[Ssr2-review] SSR2 Google Drive and Google Doc for Input
Emily Taylor
emily.taylor at oxil.co.uk
Mon May 15 06:37:45 UTC 2017
Hi all
I was also unable to write in changes into the document.
Here are my suggestions. I'm basing these on Eric's bullet points.
- Universal resolvability: Can identifiers be uniquely resolved and
consumed?
- Alternate root
- Name collisions (status and remediations)
- Universal resolvability and the internet of things
- IPv6 / CGN complexity (query the role of ICANN on this?)
- Headline and not-so-headline threats and exploits
- DDoS
- Improving the security of unique identifiers
- DNSSec (progress, Key roll over)
- Universal acceptance: Can identifiers be consumed by clients
- IDNs and new gTLDs
- Platforms, approaches, and status
- Measures and metrics
- How can the community measure the status of ‘S’, ‘S’, and ‘R’?
- What are, and how can the community measure the relevant abuses for
ICANN identifiers?
- The evidence base: DNS health index and abuse data. What the
evidence tells us; access to information (risks and benefits)
- ICANN's internal security, stability and resiliency operations:
- Allocation of resources and priority within the organisation
-
Outreach and public information role (training, vulnerability
disclosure, system attack mitigation etc)
-
Risk management, compliance with relevant frameworks.
- White-hat operations
- What are the white-hat operations that are taken in ICANN space
that may need exceptional handling (gratis for registering
sink-holes, etc.)
On Mon, May 15, 2017 at 7:12 AM, Osterweil, Eric via Ssr2-review <
ssr2-review at icann.org> wrote:
>
>
>
>
> My changes are also not being saved in the doc. Here is my list (it’s a
> little rough because I retyped in a hurry after realizing that it didn’t
> get saved the first time).
>
>
>
> *Eric*
>
> (second try)
>
> - Universal resolvability: Can identifiers be uniquely resolved and
> consumed?
>
>
> - Alternate root
> - Name collisions (status and remediations)
> - Universal acceptance: Can identifiers be consumed by clients
> - Platforms, approaches, and status
> - Measures and metrics
> - How can the community measure the status of ‘S’, ‘S’, and ‘R’?
> - What are, and how can the community measure the relevant abuses
> for ICANN identifiers?
> - White-hat operations
> - What are the white-hat operations that are taken in ICANN space
> that may need exceptional handling (gratis for registering sink-holes, etc.)
>
>
>
>
>
>
>
> Eric
>
>
>
> *From: *<ssr2-review-bounces at icann.org> on behalf of ALAIN AINA <
> aalain at trstech.net>
> *Date: *Monday, May 15, 2017 at 7:24 AM
> *To: *SSR2 <ssr2-review at icann.org>
> *Subject: *[EXTERNAL] Re: [Ssr2-review] SSR2 Google Drive and Google Doc
> for Input
>
>
>
> Hello,
>
>
>
> I also have some issues accessing and editing the document, see below :
>
>
>
> Possible focus area.
>
> ======
>
> - Complete the assessment of the implementation of SSR1 recommendations,
> the impact of the implementation, how the post implementation is being
> managed and what implications for the SSR2 review.
>
>
>
> - Scope of ICANN’s SSR responsibilities: action zone, influence zone,
> coordination zone
>
>
>
> *ICANN SSR responsibility for the coordination of the global unique
> Identifiers
>
> *ICANN operational role
>
> *ICANN influence role (TLD operators, registrars ….),
>
> *ICANN coordination role( IETF, RIRs Root zone operators ,technical
> community
>
>
>
> - Effectiveness of ICANN’s SSR framework, SSR Plan and its
> implementation
>
>
>
> *Security framework
>
> * Contingence planning
>
> *security framework robustness for a rapid evolving security environment
>
>
>
> =========
>
>
>
> On 14 May 2017, at 17:28, Boban Krsic <krsic at denic.de> wrote:
>
>
>
> Dear All,
>
> Given that I could not access the Google Drive folder, please find my
> homework in accordance to James proposal below ;-)
>
> -----
>
> Focus on Sub-Team Number 2 - ICANN’ Internal Security Processes
>
> The sub team will be responsible for reviewing the completeness and
> effectiveness of ICANNs internal security processes and the
> effectiveness of the ICANN security framework
>
> Due to ICANN’s orientation to ISO/IEC 27001 I would recommend to provide
> a gap-analysis to the normative requirements of the management part and
> Annex A of the ISO standard based on the SoA (Scope).
