Scott and Matagoro: I personally like the way that NIST CSF maps to the organizations mission statement. That seems like very pragmatic approach to me. I realize that it is not an ISO standard, but I cannot fault any organization for choosing NIST CSF as a way to make sure that the things that really matter to the organization are being addressed. Do you see things differently? Russ
On May 1, 2019, at 4:13 PM, Scott McCormick via Ssr2-review <ssr2-review@icann.org> wrote:
Hi Matogoro, From the response on compliance frameworks ICANN does not prescribe to ISO 27001 ISMS. They are moving forward with NIST CSF as their standard, however ISMS is an ISO definition. Feel free to draft a response.
-Scott Scott McCormick Security Compliance mobile 443.691.2013 smccormick@hackerone.com <mailto:smccormick@hackerone.com> <https://www.hackerone.com/>
Check out the 2018 Hacker Powered Security Report <https://www.hackerone.com/sites/default/files/2018-07/The%20Hacker-Powered%2...> <https://www.linkedin.com/company/hackerone> <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...> <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...>
On Thu, Apr 25, 2019 at 5:17 AM Matogoro Jabera <jaberamatogoro@gmail.com <mailto:jaberamatogoro@gmail.com>> wrote: Dear Alain,
Thank you for this updates. I am waiting for Noorul to see if he has something to share. Otherwise, I am allocating my effort to develop zero draft for your review and input.
Regards, MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz <http://www.udom.ac.tz/> IEEE Membership ID: 93934185
On Thu, Apr 25, 2019 at 4:19 AM ALAIN AINA <aalain@trstech.net <mailto:aalain@trstech.net>> wrote: Matogoro,
I have nothing. After the DNS crypto, i am now working on the L-root practices..
—Alain
On 25 Apr 2019, at 08:01, Matogoro Jabera <jaberamatogoro@gmail.com <mailto:jaberamatogoro@gmail.com>> wrote:
Dear Alain, Dear Noorul,
It is my hope that this email will find you doing fine. I am writing as a follow-up on any status regarding our topic - Perform an assessment of ICANN's Information Security Management System.
Please let me know if you have something already. Otherwise, I would be happy to write something later today and share it back by next week for your quick review.
Regards, -- MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz <http://www.udom.ac.tz/> *IEEE Membership ID: 93934185*
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org <mailto:Ssr2-review@icann.org> https://mm.icann.org/mailman/listinfo/ssr2-review <https://mm.icann.org/mailman/listinfo/ssr2-review> _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review