2013-11-06 - Business Case Subgroup Notes
Date and Time |
November 6, 2013, 3:00-4:00 ET |
Agenda and Meeting Materials |
Action Items
- (none)
Highlights
- Discussion of what to do next
- Making the case to upper management / elevator speech
- Who else is doing this? How many?
- What regulatory pressures are there?
- How does this differentiate us?
- Risks.
- Providing institutional guidance / requirements for the use of MFA
- Does does an application manager know if MFA should be used?
- Everybody thinks MFA is a good thing, but there's a chicken and egg problem between identity providers and service providers.
- Need risk matrix that determines need of MFA for a particular service.
- U Washington had a requirement for 2FA, based on classification of assets. When they moved to a risk based approach (by application managers), people stopped wanting 2FA.
- Provide use cases / scenarios for types of applications?
- Provide Cohortium recommendations?
- Making the case to upper management / elevator speech
- Decision was to work on institutional guidance for the use of MFA.