<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:595.0pt 842.0pt;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText">Hi Boban, all,</p>
<p class="MsoPlainText"><br>
We would like to socialize the summary of the ICANN SSR subgroup meeting last week in LA, provided in the email below, as it gives a nice overview of the meeting. To do so we would like to post it on the
<a href="https://community.icann.org/pages/viewpage.action?pageId=69277737">meeting page</a> of the wiki and add it to the ‘Key News and Updates’ section of the wiki
<a href="https://community.icann.org/display/SSR/SSR2+Review">home page</a>. This will allow us to link back to the summary in upcoming outreach communications regarding SSR2 and other reviews.
</p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Please let us know if you have any objections to this approach.</p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Best,</p>
<p class="MsoPlainText">Jennifer<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">-----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText">From: <ssr2-review-bounces@icann.org> on behalf of Boban Krsic <krsic@denic.de><o:p></o:p></p>
<p class="MsoPlainText">Date: Thursday, October 12, 2017 at 3:51 PM<o:p></o:p></p>
<p class="MsoPlainText">To: SSR2 <SSR2-review@icann.org><o:p></o:p></p>
<p class="MsoPlainText">Subject: [Ssr2-review] Subgroup ICANN SSR: Fact-Finding Meeting 9-10 Oct. in LA<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> Dear all,<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> The ICANN SSR Subgroup had a very productive two-day, fact-finding<o:p></o:p></p>
<p class="MsoPlainText"> meeting at ICANN headquarter. The subgroup met with a number of ICANN<o:p></o:p></p>
<p class="MsoPlainText"> staff subject matter experts (SME) and discussed a range of issues<o:p></o:p></p>
<p class="MsoPlainText"> relating to the completeness and effectiveness of ICANN’s security<o:p></o:p></p>
<p class="MsoPlainText"> processes and the effectiveness of the ICANN security framework<o:p></o:p></p>
<p class="MsoPlainText"> (including activities connected to the SSR2 ToR and implementation of<o:p></o:p></p>
<p class="MsoPlainText"> SSR1 recommendations). Topics were covered to varying degrees of detail<o:p></o:p></p>
<p class="MsoPlainText"> as warranted; some topics were covered sufficiently and some will<o:p></o:p></p>
<p class="MsoPlainText"> require follow-on discussions.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> The subgroup will update its contribution to the SSR2 work plan and post<o:p></o:p></p>
<p class="MsoPlainText"> more fulsome documentation of how the subgroup’s work has advanced and<o:p></o:p></p>
<p class="MsoPlainText"> issues that we’re preparing to bring to the full SSR2 Team for<o:p></o:p></p>
<p class="MsoPlainText"> consideration. Note that some topics/discussions will be<o:p></o:p></p>
<p class="MsoPlainText"> cross-referenced for other SSR2 subgroups (e.g. Security Framework and<o:p></o:p></p>
<p class="MsoPlainText"> emerging threats apply to the Future Challenges Subgroup).<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> Meanwhile, here’s a high-level summary of the fact-finding meeting. The<o:p></o:p></p>
<p class="MsoPlainText"> subgroup reviewed, submitted questions & information requests about, and<o:p></o:p></p>
<p class="MsoPlainText"> discussed early observations about:<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> * ICANN’s Security Framework and emerging threats<o:p></o:p></p>
<p class="MsoPlainText"> * ICANN’s Risk Management Framework<o:p></o:p></p>
<p class="MsoPlainText"> * ICANN’s Business Continuity strategies, objectives, plans and procedures<o:p></o:p></p>
<p class="MsoPlainText"> * ICANN’s operational planning and controls, and prioritized activity<o:p></o:p></p>
<p class="MsoPlainText"> recovery strategy<o:p></o:p></p>
<p class="MsoPlainText"> * ICANN’s Incident Response Structure<o:p></o:p></p>
<p class="MsoPlainText"> * ICANN’s root server operations<o:p></o:p></p>
<p class="MsoPlainText"> * ICANN’s Domain Division activities that relate to SSR objectives,<o:p></o:p></p>
<p class="MsoPlainText"> including:<o:p></o:p></p>
<p class="MsoPlainText"> * New gTLD program SSR-related safeguards<o:p></o:p></p>
<p class="MsoPlainText"> * Emergency Back-End Registry Operator (EBERO), and related processes,<o:p></o:p></p>
<p class="MsoPlainText"> and testing<o:p></o:p></p>
<p class="MsoPlainText"> * Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA)<o:p></o:p></p>
<p class="MsoPlainText"> * Centralized Zone Data Service (CZDS) compliance, failures, plans<o:p></o:p></p>
<p class="MsoPlainText"> * Vetting of registrar and registry operators as relates to SSR, and<o:p></o:p></p>
<p class="MsoPlainText"> measurement & impact of malicious conduct by contracted parties, data<o:p></o:p></p>
<p class="MsoPlainText"> breaches, etc.<o:p></o:p></p>
<p class="MsoPlainText"> * SLA Monitoring System (SLAM)<o:p></o:p></p>
<p class="MsoPlainText"> * Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS<o:p></o:p></p>
<p class="MsoPlainText"> Abuse & Domain Abuse Activity Reporting)<o:p></o:p></p>
<p class="MsoPlainText"> * SSR objectives in ICANN’S standard operating procedures (SOP).<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> As rapporteur and member of the subgroup ICANN SSR I would like to thank<o:p></o:p></p>
<p class="MsoPlainText"> all SSRT2 members, ICANN staff and SME's for investing their time,<o:p></o:p></p>
<p class="MsoPlainText"> preparing and attend at the meeting in LA.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> Thank you very much - we have taken a significant step forward in our<o:p></o:p></p>
<p class="MsoPlainText"> subgroup and our related topics.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> Best regrads,<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> - Boban.<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> -- <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> Boban Kršić<o:p></o:p></p>
<p class="MsoPlainText"> Chief Information Security Officer<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248<o:p></o:p></p>
<p class="MsoPlainText"> Mobil: +49 172 67 61 671<o:p></o:p></p>
<p class="MsoPlainText"> https://www.denic.de<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> X.509 Key-ID: 00A54FCB79884413A4<o:p></o:p></p>
<p class="MsoPlainText"> Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> PGP Key-ID: 0x43C89BA9<o:p></o:p></p>
<p class="MsoPlainText"> Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> Angaben nach § 25a Absatz 1 GenG:<o:p></o:p></p>
<p class="MsoPlainText"> DENIC eG (Sitz: Frankfurt am Main)<o:p></o:p></p>
<p class="MsoPlainText"> Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg<o:p></o:p></p>
<p class="MsoPlainText"> Schweiger<o:p></o:p></p>
<p class="MsoPlainText"> Vorsitzender des Aufsichtsrats: Thomas Keller<o:p></o:p></p>
<p class="MsoPlainText"> Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht<o:p></o:p></p>
<p class="MsoPlainText"> Frankfurt am Main<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
</div>
</body>
</html>