March 29, 2011 Security Conference Call
Contents
Security Working Group Meeting
Attendees
- Gerald Beuchelt, guest hData
- Mike Davis Security Co-chair
- Jon Farmer
- Suzanne Gonzales-Webb CBCC Co-chair
- Michelle Johnston
- John Moehrke Security Co-chair
- Pat Pyette
- Diana Proud-Madruga
- Richard Thoreson CBCC Co-chair
- Ioana Singureanu
- Tony Weida
- Craig Winter
Agenda
1. (05 min) Roll Call, Approve Minutes & Accept Agenda
2. (15min) **New*** Risk Assessment request: hData REST spec / Gerald Beuchelt
- Note: would like to complete by May WG Meeting in Orlando)
3. (15min) Security and Privacy Ontology - Latest posting
4. (15 min) Report Out - Meeting with Patient Safety - Security Cookbook New Project Possibility? - John Moehrke
5. (15 min) Upcoming Security Cookbook Process Overview with Project Services/TSC
- Thursday March 31 @ 0900EDT
- Call information: HL7 Project Services Work Group: 1 770-657-9270 PC 281101
- Project Tracker; Project Services TSC 'owns' the project scope statement, project life cycle, etc., They are hoping we can assist in incorporating the Security Cookbook Process into project "work flow".
6. (5 min) May 2011 Working Group Meeting - Orlando, Florida USA, Security WG Agenda
- Add Meeting w/Patient Safety (Wednesday Q1-Q4 are currently available); topic of discussion - Security Risk Assessment Cookbook
Meeting Minutes
Roll Call, Approve Minutes & Accept Agenda **New*** Risk Assessment request: hData REST spec / Gerald Beuchelt Gerald and his group have been working on the hData REST spec. They have added Security implications to the document and would like Security WG to take a look and complete a Security Risk Assessment on the spec (as it stands) and make recommendation on how to improve certain aspects of it and other guidance to improve the overall stand. If possible, Gerald would like to complete the Risk Assessment and have feedback provided back to hData/Gerald prior to the May WG Meeting in Orlando with the goal to provide quality product to HL7
DECISION: Security WG will go forward with the Risk Assessment. John Moehrke/Suzanne/Diana Proud-Madruga to take lead. In two weeks time, the Security WG will set aside to review the spec and begin the Risk Assessment. Tentative start date for the Assessment will be April 12th meeting.
Security and Privacy Ontology * Latest posting (corresponding to the ballot version)
- tony heard back from Cecil Lynch regarding SAIF. Cecil wanted to impress the following:
- Traceability of artifacts
- Alignment [ ECCF matrix] which is part of the SAIF document
- Ballot submitted with updates from Tony on Sunday March 27
- Readme file was prepared and also submitted (requested by Don Lloyd)
- Mike has not spoken to the Steering Division has not been approached (they did not meet this week) regarding the requirements for submitting the ballot.
Report Out - Meeting with Patient Safety - Security Cookbook New Project Possibility? - John Moehrke Add topic of discussion - Security Risk Assessment Cookbook. Patient Safety feels that our process is a major focus of their group as well. They would like to meet in Orlando at the Working Group meeting. They currently have Wednesday Q1-Q4 available. One to two quarters with Patient Safety to meet jointly they feel would be plenty of time to meet and discuss. NOTE: Wednesday is currently full for the Security WG with other joint meetings, this may be a meeting where John Moehrke goes off on his own to discuss with Patient Safety.
Upcoming Security Cookbook Process Overview with Project Services/TSC Suzanne was contacted by Freida Hall to go over the Security Risk Assessment process with Project Services. Project Services TSC 'owns' the project scope statement, project life cycle, etc., They are hoping we can assist in incorporating the Security Cookbook Process into project "work flow". John M and Diana have been added to the meeting invite. Meeting Information:
- Thursday March 31 @ 0900 EDT
- Call information: HL7 Project Services Work Group: 1 770-657-9270 PC 281101
- Project Tracker;
SOA is creating a services description (all services) this will be added to the agenda in Orlando. we are looking for folks with the various canonical. Pat should be putting out a specific bulleted list which the Security WG might be able to help them out.
6. (5 min) May 2011 Working Group Meeting - Orlando, Florida USA, Security WG Agenda
Meeting Minutes
Roll Call, Approve Minutes & Accept Agenda
**New*** Risk Assessment request: hData REST spec / Gerald Beuchelt
- Note: would like to complete by May WG Meeting in Orlando)
Security and Privacy Ontology - Latest posting Report:
Report Out - Meeting with Patient Safety - Security Cookbook New Project Possibility? - (John Moehrke, Suzanne Gonzales-Webb, Diana Proud-Madruga)
Upcoming Security Cookbook Process Overview with Project Services/TSC, Freida Hall
- Thursday March 31, 2011 @ 0900EDT
- Call information: HL7 Project Services Work Group: 1 770-657-9270 PC 281101
- Project Tracker; Project Services TSC 'owns' the project scope statement, project life cycle, etc., They are hoping we can assist in incorporating the Security Cookbook Process into project "work flow".
May 2011 Working Group Meeting - Orlando, Florida USA, Security WG Agenda
- Add Meeting w/Patient Safety (Wednesday Q1-Q4 are currently available); topic of discussion - Security Risk Assessment Cookbook. NOTE: This may be something John M has to do on his own, as the Security Agenda will be very full on Wednesday.