<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:PMingLiU;
panose-1:2 2 5 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.apple-tab-span
{mso-style-name:apple-tab-span;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:32385076;
mso-list-template-ids:204004730;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level2 lfo2
{mso-level-start-at:0;
mso-level-numbering:continue;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">My changes are also not being saved in the doc. Here is my list (it’s a little rough because I retyped in a hurry after realizing that it didn’t get saved the first time).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:Calibri">Eric</span></b><span style="font-size:11.0pt;font-family:Calibri"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">(second try)<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo1"><span style="font-size:11.0pt;font-family:Calibri">Universal resolvability: Can identifiers be uniquely resolved and consumed?<o:p></o:p></span></li></ul>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo2"><span style="font-size:11.0pt;font-family:Calibri">Alternate root<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l0 level2 lfo2"><span style="font-size:11.0pt;font-family:Calibri">Name collisions (status and remediations)<o:p></o:p></span></li></ul>
<li class="MsoNormal" style="mso-list:l0 level1 lfo2"><span style="font-size:11.0pt;font-family:Calibri">Universal acceptance: Can identifiers be consumed by clients<o:p></o:p></span>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo2"><span style="font-size:11.0pt;font-family:Calibri">Platforms, approaches, and status<o:p></o:p></span></li></ul>
</li><li class="MsoNormal" style="mso-list:l0 level1 lfo2"><span style="font-size:11.0pt;font-family:Calibri">Measures and metrics<o:p></o:p></span>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo2"><span style="font-size:11.0pt;font-family:Calibri">How can the community measure the status of ‘S’, ‘S’, and ‘R’?<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l0 level2 lfo2"><span style="font-size:11.0pt;font-family:Calibri">What are, and how can the community measure the relevant abuses for ICANN identifiers?<o:p></o:p></span></li></ul>
</li><li class="MsoNormal" style="mso-list:l0 level1 lfo2"><span style="font-size:11.0pt;font-family:Calibri">White-hat operations<o:p></o:p></span>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level2 lfo2"><span style="font-size:11.0pt;font-family:Calibri">What are the white-hat operations that are taken in ICANN space that may need exceptional handling (gratis for registering sink-holes, etc.)<o:p></o:p></span></li></ul>
</li></ul>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Eric<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black"><ssr2-review-bounces@icann.org> on behalf of ALAIN AINA <aalain@trstech.net><br>
<b>Date: </b>Monday, May 15, 2017 at 7:24 AM<br>
<b>To: </b>SSR2 <ssr2-review@icann.org><br>
<b>Subject: </b>[EXTERNAL] Re: [Ssr2-review] SSR2 Google Drive and Google Doc for Input<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Hello,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">I also have some issues accessing and editing the document, see below :
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Possible focus area.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">======<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- Complete the assessment of the implementation of SSR1 recommendations, the impact of the implementation, how the post implementation is being managed and what implications for the SSR2 review.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt">- Scope of ICANN’s SSR responsibilities: action zone, influence zone, coordination zone<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt">*ICANN SSR responsibility for the coordination of the global unique Identifiers<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt">*ICANN operational role<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt">*ICANN influence role (TLD operators, registrars ….), <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt">*ICANN coordination role( IETF, RIRs Root zone operators ,technical community<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt">- Effectiveness of ICANN’s SSR framework, SSR Plan and its implementation <o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt"> *Security framework<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt">* Contingence planning<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt">*security framework robustness for a rapid evolving security environment <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt">=========<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On 14 May 2017, at 17:28, Boban Krsic <<a href="mailto:krsic@denic.de">krsic@denic.de</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">Dear All,<br>
