[Icannsecurity-ssr2-rt] [Ext] Re: ICANN SSR actions 31 July

Boban Krsic krsic at denic.de
Mon Aug 14 11:57:24 UTC 2017



Am 14.08.17 um 12:06 schrieb Gannon, James-1:
> I will attend the call today but I will also put my name forward for assisting with the questions, if possible give me some specific asks or tasks and I will get them done, work is a little crazy right now so the more direction you give me the more likely I am to get it done =)

Thanks James. What we need at the end is an audit plan that contains the
specific chapters, date and time frames, interview partner from ICANN
and responsible team member for each chapter. Additionally a description
or similar that helps MSSI to get the approval from the Review Team for
a dedicated sub-group workshop. I will send you a template by the end of
the week.

The specific questions, etc. below are only for planning purposes and to
indicate the right persons at ICANN and to help us in the execution of
the workshop.

> Also the quicker we get the dates locked down the better as usual I need to book PTO for the F2F so the more notice I have the more likely I am to get time off.

My personal preference, depending on a positive approval, is Thursday
October 5th and Friday October 6th? Maybe we can agree upon this in ;-)

	- Boban.


> James Gannon
> IGM Manager – Projects & IT Security SME
> 
> -----Original Message-----
> From: icannsecurity-ssr2-rt-bounces at icann.org [mailto:icannsecurity-ssr2-rt-bounces at icann.org] On Behalf Of Boban Krsic
> Sent: 14 August 2017 10:59
> To: ICANNsecurity-SSR2-RT at icann.org
> Subject: Re: [Icannsecurity-ssr2-rt] [Ext] Re: ICANN SSR actions 31 July
> 
> Dear all,
> 
>> On 8/4/17, 11:57 AM, "Boban Krsic" <krsic at denic.de> wrote:
>>
>>     Dear Karen,
>>
>>     Am 03.08.17 um 18:35 schrieb Karen Mulberry:
>>
>>     > You noted the list of topics below
>>     > - Information Security Management
>>     > - Auditing
>>     > - Risk Management
>>     > - Business Continuity Management
>>     >
>>     > Do you have any thoughts as to what specific topics or questions the subgroup might want to have covered in the meeting?  The more details on the objectives and focus on the meeting that you can provide the better we can work within the organization to identify and make arrangements for the experts to participate in the meeting.
>>
>>     Awesome, many thanks for your assistance. I will send you next week a
>>     list of specific topics and questions.
> 
> 
> As requested by Karen, here are some personal thoughts how to moving forward in this topic. First, I would like to refer to the following two documents, as all the topics and questions are represented there:
> 
> * SSR2-ICANNSecurity-workplan-draft [1]
> * ICANN Security Questions for CIO [2]
> 
> Both documents should be our base for drafting specific questions for our F2F meeting with ICANN staff.
> 
> Beginning with ICANN Security Questions for CIO [2]: All topics above can be found in the current structure of the document. Maybe we can rearrange and complete the document with questions from SSR2-ICANNSecurity-workplan-draft [1] (sheets (Checklist 27001, Checklist ISO 27001 - Annex A, and Checklist 22301)).
> 
> Detailed questions regarding ISMS, Auditing and Risk Management can be found in the 2nd sheet "Checklist 27001" [1]
> 
> Information Security Management (ISM)
> S.2Leadership
> S.2.1 - S.2.5
> S.4Support - Resources, Competence, Awareness & Communication
> S.4.1 - S.4.6
> 
> Risk Management
> S.3Planning - Risks and Opportunities
> S.3.1 - S.3.7
> 
> Auditing
> S.6Performance Evaluation, Internal Audit, Management Review
> S.6.1 - S.6.6
> S.7Improvement
> S.7.1 - S.7.3
> 
> Detailed questions regarding Business Continuity Management (BCM), Auditing and Risk Management can be found in the 3rd sheet "Checklist 22301" [1] - look at it, don't want to copy it unnecessarily ;-)
> 
> Žarko and I will have by the end of this week a F2F workshop in Belgrade. As discussed, we will circulate an outline of detailed work items and proposed next steps after face-to-face meeting.
> 
> Two questions for the agenda of today's call:
> 
> 1. Who can assist to complete the list of questions? (expected delivery date 31. August) 2. Final decision date for the potential F2F workshop with ICANN staff in October.
> 
> Hear you all and thanks a lot!
> 
> - Boban.
> 
> 
> [1]
> https://docs.google.com/spreadsheets/d/1vs1nyYdmg27cHXhM_qBaMOjmMEuNMst24claXRolzHs/edit#gid=1803198377
> 
> [2]
> https://docs.google.com/document/d/1QmUaAufCfYtEs0cXS-fTxwtkxHZMrBj1IwGIe332LVo/edit#
> 
> 
> 
> 
> 
>>     > I would also like to note that a lot of staff are on holiday through the end of August so mid-Septembers might be the best to target for dates.
>>
>>     That perfectly fits into my planning. I will be also on vacation from
>>     the beginning of September to mid-September (will be back on September
>>     21st in the office). The last week in September is reserved for our
>>     annually internal audit at DENIC, what means, that I will be available
>>     in the first two weeks of October. I would like to propose to setup a
>>     doodle poll with the following dates for our potential F2F workshop:
>>
>>     * Monday October 2nd and Tuesday October 3rd
>>     * Thursday October 5th and Friday October 6th
>>     * Monday October 9th and Tuesday October 10th
>>
>>     Again many thanks and wishing you all a happy weekend!
>>
>>     - Boban.
>>
>>
>>     > Thanks for your assistance so that we can make sure that the right experts can be available for your discussion.
>>     >
>>     > Sincerely,
>>     >
>>     > Karen Mulberry
>>     > Multistakeholder Strategy and Strategic Initiatives (MSSI)
