Dear SSR2 RT members, Please find the agenda for tomorrow’s SSR2 plenary meeting below. Agenda: Thursday 8 November at 15:00 UTC 1. Welcome, roll call, SOI updates * Staff to provide update to team regarding the Jan/Feb 2019 face-to-face meeting 2. Address email thread re: SSR1 recommendations methodology (see emails here<https://mm.icann.org/pipermail/ssr2-review/2018-November/001314.html> and here<https://mm.icann.org/pipermail/ssr2-review/2018-November/001304.html>). 3. Work plan<https://docs.google.com/spreadsheets/d/1as7wZJ215HhNSmwEhXEPTWg_8AjlU7OOtzIz...> - confirm updated version is complete and will be sent to Board & SO/AC Chairs (work plan will be updated as needed) 4. Work stream report template - confirm team is happy with structure (attached, Eric’s proposed edit incorporated) 5. DNS SSR work stream discussion (work steam topics doc here<https://docs.google.com/document/d/1Eaj92r_ZbGBqO-2t3-tJv4Teqtix20Dly7C14XKj...> and DNS SSR topics here<https://docs.google.com/document/d/1KWvdcZ2g8hBxUzvzPqgzVmsT4RZ5CbIo-N2IpUUY...>) 6. AOB 7. Confirm action items / decisions reached Best, Jennifer -- Jennifer Bryce Senior Reviews Coordinator Internet Corporation for Assigned Names and Numbers (ICANN) Email: jennifer.bryce@icann.org Skype: jennifer.bryce.icann www.icann.org
Dear all, Unfortunately, I am not able to attend the conference call today due to traveling purposes. My apologies! On 07.11.18 12:00, Jennifer Bryce wrote:
2. Address email thread re: SSR1 recommendations methodology (see emails here<https://mm.icann.org/pipermail/ssr2-review/2018-November/001314.html> and here<https://mm.icann.org/pipermail/ssr2-review/2018-November/001304.html>).
Would really appreciate it!
3. Work plan<https://docs.google.com/spreadsheets/d/1as7wZJ215HhNSmwEhXEPTWg_8AjlU7OOtzIz...> - confirm updated version is complete and will be sent to Board & SO/AC Chairs (work plan will be updated as needed
No additions from my side.
4. Work stream report template - confirm team is happy with structure (attached, Eric’s proposed edit incorporated Confirmed, I am personally happy with it, but I can't speak for the entire team ;-)
As already mentioned, I will send the current status of ICANN SSR to the mailing list by next Monday. Best regards - Boban.
Hi all, On 08.11.18 14:31, Boban Krsic wrote:
As already mentioned, I will send the current status of ICANN SSR to the mailing list by next Monday.
okay, it's Wednesday, but here we go: As already mentioned, here is a short update on the current status of the WS2 ICANN SSR. All information about the last official task (F2F in Los Angeles, CA) can be found in the wiki at https://community.icann.org/pages/viewpage.action?pageId=69277737. For completeness here once again the summary of the meeting in LA: The ICANN SSR Subgroup had a very productive two-day, fact-finding meeting at ICANN headquarters in Los Angeles. The subgroup met with a number of ICANN staff subject matter experts and discussed a range of issues relating to the completeness and effectiveness of ICANN’s security processes and the effectiveness of the ICANN security framework (including activities connected to the SSR2 Terms of Reference and implementation of SSR1 recommendations). Topics were covered to varying degrees of detail as warranted; some topics were covered sufficiently and some will require follow-on discussions. The subgroup reviewed, submitted questions & information requests about, and discussed early observations about: * ICANN’s Security Framework and emerging threats * ICANN’s Risk Management Framework * ICANN’s Business Continuity strategies, objectives, plans and procedures * ICANN’s operational planning and controls, and prioritized activity recovery strategy * ICANN’s Incident Response Structure * ICANN’s root server operations * ICANN’s Global Domains Division activities that relate to SSR objectives, including: * New gTLD program SSR-related safeguards * Emergency Back-End Registry Operator (EBERO), and related processes, and testing * Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA) * Centralized Zone Data Service (CZDS) compliance, failures, plans * Vetting of registrar and registry operators as relates to SSR, and measurement & impact of malicious conduct by contracted parties, databreaches, etc. * SLA Monitoring System (SLAM) * Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS Abuse & Domain Abuse Activity Reporting) * SSR objectives in ICANN’S standard operating procedures (SOP). We started immediately in the meeting to bring the essential aspects to paper https://docs.google.com/document/d/145i1Q-ZXgsvuwpDIUi_jJt_WJlaCRoxBoh2vKtNv.... Unfortunately we couldn't finish the document because of the "pause-process". Now, after more than a year, remembering the results of the meeting is a very challenging task. But maybe we can use the document as a starting point to restart the task. As you can see, we have structured the above mentioned topics into seven groups. We assigned the team members among the individual groups, with the aim of parallel processing and taking into account the individual expertise of each SSR2 team member. The goal was to assign at least two persons to a topic-group. We used Trello https://trello.com/b/5Eu1ppuv/ssr2-subtopic-2-icann-ssr for the organization of the work. We can now stick to it, or just use the document referenced in the previous paragraph to organize the groups and work. In conclusion, the meeting was really effective and productive. Unfortunately, we haven't received a summary (transcript) of the meeting's content yet, as this task was taken over by the MSSI secretariat. Nor do we have any records or evidences. IMHO both are still outstanding. To those who have also been in LA: Please just add if I forgot something ;-) Thanks and best regards, Boban.
