<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Sylfaen;
panose-1:1 10 5 2 5 3 6 3 3 3;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Sylfaen",serif;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Sylfaen",serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText">Hi All - <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Here is the doodle poll for Subtopic #2 – ICANN Security per the request below -
<a name="participationLink"></a><a href="http://doodle.com/poll/wur7y58kse7p5ucb"><span style="color:blue">http://doodle.com/poll/wur7y58kse7p5ucb</span></a> - please reply by Monday, June 12th @ 1900 UTC.<b> <o:p></o:p></b></p>
<p class="MsoPlainText">Thank you!<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Kind Regards, <o:p></o:p></p>
<p class="MsoPlainText">Yvette Guigneaux<o:p></o:p></p>
<p class="MsoPlainText">(MSSI) Multistakeholder Strategy & Strategic Initiatives <o:p>
</o:p></p>
<p class="MsoPlainText">Projects & Operations Assistant.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">ICANN – Internet Corporation for Assigned Names and Numbers<o:p></o:p></p>
<p class="MsoPlainText">Email: yvette.guigneaux@icann.org<o:p></o:p></p>
<p class="MsoPlainText">Cell: +1-310-460-8432<o:p></o:p></p>
<p class="MsoPlainText">Skype: yvette.guigneaux.icann<o:p></o:p></p>
<p class="MsoPlainText">www.icann.org<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">-----Original Message-----<br>
From: ssr2-review-bounces@icann.org [mailto:ssr2-review-bounces@icann.org] On Behalf Of Boban Krsic<br>
Sent: Thursday, June 08, 2017 8:13 AM<br>
To: SSR2 <ssr2-review@icann.org><br>
Subject: Re: [Ssr2-review] Work plan (draft) Sub Team 2 – ICANN Security</p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Dear All,<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">{and especially team members of sub topic 2 – ICANN Security}<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">just talked to Kerry-Ann regarding a follow up on this issue. We propose to organize an additional online meeting in the next two weeks to define a scope and identify which domains of both standards are applicable to our scope for a
gap analysis and which are not. It would be great if you could assist and participate on this.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">@Jennifer<o:p></o:p></p>
<p class="MsoPlainText">Could you please setting up a doodle survey to find a common 2-hour slot in the next 10 working days?<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Thanks and all the best,<o:p></o:p></p>
<p class="MsoPlainText">Boban.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Am 05.06.17 um 22:45 schrieb Barrett, Kerry-Ann:<o:p></o:p></p>
<p class="MsoPlainText">> Dear Boban<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Thanks in advance for preparing this. We should decide if we set up a meeting with the sub-team to discuss and set deadlines for feedback and comments before that meeting.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Sincerely,<o:p></o:p></p>
<p class="MsoPlainText">> Kerry-Ann Barrett<o:p></o:p></p>
<p class="MsoPlainText">> Cyber Security Policy Specialist<o:p></o:p></p>
<p class="MsoPlainText">> Inter-American Committee against Terrorism Secretariat for
<o:p></o:p></p>
<p class="MsoPlainText">> Multidimensional Security Organization of American States<o:p></o:p></p>
<p class="MsoPlainText">> 1889 F Street N.W., Washington, D.C. 20006 T. 202-370-4675 F.
<o:p></o:p></p>
<p class="MsoPlainText">> 202-458-3857 <a href="mailto:kabarrett@oas.org"><span style="color:windowtext;text-decoration:none">kabarrett@oas.org</span></a>
<a href="http://www.oas.org/cyber"><span style="color:windowtext;text-decoration:none">www.oas.org/cyber</span></a> Register to our
<o:p></o:p></p>
<p class="MsoPlainText">> distribution list here!<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <a href="mailto:ssr2-review-bounces@icann.org"><span style="color:windowtext;text-decoration:none">ssr2-review-bounces@icann.org</span></a>
<o:p></o:p></p>
<p class="MsoPlainText">> [<a href="mailto:ssr2-review-bounces@icann.org"><span style="color:windowtext;text-decoration:none">mailto:ssr2-review-bounces@icann.org</span></a>] On Behalf Of Jennifer Bryce<o:p></o:p></p>
<p class="MsoPlainText">> Sent: Monday, June 5, 2017 11:45 AM<o:p></o:p></p>
<p class="MsoPlainText">> To: Boban Krsic <<a href="mailto:krsic@denic.de"><span style="color:windowtext;text-decoration:none">krsic@denic.de</span></a>>; SSR2 <<a href="mailto:ssr2-review@icann.org"><span style="color:windowtext;text-decoration:none">ssr2-review@icann.org</span></a>><o:p></o:p></p>
<p class="MsoPlainText">> Subject: [EXT] Re: [Ssr2-review] Work plan (draft) Sub Team 2 – ICANN
<o:p></o:p></p>
<p class="MsoPlainText">> Security<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Hi all,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> The Google doc version has been posted on the wiki here:
<a href="https://community.icann.org/pages/viewpage.action?pageId=64076120"><span style="color:windowtext;text-decoration:none">https://community.icann.org/pages/viewpage.action?pageId=64076120</span></a> . RT members have editing rights.