>>     > ICANN
>>     >
>>     >
>>     >
>>     > On 8/1/17, 12:26 PM, "icannsecurity-ssr2-rt-bounces at icann.org on behalf of Boban Krsic" <icannsecurity-ssr2-rt-bounces at icann.org on behalf of krsic at denic.de> wrote:
>>     >
>>     >     Thanks Jennifer! Dear SSR subtopic team, some thoughts below.
>>     >
>>     >     Am 01.08.17 um 17:27 schrieb Jennifer Bryce:
>>     >
>>     >     > Team to provide feedback on the structure of the 9 work items, including identifying items which staff may be able to provide more information or help build out.
>>     >
>>     >     I would like to propose the 4th September as expected delivery date.
>>     >
>>     >     > Outline in writing a request to meet with ICANN security team, including details of expected goals and outcomes of the meeting.
>>     >
>>     >     It's not only limited to the ICANN security team. I would say that we
>>     >     need the following skill set and people at ICANN who are responsible
>>     >     for: Information Security Management, Auditing, Risk Management and
>>     >     finally Business Continuity Management.
>>     >
>>     >     I would like to propose the 11th September as expected delivery date.
>>     >
>>     >     > Circulate outline of detailed work items and proposed next steps after face-to-face meeting.
>>     >     >
>>     >     > Žarko, Boban
>>     >     >
>>     >     > 31 August
>>     >
>>     >     Yep, that's fine - committed.
>>     >
>>     >     One last thing: How about to send out a doodle poll by the MSSI
>>     >     Secretariat to select a date for the proposed 2-day workshop with the
>>     >     ICANN staff - just as a "Save-the-Date" without any obligations. My
>>     >     personal calender has only a few possible slots in the following weeks.
>>     >
>>     >
>>     >     - Boban.
>>     >
>>     >
>>     >     >
>>     >     >
>>     >     > Jennifer
>>     >     >
>>     >     > --
>>     >     > Jennifer Bryce
>>     >     > Senior Reviews Coordinator
>>     >     > Internet Corporation for Assigned Names and Numbers (ICANN)
>>     >     >
>>     >     > Email: jennifer.bryce at icann.org
>>     >     > Skype: jennifer.bryce.icann
>>     >     > www.icann.org
>>     >     >
>>     >     >
>>     >     >
>>     >     > _______________________________________________
>>     >     > ICANNSecurity-SSR2-RT mailing list
>>     >     > ICANNSecurity-SSR2-RT at icann.org
>>     >     > https://mm.icann.org/mailman/listinfo/icannsecurity-ssr2-rt
>>     >     >
>>     >
>>     >
>>     >     --
>>     >
>>     >     Boban Kršić
>>     >     Chief Information Security Officer
>>     >
>>     >     DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
>>     >
>>     >     E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
>>     >     Mobil: +49 172 67 61 671
>>     >     https://www.denic.de
>>     >
>>     >     X.509 Key-ID: 00A54FCB79884413A4
>>     >     Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
>>     >
>>     >     PGP Key-ID: 0x43C89BA9
>>     >     Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
>>     >
>>     >     Angaben nach § 25a Absatz 1 GenG:
>>     >     DENIC eG (Sitz: Frankfurt am Main)
>>     >     Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
>>     >     Schweiger
>>     >     Vorsitzender des Aufsichtsrats: Thomas Keller
>>     >     Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
>>     >     Frankfurt am Main
>>     >
>>     >
>>     >
>>
>>
>>     --
>>
>>     Boban Kršić
>>     Chief Information Security Officer
>>
>>     DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
>>
>>     E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
>>     Mobil: +49 172 67 61 671
>>     https://www.denic.de
>>
>>     X.509 Key-ID: 00A54FCB79884413A4
>>     Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
>>
>>     PGP Key-ID: 0x43C89BA9
>>     Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
>>
>>     Angaben nach § 25a Absatz 1 GenG:
>>     DENIC eG (Sitz: Frankfurt am Main)
>>     Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
>>     Schweiger
>>     Vorsitzender des Aufsichtsrats: Thomas Keller
>>     Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
>>     Frankfurt am Main
>>
>>
>>
> 
> 
> --
> 
> Boban Kršić
> Chief Information Security Officer
> 
> DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
> 
> E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
> Mobil: +49 172 67 61 671
> https://www.denic.de
> 
> X.509 Key-ID: 00A54FCB79884413A4
> Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
> 
> PGP Key-ID: 0x43C89BA9
> Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
> 
> Angaben nach § 25a Absatz 1 GenG:
> DENIC eG (Sitz: Frankfurt am Main)
> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main
> 
> 
> Novartis Ireland Ltd.
> Registered No. 11931, Ireland.
> Registered Office: The Vista Building, Elm Park Business Park, Merrion Road, Dublin 4. DO4 A9N6, Ireland.
> 
> Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
> 


-- 

Boban Kršić
Chief Information Security Officer

DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY

E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
Mobil: +49 172 67 61 671
https://www.denic.de

X.509 Key-ID: 00A54FCB79884413A4
Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716

PGP Key-ID: 0x43C89BA9
Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9

Angaben nach § 25a Absatz 1 GenG:
DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
Frankfurt am Main

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/icannsecurity-ssr2-rt/attachments/20170814/0a48c641/signature.asc>


More information about the ICANNSecurity-SSR2-RT mailing list