The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Stuart Shapiro - The MITRE Corporation

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Scenario-Driven Construction of Enterprise Information Policy

Feb 07, 2007

Download: Video Icon MP4 Video Size: 219.4MB  
Watch on Youtube Watch on YouTube


Information policy at the enterprise level is invariably an exercise in gaps and inconsistencies. The range of concerns—including security—is broad, the environment tends to be heterogeneous and dispersed, the contextual scope is significant, and the stakeholders are numerous. MITRE ran headlong into this problem as it set about conceiving and implementing a new enterprise IT architecture, with questions increasingly raised regarding what policies the new architecture had to be capable of supporting. The MITRE Information Policy Framework (MIPF) is the mechanism MITRE developed to answer these questions. The MIPF supports systematic, structured analysis and formulation of information policy in five areas: security, privacy, management, stewardship, and sharing. This presentation will discuss the structure and use of the MIPF, with an emphasis on security requirements.

About the Speaker

Dr. Stuart S. Shapiro is a Lead Information Security Scientist and a member of the Privacy Practice at the MITRE Corporation, a not-for-profit company performing contract technical research and consulting primarily for the U.S. government. At MITRE he has supported a wide range of privacy activities, including privacy impact assessments, for major government programs. Prior to joining MITRE he was Director of Privacy at CareInsite, an e-health company, where his responsibilities included both policy and technical issues revolving around privacy and security. He has also held academic positions in the U.S. and the U.K. and taught courses on the history, politics, and ethics of information and communication technologies (ICTs). His research and writing have focused on ICTs and privacy and on the history and sociology of software development. Among his professional affiliations are the Association for Computing Machinery (ACM)—including its public policy committee, USACM—and the International Association of Privacy Professionals (IAPP).

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!