[Ssr2-review] SSR2 Google Drive and Google Doc for Input

Boban Krsic krsic at denic.de
Sun May 14 17:28:32 UTC 2017 

Dear All,

Given that I could not access the Google Drive folder, please find my
homework in accordance to James proposal below ;-)

-----

Focus on Sub-Team Number 2 - ICANN’ Internal Security Processes

The sub team will be responsible for reviewing the completeness and
effectiveness of ICANNs internal security processes and the
effectiveness of the ICANN security framework

Due to ICANN’s orientation to ISO/IEC 27001 I would recommend to provide
a gap-analysis to the normative requirements of the management part and
Annex A of the ISO standard based on the SoA (Scope).

- Perform interviews and review descriptions and evidence of:

* ISMS Scope
* Information security policy
* Information risk assessment and risk treatment processes
* Information security objectives
* Information security roles and responsibilities
* ISMS internal audit program and results of conducted audits
* Operational planning and control documents
* Evidence of top management reviews of the ISMS

Various others from the Annex A like rules for acceptable use of assets,
access control policy, operating procedures, confidentiality or
non-disclosure agreements, secure system engineering principles,
information security policy for supplier relationships, etc.

- Categorize and prioritize the outcome of the analysis

- Develop a short-, medium- and long-term schedule to implement
different controls in accordance to the requirements

- Define a set of metrics to measure the effectiveness of the
implementation

With the goal to achieve a high level of maturity and to pass a
successful certification process concerning ICANNs ISMS.

Best,

	- Boban.



Am 14.05.17 um 17:08 schrieb Karen Mulberry:
> Dear SSR2 Review Team,
> 
> Per the discussion this afternoon on next steps, I have created a Google Drive for the SSR2 Review Team to place their collaborative materials.
> 
> Here is the link to the Folder where I have created a Google Doc for you to add your areas of interest or topics for tomorrow’s planning discussion.
> https://drive.google.com/drive/folders/0B_IP1b20BSBUcndyOFVpbEZKbTQ?usp=sharing
> 
> Sincerely,
> 
> Karen Mulberry
> Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)
> ICANN
> 12025 Waterfront Dr., Suite 300
> Los Angeles, CA 90094
> Phone: +1 424 353 9745
> 
> 
> 
> _______________________________________________
> Ssr2-review mailing list
> Ssr2-review at icann.org
> https://mm.icann.org/mailman/listinfo/ssr2-review
> 


-- 

Boban Kršić
Chief Information Security Officer

DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY

E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
Mobil: +49 172 67 61 671
https://www.denic.de

X.509 Key-ID: 00A54FCB79884413A4
Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716

PGP Key-ID: 0x43C89BA9
Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9

Angaben nach § 25a Absatz 1 GenG:
DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
Frankfurt am Main

More information about the Ssr2-review mailing list