[Ssr2-review] F2F Work Status & ACTION ITEM

Boban Krsic krsic at denic.de
Sat Jun 22 19:19:42 UTC 2019 

Dear Laurin, all,

First of all, it's nice to see you've been successful in today's
workshop. Sorry again that I had to cancel my trip to Marrakech at short
notice and couldn't attend the remote session today due to personal
reasons. It's all a bit of a fuss right now.

On 22.06.19 20:28, Weissinger, Laurin wrote:

> The team today went through the recommendations in the latest recommendations document (https://docs.google.com/document/d/10KOW2F6oqR3OdV7hfuWmnYo6gtE0d0wOZHOQzXmijx4/edit#) to identify gaps, resulting action items, and start assessing the importance of recommendations. A summary of our discussions, open questions, and outstanding actions here: https://docs.google.com/spreadsheets/d/1pfLFG9nixw_JEZBBdErw9McLpXHfigVjPR4u3O4OxZ4/edit#gid=0

re: Security Position; C-Suite:

please find a draft of my responsibleness as DENIC's CISO - maybe it
could be start for the relevant recommendation:

* Controlling, monitoring and coordination of the information security
and business continuity management process (ISMS and BCMS)

* Informing and advising the Board of Management on all fundamental and
important issues of information security

* Developing and actualizing guidelines, security concepts, the
emergency contingency plan and other security and business continuity
relevant concepts

* Creation of the annual security report

* Regular reporting to the Executive Board and the Security Management
Team on the status quo of information security

* Initiation and controlling of identification and implementation of
security measures

* Carrying out and monitoring regular security audits

* Coordinating security-related projects and ensuring the exchange of
information security relevant topics between the divisions and their
information security contacts.

* Monitoring the tracking of security incidents and initiating awareness
campaigns and training on information security.

* Authority to issue instructions to employees in matters of information
security (incl. BCM)

* Authority to discontinue applications and systems completely or
temporarily if the basic values of information security
(confidentiality, integrity and availability) are at risk.

* Commitment to training in the field of information security and
keeping knowledge up to date.

> However, it became clear that many recommendations had not been transferred/merged/edited from the previous version (https://docs.google.com/document/d/1CsuEYzQHve6a5rKQNeMQbjoyujdUQa9g__9_ojoqDBM/edit#). Everyone, please review this old document and make sure that the recommendations you were assigned in Brussels are dealt with ASAP so that we can continue discussing and preparing next steps. 

To be honest, I am totally satisfied with the content of the
recommendations assigned to me and I do not know what I should modify or
amend here. Please take another look at it together.

Wishing you all a productive and fruitful workshop! I hope to find some
time tomorrow to participate remotely.

Thanks again and hope to hear you soon!

	- Boban


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4637 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20190622/28073491/smime.p7s>

More information about the Ssr2-review mailing list