[Ssr2-review] SSR2 Google Drive and Google Doc for Input

Osterweil, Eric eosterweil at verisign.com
Mon May 15 06:12:27 UTC 2017 


My changes are also not being saved in the doc.  Here is my list (it’s a little rough because I retyped in a hurry after realizing that it didn’t get saved the first time).

Eric
(second try)

  *   Universal resolvability: Can identifiers be uniquely resolved and consumed?

     *   Alternate root
     *   Name collisions (status and remediations)
  *   Universal acceptance: Can identifiers be consumed by clients
     *   Platforms, approaches, and status
  *   Measures and metrics
     *   How can the community measure the status of ‘S’, ‘S’, and ‘R’?
     *   What are, and how can the community measure the relevant abuses for ICANN identifiers?
  *   White-hat operations
     *   What are the white-hat operations that are taken in ICANN space that may need exceptional handling (gratis for registering sink-holes, etc.)



Eric

From: <ssr2-review-bounces at icann.org> on behalf of ALAIN AINA <aalain at trstech.net>
Date: Monday, May 15, 2017 at 7:24 AM
To: SSR2 <ssr2-review at icann.org>
Subject: [EXTERNAL] Re: [Ssr2-review] SSR2 Google Drive and Google Doc for Input

Hello,

I also have some issues accessing and editing the document, see below :

Possible focus area.
======
- Complete the assessment of the implementation of SSR1 recommendations, the impact of the implementation, how the post implementation is being managed and what implications for the SSR2 review.

- Scope of ICANN’s SSR responsibilities:  action zone, influence zone, coordination zone

*ICANN  SSR responsibility  for the coordination of the global unique Identifiers
*ICANN operational role
*ICANN influence role (TLD operators, registrars ….),
*ICANN coordination role( IETF,  RIRs  Root zone operators ,technical community

-  Effectiveness of ICANN’s SSR framework, SSR Plan and  its implementation

 *Security framework
* Contingence planning
*security framework robustness for a rapid  evolving security environment

=========

On 14 May 2017, at 17:28, Boban Krsic <krsic at denic.de<mailto:krsic at denic.de>> wrote:

Dear All,

Given that I could not access the Google Drive folder, please find my
homework in accordance to James proposal below ;-)

-----

Focus on Sub-Team Number 2 - ICANN’ Internal Security Processes

The sub team will be responsible for reviewing the completeness and
effectiveness of ICANNs internal security processes and the
effectiveness of the ICANN security framework

Due to ICANN’s orientation to ISO/IEC 27001 I would recommend to provide
a gap-analysis to the normative requirements of the management part and
Annex A of the ISO standard based on the SoA (Scope).

- Perform interviews and review descriptions and evidence of:

* ISMS Scope
* Information security policy
* Information risk assessment and risk treatment processes
* Information security objectives
* Information security roles and responsibilities
* ISMS internal audit program and results of conducted audits
* Operational planning and control documents
* Evidence of top management reviews of the ISMS

Various others from the Annex A like rules for acceptable use of assets,
access control policy, operating procedures, confidentiality or
non-disclosure agreements, secure system engineering principles,
information security policy for supplier relationships, etc.

- Categorize and prioritize the outcome of the analysis

- Develop a short-, medium- and long-term schedule to implement
different controls in accordance to the requirements

- Define a set of metrics to measure the effectiveness of the
implementation

With the goal to achieve a high level of maturity and to pass a
successful certification process concerning ICANNs ISMS.

Best,

- Boban.



Am 14.05.17 um 17:08 schrieb Karen Mulberry:

Dear SSR2 Review Team,

Per the discussion this afternoon on next steps, I have created a Google Drive for the SSR2 Review Team to place their collaborative materials.

Here is the link to the Folder where I have created a Google Doc for you to add your areas of interest or topics for tomorrow’s planning discussion.
https://drive.google.com/drive/folders/0B_IP1b20BSBUcndyOFVpbEZKbTQ?usp=sharing

Sincerely,

Karen Mulberry
Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)
ICANN
12025 Waterfront Dr., Suite 300
Los Angeles, CA 90094
Phone: +1 424 353 9745



_______________________________________________
Ssr2-review mailing list
Ssr2-review at icann.org
https://mm.icann.org/mailman/listinfo/ssr2-review


--

Boban Kršić
Chief Information Security Officer

DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY

E-Mail: krsic at denic.de<mailto:krsic at denic.de>, Fon: +49 69 272 35-120, Fax: -248
Mobil: +49 172 67 61 671
https://www.denic.de

X.509 Key-ID: 00A54FCB79884413A4
Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716

PGP Key-ID: 0x43C89BA9
Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9

Angaben nach § 25a Absatz 1 GenG:
DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
Frankfurt am Main
_______________________________________________
Ssr2-review mailing list
Ssr2-review at icann.org
https://mm.icann.org/mailman/listinfo/ssr2-review

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20170515/9e50754f/attachment.html>

More information about the Ssr2-review mailing list