Stuart Shapiro - The MITRE Corporation
Students: Spring 2022, unless noted otherwise, sessions will be virtual on Zoom.
Scenario-Driven Construction of Enterprise Information Policy
Feb 07, 2007Download: MP4 Video Size: 219.4MB
Watch on YouTube
AbstractInformation policy at the enterprise level is invariably an exercise in gaps and inconsistencies. The range of concerns—including security—is broad, the environment tends to be heterogeneous and dispersed, the contextual scope is significant, and the stakeholders are numerous. MITRE ran headlong into this problem as it set about conceiving and implementing a new enterprise IT architecture, with questions increasingly raised regarding what policies the new architecture had to be capable of supporting. The MITRE Information Policy Framework (MIPF) is the mechanism MITRE developed to answer these questions. The MIPF supports systematic, structured analysis and formulation of information policy in five areas: security, privacy, management, stewardship, and sharing. This presentation will discuss the structure and use of the MIPF, with an emphasis on security requirements.
About the Speaker
Dr. Stuart S. Shapiro is a Lead Information Security Scientist and a member of the Privacy Practice at the MITRE Corporation, a not-for-profit company performing contract technical research and consulting primarily for the U.S. government. At MITRE he has supported a wide range of privacy activities, including privacy impact assessments, for major government programs. Prior to joining MITRE he was Director of Privacy at CareInsite, an e-health company, where his responsibilities included both policy and technical issues revolving around privacy and security. He has also held academic positions in the U.S. and the U.K. and taught courses on the history, politics, and ethics of information and communication technologies (ICTs). His research and writing have focused on ICTs and privacy and on the history and sociology of software development. Among his professional affiliations are the Association for Computing Machinery (ACM)—including its public policy committee, USACM—and the International Association of Privacy Professionals (IAPP).