Hi Boban, The transcripts from the ICANN SSR meeting in LA were posted to the meeting page in the weeks following the meeting, here: https://community.icann.org/x/KRghB. A record of all the questions and answers related to the ICANN SSR work are posted to the workstream page of the wiki here: https://community.icann.org/x/KRghB. For any questions outstanding, the latest delivery date is included in the table. Please let us know if there are other items you consider to be outstanding, as noted in your email below. Best, Jennifer -----Original Message----- From: Ssr2-review <ssr2-review-bounces@icann.org> on behalf of Boban Krsic <krsic@denic.de> Date: Wednesday, November 14, 2018 at 5:28 AM To: "ssr2-review@icann.org" <ssr2-review@icann.org> Subject: Re: [Ssr2-review] SSR2 8 Nov agenda Hi all, On 08.11.18 14:31, Boban Krsic wrote: > As already mentioned, I will send the current status of ICANN SSR to the > mailing list by next Monday. okay, it's Wednesday, but here we go: As already mentioned, here is a short update on the current status of the WS2 ICANN SSR. All information about the last official task (F2F in Los Angeles, CA) can be found in the wiki at https://community.icann.org/pages/viewpage.action?pageId=69277737. For completeness here once again the summary of the meeting in LA: The ICANN SSR Subgroup had a very productive two-day, fact-finding meeting at ICANN headquarters in Los Angeles. The subgroup met with a number of ICANN staff subject matter experts and discussed a range of issues relating to the completeness and effectiveness of ICANN’s security processes and the effectiveness of the ICANN security framework (including activities connected to the SSR2 Terms of Reference and implementation of SSR1 recommendations). Topics were covered to varying degrees of detail as warranted; some topics were covered sufficiently and some will require follow-on discussions. The subgroup reviewed, submitted questions & information requests about, and discussed early observations about: * ICANN’s Security Framework and emerging threats * ICANN’s Risk Management Framework * ICANN’s Business Continuity strategies, objectives, plans and procedures * ICANN’s operational planning and controls, and prioritized activity recovery strategy * ICANN’s Incident Response Structure * ICANN’s root server operations * ICANN’s Global Domains Division activities that relate to SSR objectives, including: * New gTLD program SSR-related safeguards * Emergency Back-End Registry Operator (EBERO), and related processes, and testing * Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA) * Centralized Zone Data Service (CZDS) compliance, failures, plans * Vetting of registrar and registry operators as relates to SSR, and measurement & impact of malicious conduct by contracted parties, databreaches, etc. * SLA Monitoring System (SLAM) * Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS Abuse & Domain Abuse Activity Reporting) * SSR objectives in ICANN’S standard operating procedures (SOP). We started immediately in the meeting to bring the essential aspects to paper https://docs.google.com/document/d/145i1Q-ZXgsvuwpDIUi_jJt_WJlaCRoxBoh2vKtNv.... Unfortunately we couldn't finish the document because of the "pause-process". Now, after more than a year, remembering the results of the meeting is a very challenging task. But maybe we can use the document as a starting point to restart the task. As you can see, we have structured the above mentioned topics into seven groups. We assigned the team members among the individual groups, with the aim of parallel processing and taking into account the individual expertise of each SSR2 team member. The goal was to assign at least two persons to a topic-group. We used Trello https://trello.com/b/5Eu1ppuv/ssr2-subtopic-2-icann-ssr for the organization of the work. We can now stick to it, or just use the document referenced in the previous paragraph to organize the groups and work. In conclusion, the meeting was really effective and productive. Unfortunately, we haven't received a summary (transcript) of the meeting's content yet, as this task was taken over by the MSSI secretariat. Nor do we have any records or evidences. IMHO both are still outstanding. To those who have also been in LA: Please just add if I forgot something ;-) Thanks and best regards, Boban.
