[RSSAC Caucus] [SPAM] Re: Security Incident Reporting and c-root incident
Robert Story
rstory at ant.isi.edu
Thu May 23 13:00:07 UTC 2024
On Wed 2024-05-22 17:51:54-0600 Paul wrote:
> ebersman> That includes incident reports where the material outage was
> ebersman> highly possible but averted.
>
> rstory> That's not what the conclusion has been by the work party so far
> rstory> for this particular document. Feel free to join in on the fun
> rstory> and convince folks otherwise!
>
> Every ops job I've ever had, I valued anything that told me what worked
> and what didn't work.
>
> Metrics and measurement are a key part of the RSOs'
> responsibility. Surely such incident reports are a valuable metric.
Yes, they are. But the scope of work for this document is for reporting on
security incidents that had a material impact on the RSS. Possible or averted
events are out of scope for this work party.
Also, the document explicitly states that RSO(s) may publish reports of their
own for any type of event. So regardless of whether or not a RSO decided to
submit a security incident report to the future RSS governance system, it
could independently publish an incident or after action report.
Regards,
Robert
USC Information Sciences Institute <http://www.isi.edu/>
Networking and Cybersecurity Division
More information about the rssac-caucus
mailing list