for Multi-Party Vulnerability
Coordination and Disclosure." Past efforts "have not
adequately addressed the additional complexities of
multi-party vulnerability coordination (multiple
vendors and other stakeholders)," the introduction
states. "The purpose of this document is to improve
multi-party vulnerability coordination across different
stakeholder communities. Multi-party coordination
and disclosure involves multiple vendors and can
also include coordinators, defenders, users, and other
stakeholders."
To address this growing security challenge, the document contains two parts: Guiding Concepts and Best
Current Practices derived from a set of  Multi-Party
Disclosure Use Cases. The five use cases provide different security vulnerability coordination scenarios. The
guidelines include best practices tips for multi-party
coordination, such as:

The most important thing for any company entering a
collaboration to remember is that they can never completely abdicate responsibility for security," says Mike
Chapple, associate professor of IT, Analytics & Operations and academic director, masters of business
analytics, at the University of Notre Dame's Mendoza
College of Business. "Every collaboration, from engaging a vendor for cloud services to sharing data with
marketing partners, falls under what cybersecurity
professionals call a shared responsibility model. Both
organizations have some responsibility for security,
and the terms of the partnership agreement should
clearly spell out who is taking care of each aspect of
security."
This is especially important in the case of regulated industries, where companies also need to make sure they
are meeting all compliance obligations, he adds. 
"When you have a complex regulation, such as PCI DSS
[Payment Card Industry Data Security Standard], you'll
want to run down the checklist and agree, in  writing, about who will handle each requirement and which
will involve the participation of both parties.  Partnerships also introduce new compliance burdens, such as
managing HIPAA [Health Insurance Portability and
Accountability Act] business associate agreements. Security should absolutely be an early part of the
conversation in any technology initiative, including digital transformation initiatives. If you include security as
a design requirement, you get much better results at a

E stablishing a strong foundation of
processes and relationships early
with new tech models

Minimizing exposure through
remediation and disclosure

Maintaining clear and consistent
communications

Responding quickly to early disclosure;
being accountable and transparent

Building and maintaining trust,
and creating sound agreements

Using coordinators when appropriate
21
Q1 * 2018 | STRATEGIC ALLIANCE MAGAZINE



Table of Contents for the Digital Edition of Strategic Alliance Magazine Q1 2018

No label
Strategic Alliance Magazine Q1 2018 - No label
Strategic Alliance Magazine Q1 2018 - 2
Strategic Alliance Magazine Q1 2018 - 3
Strategic Alliance Magazine Q1 2018 - 4
Strategic Alliance Magazine Q1 2018 - 5
Strategic Alliance Magazine Q1 2018 - 6
Strategic Alliance Magazine Q1 2018 - 7
Strategic Alliance Magazine Q1 2018 - 8
Strategic Alliance Magazine Q1 2018 - 9
Strategic Alliance Magazine Q1 2018 - 10
Strategic Alliance Magazine Q1 2018 - 11
Strategic Alliance Magazine Q1 2018 - 12
Strategic Alliance Magazine Q1 2018 - 13
Strategic Alliance Magazine Q1 2018 - 14
Strategic Alliance Magazine Q1 2018 - 15
Strategic Alliance Magazine Q1 2018 - 16
Strategic Alliance Magazine Q1 2018 - 17
Strategic Alliance Magazine Q1 2018 - 18
Strategic Alliance Magazine Q1 2018 - 19
Strategic Alliance Magazine Q1 2018 - 20
Strategic Alliance Magazine Q1 2018 - 21
Strategic Alliance Magazine Q1 2018 - 22
Strategic Alliance Magazine Q1 2018 - 23
Strategic Alliance Magazine Q1 2018 - 24
Strategic Alliance Magazine Q1 2018 - 25
Strategic Alliance Magazine Q1 2018 - 26
Strategic Alliance Magazine Q1 2018 - 27
Strategic Alliance Magazine Q1 2018 - 28
Strategic Alliance Magazine Q1 2018 - 29
Strategic Alliance Magazine Q1 2018 - 30
Strategic Alliance Magazine Q1 2018 - 31
Strategic Alliance Magazine Q1 2018 - 32
Strategic Alliance Magazine Q1 2018 - 33
Strategic Alliance Magazine Q1 2018 - 34
Strategic Alliance Magazine Q1 2018 - 35
Strategic Alliance Magazine Q1 2018 - 36
Strategic Alliance Magazine Q1 2018 - 37
Strategic Alliance Magazine Q1 2018 - 38
Strategic Alliance Magazine Q1 2018 - 39
Strategic Alliance Magazine Q1 2018 - 40
Strategic Alliance Magazine Q1 2018 - 41
Strategic Alliance Magazine Q1 2018 - 42
Strategic Alliance Magazine Q1 2018 - 43
Strategic Alliance Magazine Q1 2018 - 44
Strategic Alliance Magazine Q1 2018 - 45
Strategic Alliance Magazine Q1 2018 - 46
Strategic Alliance Magazine Q1 2018 - 47
Strategic Alliance Magazine Q1 2018 - 48
Strategic Alliance Magazine Q1 2018 - 49
Strategic Alliance Magazine Q1 2018 - 50
Strategic Alliance Magazine Q1 2018 - 51
Strategic Alliance Magazine Q1 2018 - 52
Strategic Alliance Magazine Q1 2018 - 53
Strategic Alliance Magazine Q1 2018 - 54
Strategic Alliance Magazine Q1 2018 - 55
Strategic Alliance Magazine Q1 2018 - 56
https://www.nxtbook.com/allen/stam/23-2
https://www.nxtbook.com/allen/stam/23-1
https://www.nxtbook.com/allen/stam/22-4
https://www.nxtbook.com/allen/stam/22-3
https://www.nxtbook.com/allen/stam/22-2
https://www.nxtbook.com/allen/stam/22-1
https://www.nxtbook.com/allen/stam/21-4
http://www.brightcopy.net/allen/stam/21-3
http://www.brightcopy.net/allen/stam/21-2
http://www.brightcopy.net/allen/stam/21-1
http://www.brightcopy.net/allen/stam/20-4
http://www.brightcopy.net/allen/stam/20-3
http://www.brightcopy.net/allen/stam/20-2
http://www.brightcopy.net/allen/stam/20-1
http://www.brightcopy.net/allen/stam/19-4
http://www.brightcopy.net/allen/stam/19-3
http://www.brightcopy.net/allen/stam/19-2
http://www.brightcopy.net/allen/stam/19-1
http://www.brightcopy.net/allen/stam/18-4
http://www.brightcopy.net/allen/stam/18-3
http://www.brightcopy.net/allen/stam/18-2
http://www.brightcopy.net/allen/stam/18-1
http://www.brightcopy.net/allen/stam/17-4
http://www.brightcopy.net/allen/stam/17-3
http://www.brightcopy.net/allen/stam/17-2
http://www.brightcopy.net/allen/stam/17-1
http://www.brightcopy.net/allen/stam/16-3
http://www.brightcopy.net/allen/stam/16-2
http://www.brightcopy.net/allen/stam/16-1
http://www.brightcopy.net/allen/stam/15-4
http://www.brightcopy.net/allen/stam/15-03
http://www.brightcopy.net/allen/stam/15-02
https://www.nxtbook.com/allen/stam/15-1
https://www.nxtbook.com/allen/stam/14-4
https://www.nxtbook.com/allen/stam/14-3
https://www.nxtbook.com/allen/stam/14-2
https://www.nxtbookmedia.com