设计即安全对隐私从业者的实践意义.pdf

1、What Does Security-by-Design Mean For Privacy Practitioners?April 4,2024 I.Welcome and Introductions II.Security-by-Design in the National Cybersecurity StrategyIII.CISAs Software Product Security PrinciplesIV.Security-by-Design in the Private SectorV.DiscussionVI.Questions and Answers VII.Closing R

2、emarksAGENDA OUTLINEDrew BagleyVice President&Counsel,Privacy and Cyber Policy,CrowdStrikeCamille Stewart Gloster,Deputy National Cyber Director for Technology&Ecosystem,ONCD,The White HouseEric Goldstein,Executive Assistant Director for Cybersecurity,CISAPaul RosenzweigFormer DAS,Policy,DHSPrincipa

3、l,Red Branch ConsultingWELCOME AND INTRODUCTIONSNation Cybersecurity StrategyPromotes 2 key shifts1.Shifting the burden of cybersecurity from the small players to the larger players who are better able to bear it.2.Realignment of incentives to promote long-term investment in security-security-by-des

4、ignAdditionally,the National Cyber Workforce&Education Strategy contributes to security-by-design by making cyber skills part of the toolkit for all professionals.Software Product Security Principles1.Take Ownership of Customer Security Outcomes2.Embrace Radical Transparency and Accountability3.Lead

5、 from the TopCritical SbD Questions Private Sector PerspectiveHow is Security by Design defined in law,regulation,and practice?You cant manage what you cant defineHow is Security by Design to be measured?You cant manage what you cant countWho will set the standards for Security by Design?Voluntary o

6、r mandatory;private sector or public;national or international?How will standards compliance be enforced?Voluntary?Regulatory?Private liability?Insurance?RESOURCE LISTSecurity by Design Research Project:https:/www.lawfaremedia.org/current-p