[Ssr2-review] SSR2 Google Drive and Google Doc for Input
ALAIN AINA
aalain at trstech.net
Mon May 15 05:24:32 UTC 2017
Hello,
I also have some issues accessing and editing the document, see below :
Possible focus area.
======
- Complete the assessment of the implementation of SSR1 recommendations, the impact of the implementation, how the post implementation is being managed and what implications for the SSR2 review.
- Scope of ICANN’s SSR responsibilities: action zone, influence zone, coordination zone
*ICANN SSR responsibility for the coordination of the global unique Identifiers
*ICANN operational role
*ICANN influence role (TLD operators, registrars ….),
*ICANN coordination role( IETF, RIRs Root zone operators ,technical community
- Effectiveness of ICANN’s SSR framework, SSR Plan and its implementation
*Security framework
* Contingence planning
*security framework robustness for a rapid evolving security environment
=========
> On 14 May 2017, at 17:28, Boban Krsic <krsic at denic.de> wrote:
>
> Dear All,
>
> Given that I could not access the Google Drive folder, please find my
> homework in accordance to James proposal below ;-)
>
> -----
>
> Focus on Sub-Team Number 2 - ICANN’ Internal Security Processes
>
> The sub team will be responsible for reviewing the completeness and
> effectiveness of ICANNs internal security processes and the
> effectiveness of the ICANN security framework
>
> Due to ICANN’s orientation to ISO/IEC 27001 I would recommend to provide
> a gap-analysis to the normative requirements of the management part and
> Annex A of the ISO standard based on the SoA (Scope).
>
> - Perform interviews and review descriptions and evidence of:
>
> * ISMS Scope
> * Information security policy
> * Information risk assessment and risk treatment processes
> * Information security objectives
> * Information security roles and responsibilities
> * ISMS internal audit program and results of conducted audits
> * Operational planning and control documents
> * Evidence of top management reviews of the ISMS
>
> Various others from the Annex A like rules for acceptable use of assets,
> access control policy, operating procedures, confidentiality or
> non-disclosure agreements, secure system engineering principles,
> information security policy for supplier relationships, etc.
>
> - Categorize and prioritize the outcome of the analysis
>
> - Develop a short-, medium- and long-term schedule to implement
> different controls in accordance to the requirements
>
> - Define a set of metrics to measure the effectiveness of the
> implementation
>
> With the goal to achieve a high level of maturity and to pass a
> successful certification process concerning ICANNs ISMS.
>
> Best,
>
> - Boban.
>
>
>
> Am 14.05.17 um 17:08 schrieb Karen Mulberry:
>> Dear SSR2 Review Team,
>>
>> Per the discussion this afternoon on next steps, I have created a Google Drive for the SSR2 Review Team to place their collaborative materials.
>>
>> Here is the link to the Folder where I have created a Google Doc for you to add your areas of interest or topics for tomorrow’s planning discussion.
>> https://drive.google.com/drive/folders/0B_IP1b20BSBUcndyOFVpbEZKbTQ?usp=sharing
>>
>> Sincerely,
>>
>> Karen Mulberry
>> Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)
>> ICANN
>> 12025 Waterfront Dr., Suite 300
>> Los Angeles, CA 90094
>> Phone: +1 424 353 9745
>>
>>
>>
>> _______________________________________________
>> Ssr2-review mailing list
>> Ssr2-review at icann.org
>> https://mm.icann.org/mailman/listinfo/ssr2-review
>>
>
>
> --
>
> Boban Kršić
> Chief Information Security Officer
>
> DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
>
> E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
> Mobil: +49 172 67 61 671
> https://www.denic.de
>
> X.509 Key-ID: 00A54FCB79884413A4
> Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
>
> PGP Key-ID: 0x43C89BA9
> Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
>
> Angaben nach § 25a Absatz 1 GenG:
> DENIC eG (Sitz: Frankfurt am Main)
> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
> Schweiger
> Vorsitzender des Aufsichtsrats: Thomas Keller
> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
> Frankfurt am Main
> _______________________________________________
> Ssr2-review mailing list
> Ssr2-review at icann.org
> https://mm.icann.org/mailman/listinfo/ssr2-review
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20170515/3af00179/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20170515/3af00179/signature.asc>
More information about the Ssr2-review
mailing list