[Ssr2-review] SSR2 8 Nov agenda
Boban Krsic
krsic at denic.de
Thu Nov 15 10:59:06 UTC 2018
Awesome, missed that - my apologies!
Thanks Jennifer!
Cheers,
- Boban.
On 15.11.18 11:33, Jennifer Bryce wrote:
> Hi Boban,
>
>
>
> The transcripts from the ICANN SSR meeting in LA were posted to the meeting page in the weeks following the meeting, here: https://community.icann.org/x/KRghB.
>
>
>
> A record of all the questions and answers related to the ICANN SSR work are posted to the workstream page of the wiki here: https://community.icann.org/x/KRghB. For any questions outstanding, the latest delivery date is included in the table.
>
>
>
> Please let us know if there are other items you consider to be outstanding, as noted in your email below.
>
>
>
> Best,
>
> Jennifer
>
>
>
> -----Original Message-----
>
> From: Ssr2-review <ssr2-review-bounces at icann.org> on behalf of Boban Krsic <krsic at denic.de>
>
> Date: Wednesday, November 14, 2018 at 5:28 AM
>
> To: "ssr2-review at icann.org" <ssr2-review at icann.org>
>
> Subject: Re: [Ssr2-review] SSR2 8 Nov agenda
>
>
>
> Hi all,
>
>
>
> On 08.11.18 14:31, Boban Krsic wrote:
>
> > As already mentioned, I will send the current status of ICANN SSR to the
>
> > mailing list by next Monday.
>
>
>
> okay, it's Wednesday, but here we go:
>
>
>
> As already mentioned, here is a short update on the current status of
>
> the WS2 ICANN SSR. All information about the last official task (F2F in
>
> Los Angeles, CA) can be found in the wiki at
>
> https://community.icann.org/pages/viewpage.action?pageId=69277737. For
>
> completeness here once again the summary of the meeting in LA:
>
>
>
> The ICANN SSR Subgroup had a very productive two-day, fact-finding
>
> meeting at ICANN headquarters in Los Angeles. The subgroup met with a
>
> number of ICANN staff subject matter experts and discussed a range of
>
> issues relating to the completeness and effectiveness of ICANN’s
>
> security processes and the effectiveness of the ICANN security framework
>
> (including activities connected to the SSR2 Terms of Reference and
>
> implementation of SSR1 recommendations). Topics were covered to varying
>
> degrees of detail as warranted; some topics were covered sufficiently
>
> and some will require follow-on discussions.
>
> The subgroup reviewed, submitted questions & information requests about,
>
> and discussed early observations about:
>
> * ICANN’s Security Framework and emerging threats
>
> * ICANN’s Risk Management Framework
>
> * ICANN’s Business Continuity strategies, objectives, plans and procedures
>
> * ICANN’s operational planning and controls, and prioritized activity
>
> recovery strategy
>
> * ICANN’s Incident Response Structure
>
> * ICANN’s root server operations
>
> * ICANN’s Global Domains Division activities that relate to SSR
>
> objectives, including:
>
> * New gTLD program SSR-related safeguards
>
> * Emergency Back-End Registry Operator (EBERO), and related processes,
>
> and testing
>
> * Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA)
>
> * Centralized Zone Data Service (CZDS) compliance, failures, plans
>
> * Vetting of registrar and registry operators as relates to SSR, and
>
> measurement & impact of malicious conduct by contracted parties,
>
> databreaches, etc.
>
> * SLA Monitoring System (SLAM)
>
> * Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS
>
> Abuse & Domain Abuse Activity Reporting)
>
> * SSR objectives in ICANN’S standard operating procedures (SOP).
>
>
>
> We started immediately in the meeting to bring the essential aspects to
>
> paper
>
> https://docs.google.com/document/d/145i1Q-ZXgsvuwpDIUi_jJt_WJlaCRoxBoh2vKtNvSrM/edit.
>
> Unfortunately we couldn't finish the document because of the
>
> "pause-process". Now, after more than a year, remembering the results of
>
> the meeting is a very challenging task. But maybe we can use the
>
> document as a starting point to restart the task.
>
>
>
> As you can see, we have structured the above mentioned topics into seven
>
> groups. We assigned the team members among the individual groups, with
>
> the aim of parallel processing and taking into account the individual
>
> expertise of each SSR2 team member. The goal was to assign at least two
>
> persons to a topic-group.
>
>
>
> We used Trello https://trello.com/b/5Eu1ppuv/ssr2-subtopic-2-icann-ssr
>
> for the organization of the work. We can now stick to it, or just use
>
> the document referenced in the previous paragraph to organize the groups
>
> and work.
>
>
>
> In conclusion, the meeting was really effective and productive.
>
> Unfortunately, we haven't received a summary (transcript) of the
>
> meeting's content yet, as this task was taken over by the MSSI
>
> secretariat. Nor do we have any records or evidences. IMHO both are
>
> still outstanding.
>
>
>
> To those who have also been in LA: Please just add if I forgot something ;-)
>
>
>
> Thanks and best regards, Boban.
>
>
>
>
--
Boban Kršić
Chief Information Security Officer
DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY
E-Mail: krsic at denic.de, Fon: +49 69 272 35-120, Fax: -248
Mobil: +49 172 67 61 671
https://www.denic.de
PGP Key-ID: 0x43C89BA9
Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9
Angaben nach § 25a Absatz 1 GenG:
DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg
Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
Frankfurt am Main
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20181115/4b0552c0/signature.asc>
More information about the Ssr2-review
mailing list