<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Best,<o:p></o:p></p>
<p class="MsoPlainText">> Jennifer<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">> From: <<a href="mailto:ssr2-review-bounces@icann.org"><span style="color:windowtext;text-decoration:none">ssr2-review-bounces@icann.org</span></a>> on behalf of Boban Krsic
<o:p></o:p></p>
<p class="MsoPlainText">> <<a href="mailto:krsic@denic.de"><span style="color:windowtext;text-decoration:none">krsic@denic.de</span></a>><o:p></o:p></p>
<p class="MsoPlainText">> Date: Sunday, June 4, 2017 at 10:24 PM<o:p></o:p></p>
<p class="MsoPlainText">> To: SSR2 <<a href="mailto:ssr2-review@icann.org"><span style="color:windowtext;text-decoration:none">ssr2-review@icann.org</span></a>><o:p></o:p></p>
<p class="MsoPlainText">> Subject: [Ssr2-review] Work plan (draft) Sub Team 2 – ICANN Security<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Dear All,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Please find attached a first draft of a work plan for subteam 2 - ICANN<o:p></o:p></p>
<p class="MsoPlainText">> Security. I propose, that the basis for further development should be a<o:p></o:p></p>
<p class="MsoPlainText">> gap analysis (without any obligations to certify something) based on the<o:p></o:p></p>
<p class="MsoPlainText">> following two industrial standards: ISO/IEC 27001:2013 Information<o:p></o:p></p>
<p class="MsoPlainText">> Security Management Systems (ISMS) and ISO 22301:2012 Business<o:p></o:p></p>
<p class="MsoPlainText">> Continuity Management Systems (BCMS). With the use of both standards, we<o:p></o:p></p>
<p class="MsoPlainText">> should be able to address all relevant work items that we identified in<o:p></o:p></p>
<p class="MsoPlainText">> Madrid. For the beginning, I have created a simple MS Excel that<o:p></o:p></p>
<p class="MsoPlainText">> consists all relevant information for project planning and realization<o:p></o:p></p>
<p class="MsoPlainText">> of the gap analysis. The file contains a total of four sheets:<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> * Sheet1 (Workplan) contains the main key action steps, a description of<o:p></o:p></p>
<p class="MsoPlainText">> the action, expected outcome, evaluation methodology, required skill<o:p></o:p></p>
<p class="MsoPlainText">> set, responsible person, proposed timeline, and finally a reference to<o:p></o:p></p>
<p class="MsoPlainText">> Madrid’s work item list. The list is not finished and needs to be<o:p></o:p></p>
<p class="MsoPlainText">> completed.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> * Sheet2 (Checklist 27001) contains 32 questions to address all relevant<o:p></o:p></p>
<p class="MsoPlainText">> requirements of the main part of a ISMS based on ISO/IEC 27001. With the<o:p></o:p></p>
<p class="MsoPlainText">> checklist, we are able to evaluate the following category groups:<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> * Scope, relevant parties (stakeholder)<o:p></o:p></p>
<p class="MsoPlainText">> * Leadership, roles and responsibilities<o:p></o:p></p>
<p class="MsoPlainText">> * Risk management and risk treatment<o:p></o:p></p>
<p class="MsoPlainText">> * Resources, competence, awareness and communication<o:p></o:p></p>
<p class="MsoPlainText">> * Performance evaluation, internal audit and management review<o:p></o:p></p>
<p class="MsoPlainText">> * Improvement of the ISMS<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> * Sheet3 (Checklist 27001 – Annex A) contains a list of 114 questions<o:p></o:p></p>
<p class="MsoPlainText">> based on the Annex A of ISO/IEC 27001. It is a list of security controls<o:p></o:p></p>
<p class="MsoPlainText">> (or safeguards) that are to be used to improve security of information.<o:p></o:p></p>
<p class="MsoPlainText">> The controls are structured, and the purpose of each of the 14 sections<o:p></o:p></p>
<p class="MsoPlainText">> from Annex A [1]:<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> * Information security policies - controls how to write and<o:p></o:p></p>
<p class="MsoPlainText">> review policies<o:p></o:p></p>
<p class="MsoPlainText">> * Organization of information security – controls on how the<o:p></o:p></p>
<p class="MsoPlainText">> responsibilities are assigned<o:p></o:p></p>
<p class="MsoPlainText">> * Human resources security – controls affecting the employment<o:p></o:p></p>
