[Ssr2-review] SSR2 8 Nov agenda

Wed Nov 14 05:27:22 UTC 2018

Hi all,

On 08.11.18 14:31, Boban Krsic wrote:
> As already mentioned, I will send the current status of ICANN SSR to the
> mailing list by next Monday.

okay, it's Wednesday, but here we go:

As already mentioned, here is a short update on the current status of
the WS2 ICANN SSR. All information about the last official task (F2F in
Los Angeles, CA) can be found in the wiki at
https://community.icann.org/pages/viewpage.action?pageId=69277737. For
completeness here once again the summary of the meeting in LA:

The ICANN SSR Subgroup had a very productive two-day, fact-finding
meeting at ICANN headquarters in Los Angeles. The subgroup met with a
number of ICANN staff subject matter experts and discussed a range of
issues relating to the completeness and effectiveness of ICANN’s
security processes and the effectiveness of the ICANN security framework
(including activities connected to the SSR2 Terms of Reference and
implementation of SSR1 recommendations). Topics were covered to varying
degrees of detail as warranted; some topics were covered sufficiently
and some will require follow-on discussions.
The subgroup reviewed, submitted questions & information requests about,
and discussed early observations about:
* ICANN’s Security Framework and emerging threats
* ICANN’s Risk Management Framework
* ICANN’s Business Continuity strategies, objectives, plans and procedures
* ICANN’s operational planning and controls, and prioritized activity
recovery strategy
* ICANN’s Incident Response Structure
* ICANN’s root server operations
* ICANN’s Global Domains Division activities that relate to SSR
objectives, including:
 * New gTLD program SSR-related safeguards
 * Emergency Back-End Registry Operator (EBERO), and related processes,
and testing
 * Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA)
 * Centralized Zone Data Service (CZDS) compliance, failures, plans
 * Vetting of registrar and registry operators as relates to SSR, and
measurement & impact of malicious conduct by contracted parties,
databreaches, etc.
 * SLA Monitoring System (SLAM)
 * Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS
Abuse & Domain Abuse Activity Reporting)
 * SSR objectives in ICANN’S standard operating procedures (SOP).

We started immediately in the meeting to bring the essential aspects to
paper
https://docs.google.com/document/d/145i1Q-ZXgsvuwpDIUi_jJt_WJlaCRoxBoh2vKtNvSrM/edit.
Unfortunately we couldn't finish the document because of the
"pause-process". Now, after more than a year, remembering the results of
the meeting is a very challenging task. But maybe we can use the
document as a starting point to restart the task.

As you can see, we have structured the above mentioned topics into seven
groups. We assigned the team members among the individual groups, with
the aim of parallel processing and taking into account the individual
expertise of each SSR2 team member. The goal was to assign at least two
persons to a topic-group.

We used Trello https://trello.com/b/5Eu1ppuv/ssr2-subtopic-2-icann-ssr
for the organization of the work. We can now stick to it, or just use
the document referenced in the previous paragraph to organize the groups
and work.

In conclusion, the meeting was really effective and productive.
Unfortunately, we haven't received a summary (transcript) of the
meeting's content yet, as this task was taken over by the MSSI
secretariat. Nor do we have any records or evidences. IMHO both are
still outstanding.

To those who have also been in LA: Please just add if I forgot something ;-)

Thanks and best regards, Boban.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20181114/32193e6a/signature.asc>