Meeting Minutes:

Federal Register: December 14, 2010 (Volume 75, Number 239)

Notices

Page 77934-77935

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

DOCID:fr14de10-110

SMALL BUSINESS ADMINISTRATION

Small Business Information Security Task Force

AGENCY: U.S. Small Business Administration.

ACTION: Notice of meeting minutes.

SUMMARY: The SBA is issuing this notice to publish meeting minutes for the Small Business Information Security Task Force Meeting.

DATES: 1 p.m., Wednesday, November 10, 2010.

ADDRESSES: The meeting was held via teleconference.

SUPPLEMENTARY INFORMATION: Pursuant to section 507(i)(4)(A) of the

Credit Card Accountability Responsibility and Disclosure Act of 2009,

SBA submits the meeting minutes for the second meeting of the Small

Business Information Security Task Force. Chairman Rusty Pickens called the meeting to order on November 10, 2010 at 1 p.m. Roll call was taken and a quorum was established. An overview of the last meeting was provided. Introductions were provided for Dr. Babita Gupta, and

Katherine White, both of whom were unable to attend the first meeting.

Dr. Gupta and Ms. White then each provided a brief overview to the group.

Ms. Frances Henderson provided that the focus for today is on what resources the group will need going forward in terms of personnel, systems, and software as there will be lots of material to collate before being able to produce a final report. Input to define tasks and how to keep the group on schedule were sought. It was indicated the work plan will continue to be developed.

Mr. Pickens recapped the Task Force scope of work and asked everyone to keep the charter readily available and to review Section 507 of the authorizing law as it provides the requirements for the work the Task Force has been directed to complete. The focus is to examine resources available nationwide for small business on privacy and technology concerns and then collate the data. A gap analysis then needs to be performed to determine how effective the programs are and provide a report to the Administrator with recommendations of what can be done to improve on them. The Task Force has until the end of 2013 to complete the report but it is hoped that the work could be completed sooner. It was also clarified that there is no authorization for the

Task Force to establish any new programs; the Task Force has only been directed to report to the Administrator their recommendations.

Page 77935

A discussion was held on possible methodology for research and gap analysis. Solicitations on how to organize the gathered data and compile lists was sought. It was stated that it is important that topics don't get missed during the first pass of data sorting. To help with this work, Mr. Michael Mitchell volunteered to be a liaison to the

PCI Standards organization. He stated that they have a small business section with lots of potentially valuable information and would be happy to work with them on behalf of the Task Force to gather information from them.

The discussion evolved into the need for resources and a software tool to capture, store, and list all of the gathered data. This discussion highlighted the need for qualitative caveats, as the amount of information such as certification and training resources could be enormous. The issue of funding and licenses for the purpose of this project was discussed. A question on Task Force funding was asked. Mr.

Pickens stated that an appropriation of finances was included within the authorizing law to support the Task Force. Mr. Pickens agreed to consult the appropriate parties to determine if it was indeed allocated.

During the open floor portion of the meeting, Mr. Terry Erdle volunteered to interface on behalf of CompTIA to the list of Trade

Associations, as CompTIA functions both as a certifying body and a

Trade Association for the computing technology industry itself. Mr.

Aaron Berstein then volunteered to contact Microsoft to inquire into the possibility of Microsoft providing an online collaborative space software tool for use. Additionally, Dr. Babita Gupta volunteered to look at resources within the nonprofit and academia sectors for available research that would be helpful to the Task Force.

At the conclusion of the meeting, everyone was instructed to take away the draft work plan handout as a starting point for brainstorming how to handle the task of gathering, sorting, and reporting back on the data. Responses on the document were requested to be provided to Mr.

Pickens by Friday, December 3, 2010, who will then consolidate them all into a single document for discussion at the next meeting.

The meeting was adjourned at 1:42 p.m.

FOR FURTHER INFORMATION CONTACT: Rusty Pickens, Special Consultant to the Office of the CIO, U.S. Small Business Administration,

Rusty.Pickens@sba.gov.

Paul T. Christy,

SBA Chief Information Officer.

FR Doc. 2010-31324 Filed 12-13-10; 8:45 am

BILLING CODE 8025-01-P

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT