[Icannsecurity-ssr2-rt] [Ext] Re: ICANN SSR actions 31 July
Boban Krsic
krsic at denic.de
Mon Aug 14 09:58:37 UTC 2017
Dear all,
> On 8/4/17, 11:57 AM, "Boban Krsic" <krsic at denic.de> wrote:
>
> Dear Karen,
>
> Am 03.08.17 um 18:35 schrieb Karen Mulberry:
>
> > You noted the list of topics below
> > - Information Security Management
> > - Auditing
> > - Risk Management
> > - Business Continuity Management
> >
> > Do you have any thoughts as to what specific topics or questions the subgroup might want to have covered in the meeting? The more details on the objectives and focus on the meeting that you can provide the better we can work within the organization to identify and make arrangements for the experts to participate in the meeting.
>
> Awesome, many thanks for your assistance. I will send you next week a
> list of specific topics and questions.
As requested by Karen, here are some personal thoughts how to moving
forward in this topic. First, I would like to refer to the following two
documents, as all the topics and questions are represented there:
* SSR2-ICANNSecurity-workplan-draft [1]
* ICANN Security Questions for CIO [2]
Both documents should be our base for drafting specific questions for
our F2F meeting with ICANN staff.
Beginning with ICANN Security Questions for CIO [2]: All topics above
can be found in the current structure of the document. Maybe we can
rearrange and complete the document with questions from
SSR2-ICANNSecurity-workplan-draft [1] (sheets (Checklist 27001,
Checklist ISO 27001 - Annex A, and Checklist 22301)).
Detailed questions regarding ISMS, Auditing and Risk Management can be
found in the 2nd sheet "Checklist 27001" [1]
Information Security Management (ISM)
S.2 Leadership
S.2.1 - S.2.5
S.4 Support - Resources, Competence, Awareness & Communication
S.4.1 - S.4.6
Risk Management
S.3 Planning - Risks and Opportunities
S.3.1 - S.3.7
Auditing
S.6 Performance Evaluation, Internal Audit, Management Review
S.6.1 - S.6.6
S.7 Improvement
S.7.1 - S.7.3
Detailed questions regarding Business Continuity Management (BCM),
Auditing and Risk Management can be found in the 3rd sheet "Checklist
22301" [1] - look at it, don't want to copy it unnecessarily ;-)
Žarko and I will have by the end of this week a F2F workshop in
Belgrade. As discussed, we will circulate an outline of detailed work
items and proposed next steps after face-to-face meeting.
Two questions for the agenda of today's call:
1. Who can assist to complete the list of questions? (expected delivery
date 31. August)
2. Final decision date for the potential F2F workshop with ICANN staff
in October.
Hear you all and thanks a lot!
- Boban.
[1]
https://docs.google.com/spreadsheets/d/1vs1nyYdmg27cHXhM_qBaMOjmMEuNMst24claXRolzHs/edit#gid=1803198377
[2]
https://docs.google.com/document/d/1QmUaAufCfYtEs0cXS-fTxwtkxHZMrBj1IwGIe332LVo/edit#
> > I would also like to note that a lot of staff are on holiday through the end of August so mid-Septembers might be the best to target for dates.
>
> That perfectly fits into my planning. I will be also on vacation from
> the beginning of September to mid-September (will be back on September
> 21st in the office). The last week in September is reserved for our
> annually internal audit at DENIC, what means, that I will be available
> in the first two weeks of October. I would like to propose to setup a
> doodle poll with the following dates for our potential F2F workshop:
>
> * Monday October 2nd and Tuesday October 3rd
> * Thursday October 5th and Friday October 6th
> * Monday October 9th and Tuesday October 10th
>
> Again many thanks and wishing you all a happy weekend!
>
> - Boban.
>
>
> > Thanks for your assistance so that we can make sure that the right experts can be available for your discussion.
> >
> > Sincerely,
> >
> > Karen Mulberry
> > Multistakeholder Strategy and Strategic Initiatives (MSSI)
> > ICANN
> >
> >
> >
> > On 8/1/17, 12:26 PM, "icannsecurity-ssr2-rt-bounces at icann.org on behalf of Boban Krsic" <icannsecurity-ssr2-rt-bounces at icann.org on behalf of krsic at denic.de> wrote:
> >
> > Thanks Jennifer! Dear SSR subtopic team, some thoughts below.
> >
> > Am 01.08.17 um 17:27 schrieb Jennifer Bryce:
> >
> > > Team to provide feedback on the structure of the 9 work items, including identifying items which staff may be able to provide more information or help build out.
> >
> > I would like to propose the 4th September as expected delivery date.
> >
> > > Outline in writing a request to meet with ICANN security team, including details of expected goals and outcomes of the meeting.
> >
> > It's not only limited to the ICANN security team. I would say that we
> > need the following skill set and people at ICANN who are responsible
> > for: Information Security Management, Auditing, Risk Management and
> > finally Business Continuity Management.
> >
> > I would like to propose the 11th September as expected delivery date.
> >
> > > Circulate outline of detailed work items and proposed next steps after face-to-face meeting.
> > >
> > > Žarko, Boban
> > >
> > > 31 August
> >
> > Yep, that's fine - committed.
> >
> > One last thing: How about to send out a doodle poll by the MSSI
> > Secretariat to select a date for the proposed 2-day workshop with the
> > ICANN staff - just as a "Save-the-Date" without any obligations. My
> > personal calender has only a few possible slots in the following weeks.
> >
> >
> > - Boban.
> >
> >
> > >
> > >
> > > Jennifer
> > >
> > > --
> > > Jennifer Bryce
> > > Senior Reviews Coordinator
> > > Internet Corporation for Assigned Names and Numbers (ICANN)
> > >
> > > Email: jennifer.bryce at icann.org
> > > Skype: jennifer.bryce.icann
> > > www.icann.org
> > >
> > >
> > >
> > > _______________________________________________
> > > ICANNSecurity-SSR2-RT mailing list
> > > ICANNSecurity-SSR2-RT at icann.org
> > > https://mm.icann.org/mailman/listinfo/icannsecurity-ssr2-rt
> > >
> >
> >
> > --
> >
> > Boban Kršić
> > Chief Information Security Officer
> >
> > DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
> >
> > E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
> > Mobil: +49 172 67 61 671
> > https://www.denic.de
> >
> > X.509 Key-ID: 00A54FCB79884413A4
> > Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
> >
> > PGP Key-ID: 0x43C89BA9
> > Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
> >
> > Angaben nach § 25a Absatz 1 GenG:
> > DENIC eG (Sitz: Frankfurt am Main)
> > Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
> > Schweiger
> > Vorsitzender des Aufsichtsrats: Thomas Keller
> > Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
> > Frankfurt am Main
> >
> >
> >
>
>
> --
>
> Boban Kršić
> Chief Information Security Officer
>
> DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
>
> E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
> Mobil: +49 172 67 61 671
> https://www.denic.de
>
> X.509 Key-ID: 00A54FCB79884413A4
> Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
>
> PGP Key-ID: 0x43C89BA9
> Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
>
> Angaben nach § 25a Absatz 1 GenG:
> DENIC eG (Sitz: Frankfurt am Main)
> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
> Schweiger
> Vorsitzender des Aufsichtsrats: Thomas Keller
> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
> Frankfurt am Main
>
>
>
--
Boban Kršić
Chief Information Security Officer
DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
Mobil: +49 172 67 61 671
https://www.denic.de
X.509 Key-ID: 00A54FCB79884413A4
Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
PGP Key-ID: 0x43C89BA9
Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
Angaben nach § 25a Absatz 1 GenG:
DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
Frankfurt am Main
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/icannsecurity-ssr2-rt/attachments/20170814/fbbe79fb/signature.asc>
More information about the ICANNSecurity-SSR2-RT
mailing list