[Ssr2-review] [EXT] Re: SSR2 Google Drive and Google Doc for Input
Emily Taylor
emily.taylor at oxil.co.uk
Mon May 15 07:41:45 UTC 2017
Hi Kerry
Many thanks for this.
We will try to get your comments included in the Google Doc.
Safe journey home.
Best
Emily
On Mon, May 15, 2017 at 8:30 AM, Barrett, Kerry-Ann <KABarrett at oas.org>
wrote:
> Hi everyone
>
> I was unable to edit as well. I'm in additional security checks so won't
> be able to join as planned.
>
> I also had points 1-3 of Emily's as well as:
>
> 1. Physical security requirements in place and enforcement of minimum
> security specification for DNSSEC key storage Facility
>
> 2. Level of compliance requirement for registrars agreements
>
> 3. SLAM and performance indicators
>
> 4. With regards to SSR1, implementation of Rec 7, 10, 11 and 27, to see
> to what extent the current OCTO research feeds into the risk management
> framework especially in relation to the SSR of unique identifier space.
>
> An observation from SSR 1 was to ensure ICANN outlines its process for
> security stability and resilience and keeping in mind comment made
> yesterday regarding OCTO's mandate we should revisit how clear this
> outlines. ( if not clear I can clarify in email list)
>
> All the best today
>
> Sincerely,
> Kerry-Ann Barrett
> Cybersecurity Policy Specialist
>
>
> On May 15, 2017, at 8:38 AM, Emily Taylor <emily.taylor at oxil.co.uk> wrote:
>
> Hi all
> I was also unable to write in changes into the document.
>
> Here are my suggestions. I'm basing these on Eric's bullet points.
>
>
> - Universal resolvability: Can identifiers be uniquely resolved and
> consumed?
>
>
> - Alternate root
> - Name collisions (status and remediations)
> - Universal resolvability and the internet of things
> - IPv6 / CGN complexity (query the role of ICANN on this?)
> - Headline and not-so-headline threats and exploits
> - DDoS
> - Improving the security of unique identifiers
> - DNSSec (progress, Key roll over)
>
>
> - Universal acceptance: Can identifiers be consumed by clients
> - IDNs and new gTLDs
> - Platforms, approaches, and status
> - Measures and metrics
> - How can the community measure the status of ‘S’, ‘S’, and ‘R’?
> - What are, and how can the community measure the relevant abuses
> for ICANN identifiers?
> - The evidence base: DNS health index and abuse data. What the
> evidence tells us; access to information (risks and benefits)
> - ICANN's internal security, stability and resiliency operations:
> - Allocation of resources and priority within the organisation
> -
>
> Outreach and public information role (training, vulnerability
> disclosure, system attack mitigation etc)
> -
>
> Risk management, compliance with relevant frameworks.
> - White-hat operations
> - What are the white-hat operations that are taken in ICANN space
> that may need exceptional handling (gratis for registering sink-holes, etc.)
>
>
>
>
>
> On Mon, May 15, 2017 at 7:12 AM, Osterweil, Eric via Ssr2-review <
> ssr2-review at icann.org> wrote:
>
>>
>>
>>
>>
>> My changes are also not being saved in the doc. Here is my list (it’s a
>> little rough because I retyped in a hurry after realizing that it didn’t
>> get saved the first time).
>>
>>
>>
>> *Eric*
>>
>> (second try)
>>
>> - Universal resolvability: Can identifiers be uniquely resolved and
>> consumed?
>>
>>
>> - Alternate root
>> - Name collisions (status and remediations)
>> - Universal acceptance: Can identifiers be consumed by clients
>> - Platforms, approaches, and status
>> - Measures and metrics
>> - How can the community measure the status of ‘S’, ‘S’, and ‘R’?
>> - What are, and how can the community measure the relevant abuses
>> for ICANN identifiers?
>> - White-hat operations
>> - What are the white-hat operations that are taken in ICANN space
>> that may need exceptional handling (gratis for registering sink-holes, etc.)
>>
>>
>>
>>
>>
>>
>>
>> Eric
>>
>>
>>
>> *From: *<ssr2-review-bounces at icann.org> on behalf of ALAIN AINA <
>> aalain at trstech.net>
>> *Date: *Monday, May 15, 2017 at 7:24 AM
>> *To: *SSR2 <ssr2-review at icann.org>
>> *Subject: *[EXTERNAL] Re: [Ssr2-review] SSR2 Google Drive and Google Doc
>> for Input
>>
>>
>>
>> Hello,
>>
>>
>>
>> I also have some issues accessing and editing the document, see below :
>>
>>
>>
>> Possible focus area.
>>
>> ======
>>
>> - Complete the assessment of the implementation of SSR1 recommendations,
>> the impact of the implementation, how the post implementation is being
>> managed and what implications for the SSR2 review.
