信息安全资料设计即安全对隐私从业者的实践意义.pdfVIP

WhatDoesSecurity-by-DesignMeanFor

PrivacyPractitioners?

April4,2024

AGENDAOUTLINE

I.WelcomeandIntroductions

II.Security-by-DesignintheNationalCybersecurityStrategy

III.CISA’sSoftwareProductSecurityPrinciples

IV.Security-by-DesigninthePrivateSector

V.Discussion

VI.QuestionsandAnswers

VII.ClosingRemarks

WELCOMEANDINTRODUCTIONS

DrewBagleyCamilleStewartGloster,EricGoldstein,PaulRosenzweig

VicePresidentDeputyNationalCyberExecutiveAssistantFormerDAS,Policy,DHS

Counsel,PrivacyandDirectorforTechnologyDirectorforPrincipal,RedBranch

CyberPolicy,Ecosystem,ONCD,

CrowdStrikeTheWhiteHouseCybersecurity,CISAConsulting

NationCybersecurityStrategy

Promotes2keyshifts

1.Shiftingtheburdenofcybersecurityfromthesmallplayers

tothelargerplayerswhoarebetterabletobearit.

2.Realignmentofincentivestopromotelong-terminvestment

insecurity-security-by-design

Additionally,theNationalCyberWorkforceEducation

Strategycontributestosecurity-by-designbymakingcyber

skillspartofthetoolkitforallprofessionals.

SoftwareProductSecurityPrinciples

1.TakeOwnershipofCustomerSecurityOutcomes

2.EmbraceRadicalTransparencyandAccountability

3.LeadfromtheTop

CriticalSbDQuestions–

PrivateSectorPerspective

•HowisSecuritybyDesigndefinedinlaw,regulation,andpractice?

–Youcan’tmanagewhatyoucan’tdefine

•HowisSecuritybyDesigntobemeasured?

–Youcan’tmanagewhatyoucan’tcount

•WhowillsetthestandardsforSecuritybyDesign?

–Voluntaryormandatory;privatesectororpublic;nationalor