[Ssr2-review] SSR2 Google Drive and Google Doc for Input

ALAIN AINA aalain at trstech.net
Mon May 15 05:24:32 UTC 2017 

Hello,

I also have some issues accessing and editing the document, see below :

Possible focus area.
======
- Complete the assessment of the implementation of SSR1 recommendations, the impact of the implementation, how the post implementation is being managed and what implications for the SSR2 review.

- Scope of ICANN’s SSR responsibilities:  action zone, influence zone, coordination zone

*ICANN  SSR responsibility  for the coordination of the global unique Identifiers
*ICANN operational role
*ICANN influence role (TLD operators, registrars ….),
*ICANN coordination role( IETF,  RIRs  Root zone operators ,technical community

-  Effectiveness of ICANN’s SSR framework, SSR Plan and  its implementation

 *Security framework
* Contingence planning
*security framework robustness for a rapid  evolving security environment

=========

> On 14 May 2017, at 17:28, Boban Krsic <krsic at denic.de> wrote:
> 
> Dear All,
> 
> Given that I could not access the Google Drive folder, please find my
> homework in accordance to James proposal below ;-)
> 
> -----
> 
> Focus on Sub-Team Number 2 - ICANN’ Internal Security Processes
> 
> The sub team will be responsible for reviewing the completeness and
> effectiveness of ICANNs internal security processes and the
> effectiveness of the ICANN security framework
> 
> Due to ICANN’s orientation to ISO/IEC 27001 I would recommend to provide
> a gap-analysis to the normative requirements of the management part and
> Annex A of the ISO standard based on the SoA (Scope).
> 
> - Perform interviews and review descriptions and evidence of:
> 
> * ISMS Scope
> * Information security policy
> * Information risk assessment and risk treatment processes
> * Information security objectives
> * Information security roles and responsibilities
> * ISMS internal audit program and results of conducted audits
> * Operational planning and control documents
> * Evidence of top management reviews of the ISMS
> 
> Various others from the Annex A like rules for acceptable use of assets,
> access control policy, operating procedures, confidentiality or
> non-disclosure agreements, secure system engineering principles,
> information security policy for supplier relationships, etc.
> 
> - Categorize and prioritize the outcome of the analysis
> 
> - Develop a short-, medium- and long-term schedule to implement
> different controls in accordance to the requirements
> 
> - Define a set of metrics to measure the effectiveness of the
> implementation
> 
> With the goal to achieve a high level of maturity and to pass a
> successful certification process concerning ICANNs ISMS.
> 
> Best,
> 
> 	- Boban.
> 
> 
> 
> Am 14.05.17 um 17:08 schrieb Karen Mulberry:
>> Dear SSR2 Review Team,
>> 
>> Per the discussion this afternoon on next steps, I have created a Google Drive for the SSR2 Review Team to place their collaborative materials.
>> 
>> Here is the link to the Folder where I have created a Google Doc for you to add your areas of interest or topics for tomorrow’s planning discussion.
>> https://drive.google.com/drive/folders/0B_IP1b20BSBUcndyOFVpbEZKbTQ?usp=sharing
>> 
>> Sincerely,
>> 
>> Karen Mulberry
>> Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)
>> ICANN
>> 12025 Waterfront Dr., Suite 300
>> Los Angeles, CA 90094
>> Phone: +1 424 353 9745
>> 
>> 
>> 
>> _______________________________________________
>> Ssr2-review mailing list
>> Ssr2-review at icann.org
>> https://mm.icann.org/mailman/listinfo/ssr2-review
>> 
> 
> 
> --
> 
> Boban Kršić
> Chief Information Security Officer
> 
> DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
> 
> E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
> Mobil: +49 172 67 61 671
> https://www.denic.de
> 
> X.509 Key-ID: 00A54FCB79884413A4
> Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
> 
> PGP Key-ID: 0x43C89BA9
> Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
> 
> Angaben nach § 25a Absatz 1 GenG:
> DENIC eG (Sitz: Frankfurt am Main)
> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
> Schweiger
> Vorsitzender des Aufsichtsrats: Thomas Keller
> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
> Frankfurt am Main
> _______________________________________________
> Ssr2-review mailing list
> Ssr2-review at icann.org
> https://mm.icann.org/mailman/listinfo/ssr2-review

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20170515/3af00179/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20170515/3af00179/signature.asc>

More information about the Ssr2-review mailing list