<p class="MsoPlainText">> * Asset management – controls related to inventory of assets and<o:p></o:p></p>
<p class="MsoPlainText">> acceptable use, also for information classification and media handling<o:p></o:p></p>
<p class="MsoPlainText">> * Access control – controls for Access control policy, user access<o:p></o:p></p>
<p class="MsoPlainText">> management, system and application access control, and user responsibilities<o:p></o:p></p>
<p class="MsoPlainText">> * Cryptography – controls related to encryption and key management<o:p></o:p></p>
<p class="MsoPlainText">> * Physical and environmental security – controls defining secure<o:p></o:p></p>
<p class="MsoPlainText">> areas, entry controls, protection against threats, equipment security,<o:p></o:p></p>
<p class="MsoPlainText">> secure disposal, clear desk and clear screen policy, etc.<o:p></o:p></p>
<p class="MsoPlainText">> * Operational security – lots of controls related to management of IT<o:p></o:p></p>
<p class="MsoPlainText">> production: change management, capacity management, malware, backup,<o:p></o:p></p>
<p class="MsoPlainText">> logging, monitoring, installation, vulnerabilities<o:p></o:p></p>
<p class="MsoPlainText">> * Communications security – controls related to network security,<o:p></o:p></p>
<p class="MsoPlainText">> segregation, network services, transfer of information, messaging, etc.<o:p></o:p></p>
<p class="MsoPlainText">> * System acquisition, development and maintenance – controls<o:p></o:p></p>
<p class="MsoPlainText">> defining security requirements and security in development and support<o:p></o:p></p>
<p class="MsoPlainText">> processes<o:p></o:p></p>
<p class="MsoPlainText">> * Supplier relationships – controls on what to include in<o:p></o:p></p>
<p class="MsoPlainText">> agreements, and how to monitor the suppliers<o:p></o:p></p>
<p class="MsoPlainText">> * Information security incident management – controls for<o:p></o:p></p>
<p class="MsoPlainText">> reporting events and weaknesses, defining responsibilities, response<o:p></o:p></p>
<p class="MsoPlainText">> procedures, and collection of evidence<o:p></o:p></p>
<p class="MsoPlainText">> * Information security aspects of business continuity management –<o:p></o:p></p>
<p class="MsoPlainText">> controls requiring the planning of business continuity, procedures,<o:p></o:p></p>
<p class="MsoPlainText">> verification and reviewing, and IT redundancy<o:p></o:p></p>
<p class="MsoPlainText">> * Compliance – controls requiring the identification of applicable laws<o:p></o:p></p>
<p class="MsoPlainText">> and regulations, intellectual property protection, personal data<o:p></o:p></p>
<p class="MsoPlainText">> protection, and reviews of information security<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> * Sheet4 (Checklist 22301) similar to sheet1 but with a focus on<o:p></o:p></p>
<p class="MsoPlainText">> Business Continuity Management. The checklist contains a list of 90<o:p></o:p></p>
<p class="MsoPlainText">> questions to address all relevant requirements of a BCMS based on ISO<o:p></o:p></p>
<p class="MsoPlainText">> 22301. With the checklist, we are able to evaluate the following<o:p></o:p></p>
<p class="MsoPlainText">> category groups:<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> * Scope, supply chain, l&r requirements and assurance<o:p></o:p></p>
<p class="MsoPlainText">> * Leadership, roles and responsibilities<o:p></o:p></p>
<p class="MsoPlainText">> * Risks and opportunities<o:p></o:p></p>
<p class="MsoPlainText">> * Business continuity objectives and plans to achieve them<o:p></o:p></p>
<p class="MsoPlainText">> * Human resources, competence and training and awareness<o:p></o:p></p>
<p class="MsoPlainText">> * Communication and documentation<o:p></o:p></p>
<p class="MsoPlainText">> * Operational planning and control<o:p></o:p></p>
<p class="MsoPlainText">> * Business Impact Analysis (BIA) and Risk Assessment<o:p></o:p></p>
<p class="MsoPlainText">> * Business continuity strategy / Resource recovery strategy<o:p></o:p></p>
<p class="MsoPlainText">> * Incident response structure<o:p></o:p></p>
<p class="MsoPlainText">> * Business continuity plans<o:p></o:p></p>
<p class="MsoPlainText">> * Monitoring, measurement, analysis and evaluation<o:p></o:p></p>
