[Ssr2-review] SSR2 8 Nov agenda

Jennifer Bryce jennifer.bryce at icann.org
Thu Nov 15 10:33:23 UTC 2018 

Hi Boban,



The transcripts from the ICANN SSR meeting in LA were posted to the meeting page in the weeks following the meeting, here: https://community.icann.org/x/KRghB.



A record of all the questions and answers related to the ICANN SSR work are posted to the workstream page of the wiki here: https://community.icann.org/x/KRghB. For any questions outstanding, the latest delivery date is included in the table.



Please let us know if there are other items you consider to be outstanding, as noted in your email below.



Best,

Jennifer



-----Original Message-----

From: Ssr2-review <ssr2-review-bounces at icann.org> on behalf of Boban Krsic <krsic at denic.de>

Date: Wednesday, November 14, 2018 at 5:28 AM

To: "ssr2-review at icann.org" <ssr2-review at icann.org>

Subject: Re: [Ssr2-review] SSR2 8 Nov agenda



    Hi all,



    On 08.11.18 14:31, Boban Krsic wrote:

    > As already mentioned, I will send the current status of ICANN SSR to the

    > mailing list by next Monday.



    okay, it's Wednesday, but here we go:



    As already mentioned, here is a short update on the current status of

    the WS2 ICANN SSR. All information about the last official task (F2F in

    Los Angeles, CA) can be found in the wiki at

    https://community.icann.org/pages/viewpage.action?pageId=69277737. For

    completeness here once again the summary of the meeting in LA:



    The ICANN SSR Subgroup had a very productive two-day, fact-finding

    meeting at ICANN headquarters in Los Angeles. The subgroup met with a

    number of ICANN staff subject matter experts and discussed a range of

    issues relating to the completeness and effectiveness of ICANN’s

    security processes and the effectiveness of the ICANN security framework

    (including activities connected to the SSR2 Terms of Reference and

    implementation of SSR1 recommendations). Topics were covered to varying

    degrees of detail as warranted; some topics were covered sufficiently

    and some will require follow-on discussions.

    The subgroup reviewed, submitted questions & information requests about,

    and discussed early observations about:

    * ICANN’s Security Framework and emerging threats

    * ICANN’s Risk Management Framework

    * ICANN’s Business Continuity strategies, objectives, plans and procedures

    * ICANN’s operational planning and controls, and prioritized activity

    recovery strategy

    * ICANN’s Incident Response Structure

    * ICANN’s root server operations

    * ICANN’s Global Domains Division activities that relate to SSR

    objectives, including:

     * New gTLD program SSR-related safeguards

     * Emergency Back-End Registry Operator (EBERO), and related processes,

    and testing

     * Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA)

     * Centralized Zone Data Service (CZDS) compliance, failures, plans

     * Vetting of registrar and registry operators as relates to SSR, and

    measurement & impact of malicious conduct by contracted parties,

    databreaches, etc.

     * SLA Monitoring System (SLAM)

     * Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS

    Abuse & Domain Abuse Activity Reporting)

     * SSR objectives in ICANN’S standard operating procedures (SOP).



    We started immediately in the meeting to bring the essential aspects to

    paper

    https://docs.google.com/document/d/145i1Q-ZXgsvuwpDIUi_jJt_WJlaCRoxBoh2vKtNvSrM/edit.

    Unfortunately we couldn't finish the document because of the

    "pause-process". Now, after more than a year, remembering the results of

    the meeting is a very challenging task. But maybe we can use the

    document as a starting point to restart the task.



    As you can see, we have structured the above mentioned topics into seven

    groups. We assigned the team members among the individual groups, with

    the aim of parallel processing and taking into account the individual

    expertise of each SSR2 team member. The goal was to assign at least two

    persons to a topic-group.



    We used Trello https://trello.com/b/5Eu1ppuv/ssr2-subtopic-2-icann-ssr

    for the organization of the work. We can now stick to it, or just use

    the document referenced in the previous paragraph to organize the groups

    and work.



    In conclusion, the meeting was really effective and productive.

    Unfortunately, we haven't received a summary (transcript) of the

    meeting's content yet, as this task was taken over by the MSSI

    secretariat. Nor do we have any records or evidences. IMHO both are

    still outstanding.



    To those who have also been in LA: Please just add if I forgot something ;-)



    Thanks and best regards, Boban.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20181115/4977b438/attachment.html>

More information about the Ssr2-review mailing list