Awesome, missed that - my apologies! Thanks Jennifer! Cheers, - Boban. On 15.11.18 11:33, Jennifer Bryce wrote:
Hi Boban,
The transcripts from the ICANN SSR meeting in LA were posted to the meeting page in the weeks following the meeting, here: https://community.icann.org/x/KRghB.
A record of all the questions and answers related to the ICANN SSR work are posted to the workstream page of the wiki here: https://community.icann.org/x/KRghB. For any questions outstanding, the latest delivery date is included in the table.
Please let us know if there are other items you consider to be outstanding, as noted in your email below.
Best,
Jennifer
-----Original Message-----
From: Ssr2-review <ssr2-review-bounces@icann.org> on behalf of Boban Krsic <krsic@denic.de>
Date: Wednesday, November 14, 2018 at 5:28 AM
To: "ssr2-review@icann.org" <ssr2-review@icann.org>
Subject: Re: [Ssr2-review] SSR2 8 Nov agenda
Hi all,
On 08.11.18 14:31, Boban Krsic wrote:
> As already mentioned, I will send the current status of ICANN SSR to the
> mailing list by next Monday.
okay, it's Wednesday, but here we go:
As already mentioned, here is a short update on the current status of
the WS2 ICANN SSR. All information about the last official task (F2F in
Los Angeles, CA) can be found in the wiki at
https://community.icann.org/pages/viewpage.action?pageId=69277737. For
completeness here once again the summary of the meeting in LA:
The ICANN SSR Subgroup had a very productive two-day, fact-finding
meeting at ICANN headquarters in Los Angeles. The subgroup met with a
number of ICANN staff subject matter experts and discussed a range of
issues relating to the completeness and effectiveness of ICANN’s
security processes and the effectiveness of the ICANN security framework
(including activities connected to the SSR2 Terms of Reference and
implementation of SSR1 recommendations). Topics were covered to varying
degrees of detail as warranted; some topics were covered sufficiently
and some will require follow-on discussions.
The subgroup reviewed, submitted questions & information requests about,
and discussed early observations about:
* ICANN’s Security Framework and emerging threats
* ICANN’s Risk Management Framework
* ICANN’s Business Continuity strategies, objectives, plans and procedures
* ICANN’s operational planning and controls, and prioritized activity
recovery strategy
* ICANN’s Incident Response Structure
* ICANN’s root server operations
* ICANN’s Global Domains Division activities that relate to SSR
objectives, including:
* New gTLD program SSR-related safeguards
* Emergency Back-End Registry Operator (EBERO), and related processes,
and testing
* Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA)
* Centralized Zone Data Service (CZDS) compliance, failures, plans
* Vetting of registrar and registry operators as relates to SSR, and
measurement & impact of malicious conduct by contracted parties,
databreaches, etc.
* SLA Monitoring System (SLAM)
* Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS
Abuse & Domain Abuse Activity Reporting)
* SSR objectives in ICANN’S standard operating procedures (SOP).
We started immediately in the meeting to bring the essential aspects to
paper
https://docs.google.com/document/d/145i1Q-ZXgsvuwpDIUi_jJt_WJlaCRoxBoh2vKtNv....
Unfortunately we couldn't finish the document because of the
"pause-process". Now, after more than a year, remembering the results of
the meeting is a very challenging task. But maybe we can use the
document as a starting point to restart the task.
As you can see, we have structured the above mentioned topics into seven
groups. We assigned the team members among the individual groups, with
the aim of parallel processing and taking into account the individual
expertise of each SSR2 team member. The goal was to assign at least two
persons to a topic-group.
We used Trello https://trello.com/b/5Eu1ppuv/ssr2-subtopic-2-icann-ssr
for the organization of the work. We can now stick to it, or just use
the document referenced in the previous paragraph to organize the groups
and work.
In conclusion, the meeting was really effective and productive.
Unfortunately, we haven't received a summary (transcript) of the
meeting's content yet, as this task was taken over by the MSSI
secretariat. Nor do we have any records or evidences. IMHO both are
still outstanding.
To those who have also been in LA: Please just add if I forgot something ;-)
Thanks and best regards, Boban.
-- Boban Kršić Chief Information Security Officer DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248 Mobil: +49 172 67 61 671 https://www.denic.de PGP Key-ID: 0x43C89BA9 Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9 Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main
participants (2)
-
Boban Krsic -
Jennifer Bryce