Foundation for Public-Private Collaboration

Public-Private Sector Common Investments Utilized

national forum for public private collaboration

Foundation for Public-Private Collaboration

The National Forum for Public-Private Collaboration has taken the excellent work of the Department of Defense embodied in the DESMF, referenced above, and have created a mirrored document with the minor changes of replacing the references to DoD with “organization” and “warfighter” with “customer”. We call this mirrored copy the Foundation for Public-Private Collaboration (FPPC).

The FPPC describes a life cycle for enterprise service management, including Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. Through the Forum, the FPPC establishes the base lexicon for public and private collaboration on cyber resilience and other relevant business topics. Forum activities utilize this document as a foundation for public and private collaboration.

We reference other publicly available frameworks, standards, and methods in support of balanced, reasonable and prudent guidance addressing the imperative needs of an organization such as sustainability and resilience. The FTC asks for reasonable approaches, our leadership seeks effective, prudent and disciplined use of limited resources to protect and enable business value.

We recognize the need for organizations to be adaptable and agile in the face of intentional and unintentional cyber threats, competitive and legislative landscapes, change in organizational directions and other considerations. The resulting reasonable and prudent guidance maps to the FPPC and by association the DESMF.

The Foundation for Public-Private Collaboration is a great resource because it is freely available with no licensing or other restrictions, and it provides comprehensive coverage of IT service management. The practices described are applicable to both public and private sector organizations, regardless of their size or the industry they operate in.

“Cyber resilience must be tightly coupled with and support business value. Measurable reasonable, prudent and disciplined approaches are established by including internal and external collaboration as part of each organization’s strategy to support their mission. This must not stifle the innovation needed to create and protect business value.” Charlie Tupitza

The National Foundation for Public-Private Collaboration is creating easy to use guidance, based on the existing FPPC by incorporating support for cyber resilience into every lifecycle stage and process it describes. The guidance will show how every service management process should contribute to cyber resilience, and show how cyber resilience controls can contribute to each stage of the lifecycle and to each service management process. The resulting document will be published under a Create Commons License to ensure it can be reused for purposes such as:

Helping both public and private sector organizations to incorporate cyber resilience into how they manage their IT systems and services.
Fostering collaboration between information security and IT service management teams and organizations.
Helping organizations offering tools and consulting to integrate support of both cyber resilience and IT service management into their offerings.
Providing content of value available for consideration in future releases of the DESMF and other Frameworks, as well as Standards, and Methods.

Competitiveness and Collaboration

Competitiveness. The vision to be globally competitive in software is accomplished by setting the enterprise direction, providing the fuel, and controlling the business environment, including suppliers, customers, competitors, and event threats. Software competitiveness revolves around how the software workforce is used to achieve customer satisfaction, how innovation is essential to delivering customer value, and how strategic software management guards against event threats and even exploits change.    Don O’Neil

NIST Cyber Security Framework

The NIST Cyber Security Framework was created through collaboration between industry and government, the Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cyber-security-related risk.

The Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cyber-security risk.  In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications among both internal and external organizational stakeholders.

nist cyber security framework

NIST Cyber Security Framework and RISK

The Framework will help an organization to better understand, manage, and reduce its cybersecurity risks.  It will assist in determining which activities are most important to assure critical operations and service delivery.  In turn, that will help to prioritize investments and maximize the impact of each dollar spent on cybersecurity.  By providing a common language to address cybersecurity risk management, it is especially helpful in communicating inside and outside the organization. That includes improving communications, awareness, and understanding between and among IT, planning, and operating units, as well as senior executives of organizations.  Organizations also can readily use the Framework to communicate current or desired cyber-security posture between a buyer or supplier.

Executive Order Improving Critical Infrastructure Cyber Security

The Order directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices – for reducing cyber risks to critical infrastructure.  Executive Order — Improving Critical Infrastructure Cybersecurity 

Executive Order 13636 outlines responsibilities for Federal Departments and Agencies to aid in Improving Critical Infrastructure Cybersecurity.  In summary, it assigns these responsibilities and establishes the policy that, “It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.”



Charlie and Joan Speaking at itSMF USA FUSION16 Conference at the MGM Hotel, Las Vegas, NV November 1 – 4 2016

Charlie, Joan, Speaking at itSMF USA FUSION16

Advancing Cyber-Resilience Through Collaborative Innovation

Date and Time:  Wednesday, November 2, 3:00pm – 4:00pm
Track:   Security, Risk, and Vulnerability
Track Chair:   Jeanette McGuillicuddy

Mission Driven Services Enabled by Cyber Resilience

Evidence of mission driven cyber resilient services– Board Room
– Workforce
– Cyber Insurance Companies
– Supply Chain Evaluation
– Procurement Evaluation


People Cyber Resilience Experienced, Educated
Organizational Capacity
– Is the Right Person in the Right Role
– ID Skills Gaps Present and Future
– Ability of Organization to Close Gaps


cyber resilience processes– Desired Outcomes being Delivered
– Respond, Recover, Minimize Impact of Events
– Measures show Trends, Impact of events
– Show Improvement Opportunities


Cyber Security Technology– Why was this Technology Selected?
– Measure of Effectiveness (Performance/Availability)
–  Continual Improvement process associated with it?



cyber security technology partners– Criteria established within the Supply Chain as a Partner of Others
– Requirements for Organizations who are Part of Products/Services Offered