<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div>Matogoro:</div><div><br class=""></div><div>Yes, this could be a follow-on to the SSR1 recommendations, but if it deviates in some way from the original SSR1 recommendation, then it belonds in a different section.</div><div><br class=""></div><div>Russ</div><div><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">On May 2, 2019, at 12:45 AM, Matogoro Jabera <<a href="mailto:jaberamatogoro@gmail.com" class="">jaberamatogoro@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="auto" class="">Dear Russ,<div dir="auto" class=""><br class=""></div><div dir="auto" class="">This question seems to be widely discussed in the literature. We may need to have a broad discussion before drafting a recommendation on it. If it happen we have something that improve the SSR1 recommendation on the certification. </div><div dir="auto" class=""><br class=""></div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">Regards,</div><div dir="auto" class="">Matogoro </div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Wed, 1 May 2019, 23:32 Russ Housley, <<a href="mailto:housley@vigilsec.com" class="">housley@vigilsec.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word;line-break:after-white-space" class="">Scott and Matagoro:<div class=""><br class=""></div><div class="">I personally like the way that NIST CSF maps to the organizations mission statement.  That seems like very pragmatic approach to me.  I realize that it is not an ISO standard, but I cannot fault any organization for choosing NIST CSF as a way to make sure that the things that really matter to the organization are being addressed.</div><div class=""><br class=""></div><div class="">Do you see things differently?</div><div class=""><br class=""></div><div class="">Russ</div><div class=""><br class=""><div class=""><br class=""><blockquote type="cite" class=""><div class="">On May 1, 2019, at 4:13 PM, Scott McCormick via Ssr2-review <<a href="mailto:ssr2-review@icann.org" target="_blank" rel="noreferrer" class="">ssr2-review@icann.org</a>> wrote:</div><br class="m_-1287971793928631239Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hi Matogoro,<div class="">From the response on compliance frameworks ICANN does not prescribe to ISO 27001 ISMS.  They are moving forward with NIST CSF as their standard, however ISMS is an ISO definition.  Feel free to draft a response.</div><div class=""><br clear="all" class=""><div class=""><div dir="ltr" class="m_-1287971793928631239gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div dir="ltr" class="">-Scott<div class=""><div style="margin:0px;padding:0px 0px 20px;width:1062px;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:inherit" class=""><div style="font-size:12.8px;margin:8px 0px 0px;padding:0px" class=""><div dir="ltr" class=""><span class=""><font color="#888888" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class=""><strong style="font-family:helvetica,arial,sans-serif;font-size:13px;line-height:1.3" class="">Scott McCormick</strong><br class=""></div><div class=""><span style="font-size:13px;font-family:helvetica,arial,sans-serif;line-height:1.3" class="">Security Compliance</span></div><div class=""><span style="font-size:13px;font-family:helvetica,arial,sans-serif;line-height:1.3" class="">mobile 443.691.2013</span></div><div class=""><span style="font-size:13px;font-family:helvetica,arial,sans-serif;line-height:1.3" class=""><a href="mailto:smccormick@hackerone.com" target="_blank" rel="noreferrer" class="">smccormick@hackerone.com</a><br class=""></span></div><div class=""><span style="font-size:13px;font-family:helvetica,arial,sans-serif;line-height:1.3" class=""><a href="https://www.hackerone.com/" target="_blank" rel="noreferrer" class=""><img src="https://www.hackerone.com/sites/default/files/2017-06/HackerOne.png" width="96" height="18" class=""></a></span></div><div class=""><br class=""></div><div class=""><div style="color:rgb(80,0,80);font-family:Arial,Helvetica,sans-serif;font-size:small" class=""><div class=""><div class=""><b class=""><i class=""><font color="#999999" class="">Check out the 2018 <a href="https://www.hackerone.com/sites/default/files/2018-07/The%20Hacker-Powered%20Security%20Report%202018.pdf" style="color:rgb(17,85,204)" target="_blank" rel="noreferrer" class="">Hacker Powered Security Report</a></font></i></b></div></div><div class=""><font color="#999999" class=""><a href="https://www.linkedin.com/company/hackerone" style="color:rgb(17,85,204);font-family:arial,helvetica,sans-serif;white-space:pre-wrap" target="_blank" rel="noreferrer" class=""><img src="https://lh5.googleusercontent.com/l72v8gzfiQ8LSSzXf0gUAeKF7MLumVN5STPAGhbKpthTe809JAt_lY5SBk5V1ZHPJwXx-LHc-qGF6SX6GLqERGkDpS6_rIumcDZRwKya_XY4Iv_KV94DOTdMuwP14dmuR-H61ei4" width="20" height="20" alt="linkedin3.png" style="border:none" class=""></a> <span style="background-color:transparent;font-family:arial;vertical-align:baseline;white-space:pre-wrap" class=""><a href="http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131fc28be581b4bff2ca67fb/01d7a328dc464e0519e7eeb20aae62ee/twitter.com/hacker0x01" style="color:rgb(17,85,204)" target="_blank" rel="noreferrer" class=""><img