[Ssr2-review] Tracker items 80, 86, 101

Jennifer Bryce jennifer.bryce at icann.org
Wed Aug 9 14:32:21 UTC 2017 

Hi all,

Please see below for responses to a number of outstanding questions for ICANN Org:

Tracker item 80: Provide responses to questions<https://docs.google.com/document/d/15g9bz4h57wC9LmNltKLarLRGhJdztnCBzDGtWmBs8q0/edit> from SSR1 briefings (Ops + Finance)
(Question 11): Who will be the contracting entity for future SOC2/3 audits of PTI?

It is not currently known who the contractor will be beyond the current period. A competitive RFP process is being conducted to select the vendor for the next SOC2 and SOC3 audits. It is estimated the vendor will be selected in October.

Tracker item 86: Provide SSR2-RT with information on if ICANN Office of the CTO has plans to re-define “security”? If so, how and when?

It is not the role of the ICANN Office of the CTO to define or re-define "security". We currently use the definition found in the SSR Framework document, however if the community believes refinement or replacement of that definition is necessary, we'll facilitate those discussions and use the new definition when complete.

Tracker item 101: Provide responses to questions<https://docs.google.com/document/d/1qwMPHYVoS_H4VSXx-ZbwzosSfxkD6xc8jxxPT1Vj8Kc/edit?usp=sharing> on SSR1 briefing: Recommendations 11, 12.
(Question 10): Is there any quantification or more detailed information on what the working relationship with the APWG has yielded?

1) cross-community collaboration on APWG white papers, see https://apwg.org/resources/apwg-reports/whitepapers, including these topics:
- registrar best/recommended practices
- web vulnerabilities survey
- subdomain registration phishing practices
- whois data and phishing
- twice annual global phishing surveys

2) cross-posting of SSAC documents for APWG community, again see https://apwg.org/resources/apwg-reports/whitepapers

3) cross-fertilization of subject matter expertise
- incoming SSAC chairperson is originally from APWG community
- several SSAC members are originally from APWG community
- registry (e.g., Afilias, Org) and registrar (Blackknight, GoDaddy) staff have joined APWG

4) Our membership provides access to APWG eCrimeX phishing data for the DAAR project

5) Collaboration on an Accelerated Malicious Domain Suspension program (AMDoS) see https://apwg.org/apwg-news-center/amdos/ for registries and registrars

--
Jennifer Bryce
Senior Reviews Coordinator
Internet Corporation for Assigned Names and Numbers (ICANN)

Email: jennifer.bryce at icann.org
Skype: jennifer.bryce.icann
www.icann.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20170809/8563805f/attachment.html>

More information about the Ssr2-review mailing list