[Ssr2-review] SSR2 Report - Final Draft
Heather Flanagan
hlf at sphericalcowconsulting.com
Sun Dec 13 23:40:35 UTC 2020
Hello SSR2 Review Team,
The draft final report is available now for your review. I have not included a table with all the recommendations yet; I’d very much like you all to read the recommendations in context. I will build that table after the RT indicates acceptance of the draft.
https://docs.google.com/document/d/1myG9dtYYiL8lFd3ZOPXNUwKfr1yuAsNrwzod-J8CdMQ/edit#
A few notes: There are 13 questions/comments pending. I expect most are easily resolved, but I’d like to point to four areas in particular:
1. Logically speaking, the findings in support of the C-Suite position recommendation are the weakest in the report. If anyone has citable examples of how you determined that there is a "risk of communications failures around critical security matters and the potential for conflicts around the prioritization of the budget” as well as a citable example of how the lack of a C-Suite role "has led to the ineffective documentation and implementation of security control measures organization-wide” that would be fantastic.
2. I have gone ahead and removed the Baseline Security Practices recommendation. I have not heard back from Naveed with more specific text, based on our conversation during the last plenary call, this definitely seems like a good idea, but not one in response to a specific problem observed by the RT (which makes it fall outside the Operating Standards for Specific Reviews).
3. I believe that Recommendation 20.1 can be removed, but as we have not discussed that as a group, I have left that removal as a suggestion.
4. And last but not least, given how we’ve supported the document at this point, do we still want to have a table that links every recommendation to a strategic plan line item? I have not re-built that table, but am happy to do so if the RT thinks it still has value.
Feedback is always welcome. And of course, if you want to make changes in the doc, please do it in suggest mode.
Heather Flanagan — Translator of Geek to Human
https://sphericalcowconsulting.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20201213/dc3b38d7/attachment.html>
More information about the Ssr2-review
mailing list