[Federal Register Volume 75, Number 239 (Tuesday, December 14, 2010)]
[Notices]
[Pages 77934-77935]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-31324]


=======================================================================
-----------------------------------------------------------------------

SMALL BUSINESS ADMINISTRATION


Small Business Information Security Task Force

AGENCY: U.S. Small Business Administration.

ACTION: Notice of meeting minutes.

-----------------------------------------------------------------------

SUMMARY: The SBA is issuing this notice to publish meeting minutes for 
the Small Business Information Security Task Force Meeting.

DATES: 1 p.m., Wednesday, November 10, 2010.

ADDRESSES: The meeting was held via teleconference.

SUPPLEMENTARY INFORMATION: Pursuant to section 507(i)(4)(A) of the 
Credit Card Accountability Responsibility and Disclosure Act of 2009, 
SBA submits the meeting minutes for the second meeting of the Small 
Business Information Security Task Force. Chairman Rusty Pickens called 
the meeting to order on November 10, 2010 at 1 p.m. Roll call was taken 
and a quorum was established. An overview of the last meeting was 
provided. Introductions were provided for Dr. Babita Gupta, and 
Katherine White, both of whom were unable to attend the first meeting. 
Dr. Gupta and Ms. White then each provided a brief overview to the 
group.
    Ms. Frances Henderson provided that the focus for today is on what 
resources the group will need going forward in terms of personnel, 
systems, and software as there will be lots of material to collate 
before being able to produce a final report. Input to define tasks and 
how to keep the group on schedule were sought. It was indicated the 
work plan will continue to be developed.
    Mr. Pickens recapped the Task Force scope of work and asked 
everyone to keep the charter readily available and to review Section 
507 of the authorizing law as it provides the requirements for the work 
the Task Force has been directed to complete. The focus is to examine 
resources available nationwide for small business on privacy and 
technology concerns and then collate the data. A gap analysis then 
needs to be performed to determine how effective the programs are and 
provide a report to the Administrator with recommendations of what can 
be done to improve on them. The Task Force has until the end of 2013 to 
complete the report but it is hoped that the work could be completed 
sooner. It was also clarified that there is no authorization for the 
Task Force to establish any new programs; the Task Force has only been 
directed to report to the Administrator their recommendations.

[[Page 77935]]

    A discussion was held on possible methodology for research and gap 
analysis. Solicitations on how to organize the gathered data and 
compile lists was sought. It was stated that it is important that 
topics don't get missed during the first pass of data sorting. To help 
with this work, Mr. Michael Mitchell volunteered to be a liaison to the 
PCI Standards organization. He stated that they have a small business 
section with lots of potentially valuable information and would be 
happy to work with them on behalf of the Task Force to gather 
information from them.
    The discussion evolved into the need for resources and a software 
tool to capture, store, and list all of the gathered data. This 
discussion highlighted the need for qualitative caveats, as the amount 
of information such as certification and training resources could be 
enormous. The issue of funding and licenses for the purpose of this 
project was discussed. A question on Task Force funding was asked. Mr. 
Pickens stated that an appropriation of finances was included within 
the authorizing law to support the Task Force. Mr. Pickens agreed to 
consult the appropriate parties to determine if it was indeed 
allocated.
    During the open floor portion of the meeting, Mr. Terry Erdle 
volunteered to interface on behalf of CompTIA to the list of Trade 
Associations, as CompTIA functions both as a certifying body and a 
Trade Association for the computing technology industry itself. Mr. 
Aaron Berstein then volunteered to contact Microsoft to inquire into 
the possibility of Microsoft providing an online collaborative space 
software tool for use. Additionally, Dr. Babita Gupta volunteered to 
look at resources within the nonprofit and academia sectors for 
available research that would be helpful to the Task Force.
    At the conclusion of the meeting, everyone was instructed to take 
away the draft work plan handout as a starting point for brainstorming 
how to handle the task of gathering, sorting, and reporting back on the 
data. Responses on the document were requested to be provided to Mr. 
Pickens by Friday, December 3, 2010, who will then consolidate them all 
into a single document for discussion at the next meeting.
    The meeting was adjourned at 1:42 p.m.

FOR FURTHER INFORMATION CONTACT: Rusty Pickens, Special Consultant to 
the Office of the CIO, U.S. Small Business Administration, 
[email protected].

Paul T. Christy,
SBA Chief Information Officer.
[FR Doc. 2010-31324 Filed 12-13-10; 8:45 am]
BILLING CODE 8025-01-P