<p class="MsoPlainText">> * Internal audit and management review<o:p></o:p></p>
<p class="MsoPlainText">> * Improvement of the BCMS<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> I am using a similar list for my annually internal audits at DENIC.<o:p></o:p></p>
<p class="MsoPlainText">> Altogether I would expect a total effort of approx. 15-20 m/d to perform<o:p></o:p></p>
<p class="MsoPlainText">> key action steps 1.0 and 2.0. External consultants are also possible and<o:p></o:p></p>
<p class="MsoPlainText">> in my view a good option.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Jennifer, it would be great if you could import the file to google docs<o:p></o:p></p>
<p class="MsoPlainText">> and share the link for editing purposes.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Any feedback on this would be great.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Regards,<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> - Boban.<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> [1]<a href="https://advisera.com/27001academy/knowledgebase/overview-of-iso-270"><span style="color:windowtext;text-decoration:none">https://advisera.com/27001academy/knowledgebase/overview-of-iso-270</span></a><o:p></o:p></p>
<p class="MsoPlainText">> 012013-annex-a/<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> --<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Boban Kršić<o:p></o:p></p>
<p class="MsoPlainText">> Chief Information Security Officer<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> E-Mail: <a href="mailto:krsic@denic.de"><span style="color:windowtext;text-decoration:none">krsic@denic.de</span></a>, Fon: +49 69 272 35-120, Fax: -248<o:p></o:p></p>
<p class="MsoPlainText">> Mobil: +49 172 67 61 671<o:p></o:p></p>
<p class="MsoPlainText">> <a href="https://www.denic.de"><span style="color:windowtext;text-decoration:none">https://www.denic.de</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> X.509 Key-ID: 00A54FCB79884413A4<o:p></o:p></p>
<p class="MsoPlainText">> Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> PGP Key-ID: 0x43C89BA9<o:p></o:p></p>
<p class="MsoPlainText">> Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> Angaben nach § 25a Absatz 1 GenG:<o:p></o:p></p>
<p class="MsoPlainText">> DENIC eG (Sitz: Frankfurt am Main)<o:p></o:p></p>
<p class="MsoPlainText">> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg<o:p></o:p></p>
<p class="MsoPlainText">> Schweiger<o:p></o:p></p>
<p class="MsoPlainText">> Vorsitzender des Aufsichtsrats: Thomas Keller<o:p></o:p></p>
<p class="MsoPlainText">> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht<o:p></o:p></p>
<p class="MsoPlainText">> Frankfurt am Main<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> _______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">> Ssr2-review mailing list<o:p></o:p></p>
<p class="MsoPlainText">> <a href="mailto:Ssr2-review@icann.org"><span style="color:windowtext;text-decoration:none">Ssr2-review@icann.org</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <a href="https://mm.icann.org/mailman/listinfo/ssr2-review">
<span style="color:windowtext;text-decoration:none">https://mm.icann.org/mailman/listinfo/ssr2-review</span></a><o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">-- <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Boban Kršić<o:p></o:p></p>
<p class="MsoPlainText">Chief Information Security Officer<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">E-Mail: <a href="mailto:krsic@denic.de"><span style="color:windowtext;text-decoration:none">krsic@denic.de</span></a>, Fon: +49 69 272 35-120, Fax: -248<o:p></o:p></p>
<p class="MsoPlainText">Mobil: +49 172 67 61 671<o:p></o:p></p>
<p class="MsoPlainText"><a href="https://www.denic.de"><span style="color:windowtext;text-decoration:none">https://www.denic.de</span></a><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">X.509 Key-ID: 00A54FCB79884413A4<o:p></o:p></p>
<p class="MsoPlainText">Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">PGP Key-ID: 0x43C89BA9<o:p></o:p></p>
<p class="MsoPlainText">Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Angaben nach § 25a Absatz 1 GenG:<o:p></o:p></p>
<p class="MsoPlainText">DENIC eG (Sitz: Frankfurt am Main)<o:p></o:p></p>
<p class="MsoPlainText">Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
</div>
</body>
</html>