>>
>>
>>
>> - Scope of ICANN’s SSR responsibilities: action zone, influence zone,
>> coordination zone
>>
>>
>>
>> *ICANN SSR responsibility for the coordination of the global unique
>> Identifiers
>>
>> *ICANN operational role
>>
>> *ICANN influence role (TLD operators, registrars ….),
>>
>> *ICANN coordination role( IETF, RIRs Root zone operators ,technical
>> community
>>
>>
>>
>> - Effectiveness of ICANN’s SSR framework, SSR Plan and its
>> implementation
>>
>>
>>
>> *Security framework
>>
>> * Contingence planning
>>
>> *security framework robustness for a rapid evolving security environment
>>
>>
>>
>> =========
>>
>>
>>
>> On 14 May 2017, at 17:28, Boban Krsic <krsic at denic.de> wrote:
>>
>>
>>
>> Dear All,
>>
>> Given that I could not access the Google Drive folder, please find my
>> homework in accordance to James proposal below ;-)
>>
>> -----
>>
>> Focus on Sub-Team Number 2 - ICANN’ Internal Security Processes
>>
>> The sub team will be responsible for reviewing the completeness and
>> effectiveness of ICANNs internal security processes and the
>> effectiveness of the ICANN security framework
>>
>> Due to ICANN’s orientation to ISO/IEC 27001 I would recommend to provide
>> a gap-analysis to the normative requirements of the management part and
>> Annex A of the ISO standard based on the SoA (Scope).
>>
>> - Perform interviews and review descriptions and evidence of:
>>
>> * ISMS Scope
>> * Information security policy
>> * Information risk assessment and risk treatment processes
>> * Information security objectives
>> * Information security roles and responsibilities
>> * ISMS internal audit program and results of conducted audits
>> * Operational planning and control documents
>> * Evidence of top management reviews of the ISMS
>>
>> Various others from the Annex A like rules for acceptable use of assets,
>> access control policy, operating procedures, confidentiality or
>> non-disclosure agreements, secure system engineering principles,
>> information security policy for supplier relationships, etc.
>>
>> - Categorize and prioritize the outcome of the analysis
>>
>> - Develop a short-, medium- and long-term schedule to implement
>> different controls in accordance to the requirements
>>
>> - Define a set of metrics to measure the effectiveness of the
>> implementation
>>
>> With the goal to achieve a high level of maturity and to pass a
>> successful certification process concerning ICANNs ISMS.
>>
>> Best,
>>
>> - Boban.
>>
>>
>>
>> Am 14.05.17 um 17:08 schrieb Karen Mulberry:
>>
>> Dear SSR2 Review Team,
>>
>> Per the discussion this afternoon on next steps, I have created a Google
>> Drive for the SSR2 Review Team to place their collaborative materials.
>>
>> Here is the link to the Folder where I have created a Google Doc for you
>> to add your areas of interest or topics for tomorrow’s planning discussion.
>> https://drive.google.com/drive/folders/0B_IP1b20BSBUcndyOFVp
>> bEZKbTQ?usp=sharing
>>
>> Sincerely,
>>
>> Karen Mulberry
>> Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)
>> ICANN
>> 12025 Waterfront Dr., Suite 300
>> Los Angeles, CA 90094
>> Phone: +1 424 353 9745 <(424)%20353-9745>
>>
>>
>>
>> _______________________________________________
>> Ssr2-review mailing list
>> Ssr2-review at icann.org
>> https://mm.icann.org/mailman/listinfo/ssr2-review
>>
>>
>>
>> --
>>
>> Boban Kršić
>> Chief Information Security Officer
>>
>> DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
>>
>> E-Mail: krsic at denic.de, Fon: +49 69 272 35-120 <+49%2069%2027235120>,
>> Fax: -248
>> Mobil: +49 172 67 61 671 <+49%20172%206761671>
>> https://www.denic.de
>>
>> X.509 Key-ID: 00A54FCB79884413A4
>> Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716
>>
>> PGP Key-ID: 0x43C89BA9
>> Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
>>
>> Angaben nach § 25a Absatz 1 GenG:
>> DENIC eG (Sitz: Frankfurt am Main)
>> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
>> Schweiger
>> Vorsitzender des Aufsichtsrats: Thomas Keller
>> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
>> Frankfurt am Main
>> _______________________________________________
>> Ssr2-review mailing list
>> Ssr2-review at icann.org
>> https://mm.icann.org/mailman/listinfo/ssr2-review
>>
>>
>>
>> _______________________________________________
>> Ssr2-review mailing list
>> Ssr2-review at icann.org
>> https://mm.icann.org/mailman/listinfo/ssr2-review
>>
>>
>
>
> --
>
> Emily Taylor
>
> CEO, Oxford Information Labs
> *Associate Fellow, Chatham House; Editor, Journal of Cyber Policy*
>
>
> *PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017 *
> Magdalen Centre, Oxford OX4 4GA | T: 01865 582885
> E: emily.taylor at oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
>
> <http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>
>
> Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE.
> Registered in England and Wales No. 4520925. VAT No. 799526263
>
> .
>
> _______________________________________________
> Ssr2-review mailing list
> Ssr2-review at icann.org
> https://mm.icann.org/mailman/listinfo/ssr2-review
>
>
--
Emily Taylor
CEO, Oxford Information Labs
*Associate Fellow, Chatham House; Editor, Journal of Cyber Policy*
*PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017*
Magdalen Centre, Oxford OX4 4GA | T: 01865 582885
E: emily.taylor at oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
<http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>
Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE.
Registered in England and Wales No. 4520925. VAT No. 799526263
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20170515/7eb0b8d2/attachment.html>
More information about the Ssr2-review
mailing list