[Ssr2-review] Perform an assessment of ICANN's Information Security Management System.

Russ Housley housley at vigilsec.com
Thu May 2 15:41:38 UTC 2019 

Matogoro:

Yes, this could be a follow-on to the SSR1 recommendations, but if it deviates in some way from the original SSR1 recommendation, then it belonds in a different section.

Russ


> On May 2, 2019, at 12:45 AM, Matogoro Jabera <jaberamatogoro at gmail.com> wrote:
> 
> Dear Russ,
> 
> This question seems to be widely discussed in the literature. We may need to have a broad discussion before drafting a recommendation on it. If it happen we have something that improve the SSR1 recommendation on the certification. 
> 
> 
> Regards,
> Matogoro 
> 
> On Wed, 1 May 2019, 23:32 Russ Housley, <housley at vigilsec.com <mailto:housley at vigilsec.com>> wrote:
> Scott and Matagoro:
> 
> I personally like the way that NIST CSF maps to the organizations mission statement.  That seems like very pragmatic approach to me.  I realize that it is not an ISO standard, but I cannot fault any organization for choosing NIST CSF as a way to make sure that the things that really matter to the organization are being addressed.
> 
> Do you see things differently?
> 
> Russ
> 
> 
>> On May 1, 2019, at 4:13 PM, Scott McCormick via Ssr2-review <ssr2-review at icann.org <mailto:ssr2-review at icann.org>> wrote:
>> 
>> Hi Matogoro,
>> From the response on compliance frameworks ICANN does not prescribe to ISO 27001 ISMS.  They are moving forward with NIST CSF as their standard, however ISMS is an ISO definition.  Feel free to draft a response.
>> 
>> -Scott
>> Scott McCormick
>> Security Compliance
>> mobile 443.691.2013
>> smccormick at hackerone.com <mailto:smccormick at hackerone.com>
>>  <https://www.hackerone.com/>
>> 
>> Check out the 2018 Hacker Powered Security Report <https://www.hackerone.com/sites/default/files/2018-07/The%20Hacker-Powered%20Security%20Report%202018.pdf>
>>  <https://www.linkedin.com/company/hackerone>  <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131fc28be581b4bff2ca67fb/01d7a328dc464e0519e7eeb20aae62ee/twitter.com/hacker0x01>  <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131fc28be581b4bff2ca67fb/e2e4bd1be597154a7d7cb6695eba218f/facebook.com/hacker0x01>
>> 
>> On Thu, Apr 25, 2019 at 5:17 AM Matogoro Jabera <jaberamatogoro at gmail.com <mailto:jaberamatogoro at gmail.com>> wrote:
>> Dear Alain,
>> 
>> Thank you for this updates. I am waiting for Noorul to see if he has something to share. Otherwise, I am allocating my effort to develop zero draft for your review and input.
>> 
>> Regards,
>> MATOGORO Jabhera
>> Assistant Lecturer
>> College of Informatics and Virtual Education
>> The University of Dodoma
>> P.O Box 490,
>> Dodoma.
>> Website: www.udom.ac.tz <http://www.udom.ac.tz/>
>> IEEE Membership ID: 93934185
>> 
>> 
>> On Thu, Apr 25, 2019 at 4:19 AM ALAIN AINA <aalain at trstech.net <mailto:aalain at trstech.net>> wrote:
>> Matogoro,
>> 
>> I have nothing. After the DNS crypto, i am now working on the L-root practices.. 
>> 
>> —Alain
>> 
>> > On 25 Apr 2019, at 08:01, Matogoro Jabera <jaberamatogoro at gmail.com <mailto:jaberamatogoro at gmail.com>> wrote:
>> > 
>> > Dear Alain, Dear Noorul,
>> > 
>> > It is my hope that this email will find you doing fine. I am writing
>> > as a follow-up on any status regarding our topic - Perform an
>> > assessment of ICANN's Information Security Management System.
>> > 
>> > Please let me know if you have something already. Otherwise, I would
>> > be happy to write something later today and share it back by next week
>> > for your quick review.
>> > 
>> > 
>> > Regards,
>> > -- 
>> > MATOGORO Jabhera
>> > Assistant Lecturer
>> > College of Informatics and Virtual Education
>> > The University of Dodoma
>> > P.O Box 490,
>> > Dodoma.
>> > Website: www.udom.ac.tz <http://www.udom.ac.tz/>
>> > *IEEE Membership ID: 93934185*
>> 
>> _______________________________________________
>> Ssr2-review mailing list
>> Ssr2-review at icann.org <mailto:Ssr2-review at icann.org>
>> https://mm.icann.org/mailman/listinfo/ssr2-review <https://mm.icann.org/mailman/listinfo/ssr2-review>
>> _______________________________________________
>> Ssr2-review mailing list
>> Ssr2-review at icann.org <mailto:Ssr2-review at icann.org>
>> https://mm.icann.org/mailman/listinfo/ssr2-review <https://mm.icann.org/mailman/listinfo/ssr2-review>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20190502/b186da2d/attachment.html>

More information about the Ssr2-review mailing list