>
> - Perform interviews and review descriptions and evidence of:
>
> * ISMS Scope
> * Information security policy
> * Information risk assessment and risk treatment processes
> * Information security objectives
> * Information security roles and responsibilities
> * ISMS internal audit program and results of conducted audits
> * Operational planning and control documents
> * Evidence of top management reviews of the ISMS
>
> Various others from the Annex A like rules for acceptable use of assets,
> access control policy, operating procedures, confidentiality or
> non-disclosure agreements, secure system engineering principles,
> information security policy for supplier relationships, etc.
>
> - Categorize and prioritize the outcome of the analysis
>
> - Develop a short-, medium- and long-term schedule to implement
> different controls in accordance to the requirements
>
> - Define a set of metrics to measure the effectiveness of the
> implementation
>
> With the goal to achieve a high level of maturity and to pass a
> successful certification process concerning ICANNs ISMS.
>
> Best,
>
> - Boban.
>
>
>
> Am 14.05.17 um 17:08 schrieb Karen Mulberry:
>
> Dear SSR2 Review Team,
>
> Per the discussion this afternoon on next steps, I have created a Google
> Drive for the SSR2 Review Team to place their collaborative materials.
>
> Here is the link to the Folder where I have created a Google Doc for you
> to add your areas of interest or topics for tomorrow’s planning discussion.
> https://drive.google.com/drive/folders/0B_IP1b20BSBUcndyOFVpbEZKbTQ?usp=
> sharing
>
> Sincerely,
>
> Karen Mulberry
> Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)
> ICANN
> 12025 Waterfront Dr., Suite 300
> Los Angeles, CA 90094
> Phone: +1 424 353 9745 <(424)%20353-9745>
>
>
>
> _______________________________________________
> Ssr2-review mailing list
> Ssr2-review at icann.org
> https://mm.icann.org/mailman/listinfo/ssr2-review
>
>
>
> --
>
> Boban Kršić
> Chief Information Security Officer
>
> DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
>
> E-Mail: krsic at denic.de, Fon: +49 69 272 35-120 <+49%2069%2027235120>,
> Fax: -248
> Mobil: +49 172 67 61 671 <+49%20172%206761671>
> https://www.denic.de
>
> X.509 Key-ID: 00A54FCB79884413A4
> Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
>
> PGP Key-ID: 0x43C89BA9
> Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
>
> Angaben nach § 25a Absatz 1 GenG:
> DENIC eG (Sitz: Frankfurt am Main)
> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
> Schweiger
> Vorsitzender des Aufsichtsrats: Thomas Keller
> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
> Frankfurt am Main
> _______________________________________________
> Ssr2-review mailing list
> Ssr2-review at icann.org
> https://mm.icann.org/mailman/listinfo/ssr2-review
>
>
>
> _______________________________________________
> Ssr2-review mailing list
> Ssr2-review at icann.org
> https://mm.icann.org/mailman/listinfo/ssr2-review
>
>
--
Emily Taylor
CEO, Oxford Information Labs
*Associate Fellow, Chatham House; Editor, Journal of Cyber Policy*
*PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017*
Magdalen Centre, Oxford OX4 4GA | T: 01865 582885
E: emily.taylor at oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
<http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>
Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE.
Registered in England and Wales No. 4520925. VAT No. 799526263
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20170515/f05cd1a4/attachment.html>
More information about the Ssr2-review
mailing list