src="https://lh6.googleusercontent.com/44mwwDB55iBGC3OfXGidhFNZrv1ht36Y5tTLEOndITZhzh6yTYsrLvYBMnBWwsI_7xQvX6KT-dtZq0klEe7YFb0AyEDJMzxwEkqWmGtY0u3KGQLyrWj0MF2mDFh9BwhvesH9rwDG" width="20" height="20" alt="twitter-xxl.png" style="border:none" class=""></a> </span><span style="background-color:transparent;font-family:arial;vertical-align:baseline;white-space:pre-wrap" class=""><a href="http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131fc28be581b4bff2ca67fb/e2e4bd1be597154a7d7cb6695eba218f/facebook.com/hacker0x01" style="color:rgb(17,85,204)" target="_blank" rel="noreferrer" class=""><img src="https://lh5.googleusercontent.com/saPeJzaTQbtANmN6IY0MjfyjQoKSw0DxgOhTnLZhQi9lACYbKn4V_OFeAhfeosTWWftz7lL2oGPHRxmVtI_ixVXZca8PlbhvMtymL9UpiBJ_z7ncqdkk-JyYaPbsGLAnQ6VE0oOI" width="20" height="20" alt="facebook-symbol_318-37686.jpg" style="border:none" class=""></a></span></font></div></div></div></div></div></div></font></span></div></div></div></div></div></div></div></div></div></div></div></div><br class=""></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Apr 25, 2019 at 5:17 AM Matogoro Jabera <<a href="mailto:jaberamatogoro@gmail.com" target="_blank" rel="noreferrer" class="">jaberamatogoro@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr" class=""><div class="gmail_default" style="color:rgb(61,133,198)">Dear Alain,</div><div class="gmail_default" style="color:rgb(61,133,198)"><br class=""></div><div class="gmail_default" style="color:rgb(61,133,198)">Thank you for this updates. I am waiting for Noorul to see if he has something to share. Otherwise, I am allocating my effort to develop zero draft for your review and input.</div><div class="gmail_default" style="color:rgb(61,133,198)"><br class=""></div><div class="gmail_default" style="color:rgb(61,133,198)">Regards,</div><div class=""><div dir="ltr" class="m_-1287971793928631239gmail-m_8733201488921783984gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class="">MATOGORO Jabhera<br class="">Assistant Lecturer<br class="">College of Informatics and Virtual Education<br class="">The University of Dodoma</div><div class="">P.O Box 490,</div><div class="">Dodoma.</div><div dir="ltr" class="">Website: <a href="http://www.udom.ac.tz/" style="font-size:12.8px" target="_blank" rel="noreferrer" class="">www.udom.ac.tz</a><br class=""><b class="">IEEE Membership ID:<font class=""><font face="Verdana, serif" class=""> <span style="font-family:arial,helvetica,sans-serif" class=""><font size="2" class="">93934185</font></span></font></font></b><br class=""></div></div></div></div></div></div></div><br class=""></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Apr 25, 2019 at 4:19 AM ALAIN AINA <<a href="mailto:aalain@trstech.net" target="_blank" rel="noreferrer" class="">aalain@trstech.net</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Matogoro,<br class="">
<br class="">
I have nothing. After the DNS crypto, i am now working on the L-root practices.. <br class="">
<br class="">
—Alain<br class="">
<br class="">
> On 25 Apr 2019, at 08:01, Matogoro Jabera <<a href="mailto:jaberamatogoro@gmail.com" target="_blank" rel="noreferrer" class="">jaberamatogoro@gmail.com</a>> wrote:<br class="">
> <br class="">
> Dear Alain, Dear Noorul,<br class="">
> <br class="">
> It is my hope that this email will find you doing fine. I am writing<br class="">
> as a follow-up on any status regarding our topic - Perform an<br class="">
> assessment of ICANN's Information Security Management System.<br class="">
> <br class="">
> Please let me know if you have something already. Otherwise, I would<br class="">
> be happy to write something later today and share it back by next week<br class="">
> for your quick review.<br class="">
> <br class="">
> <br class="">
> Regards,<br class="">
> -- <br class="">
> MATOGORO Jabhera<br class="">
> Assistant Lecturer<br class="">
> College of Informatics and Virtual Education<br class="">
> The University of Dodoma<br class="">
> P.O Box 490,<br class="">
> Dodoma.<br class="">
> Website: <a href="http://www.udom.ac.tz/" rel="noreferrer noreferrer" target="_blank" class="">www.udom.ac.tz</a><br class="">
> *IEEE Membership ID: 93934185*<br class="">
<br class="">
</blockquote></div>
_______________________________________________<br class="">
Ssr2-review mailing list<br class="">
<a href="mailto:Ssr2-review@icann.org" target="_blank" rel="noreferrer" class="">Ssr2-review@icann.org</a><br class="">
<a href="https://mm.icann.org/mailman/listinfo/ssr2-review" rel="noreferrer noreferrer" target="_blank" class="">https://mm.icann.org/mailman/listinfo/ssr2-review</a><br class="">
</blockquote></div>
_______________________________________________<br class="">Ssr2-review mailing list<br class=""><a href="mailto:Ssr2-review@icann.org" target="_blank" rel="noreferrer" class="">Ssr2-review@icann.org</a><br class=""><a href="https://mm.icann.org/mailman/listinfo/ssr2-review" target="_blank" rel="noreferrer" class="">https://mm.icann.org/mailman/listinfo/ssr2-review</a><br class=""></div></blockquote></div><br class=""></div></div></blockquote></div>
</div></blockquote></div><br class=""></body></html>