<br>
Given that I could not access the Google Drive folder, please find my<br>
homework in accordance to James proposal below ;-)<br>
<br>
-----<br>
<br>
Focus on Sub-Team Number 2 - ICANN’ Internal Security Processes<span style="font-family:PMingLiU"><br>
<br>
</span>The sub team will be responsible for reviewing the completeness and<span style="font-family:PMingLiU"><br>
</span>effectiveness of ICANNs internal security processes and the<br>
effectiveness of the ICANN security framework<br>
<br>
Due to ICANN’s orientation to ISO/IEC 27001 I would recommend to provide<span style="font-family:PMingLiU"><br>
</span>a gap-analysis to the normative requirements of the management part and<span style="font-family:PMingLiU"><br>
</span>Annex A of the ISO standard based on the SoA (Scope).<span style="font-family:PMingLiU"><br>
<br>
</span>- Perform interviews and review descriptions and evidence of:<br>
<br>
* ISMS Scope<br>
* Information security policy<br>
* Information risk assessment and risk treatment processes<br>
* Information security objectives<br>
* Information security roles and responsibilities<br>
* ISMS internal audit program and results of conducted audits<br>
* Operational planning and control documents<br>
* Evidence of top management reviews of the ISMS<br>
<br>
Various others from the Annex A like rules for acceptable use of assets,<br>
access control policy, operating procedures, confidentiality or<br>
non-disclosure agreements, secure system engineering principles,<br>
information security policy for supplier relationships, etc.<br>
<br>
- Categorize and prioritize the outcome of the analysis<br>
<br>
- Develop a short-, medium- and long-term schedule to implement<br>
different controls in accordance to the requirements<br>
<br>
- Define a set of metrics to measure the effectiveness of the<br>
implementation<br>
<br>
With the goal to achieve a high level of maturity and to pass a<br>
successful certification process concerning ICANNs ISMS.<br>
<br>
Best,<br>
<br>
- Boban.<br>
<br>
<br>
<br>
Am 14.05.17 um 17:08 schrieb Karen Mulberry:<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt">Dear SSR2 Review Team,<br>
<br>
Per the discussion this afternoon on next steps, I have created a Google Drive for the SSR2 Review Team to place their collaborative materials.<br>
<br>
Here is the link to the Folder where I have created a Google Doc for you to add your areas of interest or topics for tomorrow’s planning discussion.<span style="font-family:PMingLiU"><br>
</span><a href="https://drive.google.com/drive/folders/0B_IP1b20BSBUcndyOFVpbEZKbTQ?usp=sharing">https://drive.google.com/drive/folders/0B_IP1b20BSBUcndyOFVpbEZKbTQ?usp=sharing</a><br>
<br>
Sincerely,<br>
<br>
Karen Mulberry<br>
Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)<br>
ICANN<br>
12025 Waterfront Dr., Suite 300<br>
Los Angeles, CA 90094<br>
Phone: +1 424 353 9745<br>
<br>
<br>
<br>
_______________________________________________<br>
Ssr2-review mailing list<br>
Ssr2-review@icann.org<br>
https://mm.icann.org/mailman/listinfo/ssr2-review<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
<br>
-- <br>
<br>
Boban Kršić<span style="font-family:PMingLiU"><br>
</span>Chief Information Security Officer<span style="font-family:PMingLiU"><br>
<br>
</span>DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY<span style="font-family:PMingLiU"><br>
<br>
</span>E-Mail: <a href="mailto:krsic@denic.de">krsic@denic.de</a>, Fon: +49 69 272 35-120, Fax: -248<br>
Mobil: +49 172 67 61 671<br>
<a href="https://www.denic.de">https://www.denic.de</a><br>
<br>
X.509 Key-ID: 00A54FCB79884413A4<br>
Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716<br>
<br>
PGP Key-ID: 0x43C89BA9<br>
Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9<br>
<br>
Angaben nach § 25a Absatz 1 GenG:<span style="font-family:PMingLiU"><br>
</span>DENIC eG (Sitz: Frankfurt am Main)<span style="font-family:PMingLiU"><br>
</span>Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg<span style="font-family:PMingLiU"><br>
</span>Schweiger<span style="font-family:PMingLiU"><br>
</span>Vorsitzender des Aufsichtsrats: Thomas Keller<br>
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht<br>
Frankfurt am Main<br>
_______________________________________________<br>
Ssr2-review mailing list<br>
Ssr2-review@icann.org<br>
https://mm.icann.org/mailman/listinfo/ssr2-review<o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>