For the tentative LA meeting, ICANN Organization has the following ICANN Experts identified to be attending the LA Meeting: • CIO /Engineering • IANA Technical Operations • OCTO • Risk Management Karen Mulberry Multistakeholder Strategy and Strategic Initiatives (MSSI) ICANN On 8/22/17, 2:40 PM, "icannsecurity-ssr2-rt-bounces@icann.org on behalf of Boban Krsic" <icannsecurity-ssr2-rt-bounces@icann.org on behalf of krsic@denic.de> wrote: Dear all, Am 20.08.17 um 21:42 schrieb Boban Krsic: > * Drafted an audit plan [5] for planning purposes, to indicate the right > persons at ICANN and to help us in the execution of the workshop - based > on the structure from “SSR2_sub_topic_ICANN.SSR” [2] and with the > content of the following both documents: > > * SSR2-ICANNSecurity-workplan-draft [3] > * ICANN Security Questions for CIO [4] > > We will circulate the link of the draft after upload it to google docs > - not later than Tuesday afternoon. As mentioned on last Sunday, please find the draft of the document attached. Jennifer, it would be great if you could upload the document to google docs and share the link for commenting purposes. > * Please provide final feedback on the audit plan [5] until August 28. > We will consolidate potential feedback and finalize the document on > Tuesday, August 29. > > * MSSI Secretariat, You will be able to identify all responsible staff > owners with the first draft of the document [5]. Please confirm their > availability asap. We should be able to organize parallel tracks on the > two workshop days. Looking forward to hearing from you soon. - Boban.

Boban, Thank you, the CIO is planning on attending along with his experts, and I will reach out to Compliance for the experts that can address the questions you have raised with the plan that you and Zarko have put together. Karen Mulberry Multistakeholder Strategy and Strategic Initiatives (MSSI) ICANN On 8/22/17, 4:19 PM, "Boban Krsic" <krsic@denic.de> wrote: Dear Karen, {moving to the main list} Am 22.08.17 um 23:59 schrieb Karen Mulberry: > For the tentative LA meeting, ICANN Organization has the following ICANN Experts identified to be attending the LA Meeting: > • CIO /Engineering > • IANA Technical Operations > • OCTO > • Risk Management Perfect, With a look to the different topics in the provided document maybe someone from the Chief Operating Officer department and Compliance would also be a good choice. Furthermore, if we would like to discuss also about key action steps 5-7 below, we will need additionally experts from GDD Operations. ---snip--- 5. Perform a comprehensive assessment of internal security, stability and resiliency of ICANN's operation processes and services. 6. Perform an assessment how effectively ICANN has implemented its processes around vetting registry operators and services concerning the New gTLD Delegation and Transition process. 7. Perform an assessment how effectively ICANN has implemented its processes to ensure compliance regarding registrar agreements and the consensus policies. ---snip--- Thanks a lot! - Boban. > > > On 8/22/17, 2:40 PM, "icannsecurity-ssr2-rt-bounces@icann.org on behalf of Boban Krsic" <icannsecurity-ssr2-rt-bounces@icann.org on behalf of krsic@denic.de> wrote: > > Dear all, > > Am 20.08.17 um 21:42 schrieb Boban Krsic: > > * Drafted an audit plan [5] for planning purposes, to indicate the right > > persons at ICANN and to help us in the execution of the workshop - based > > on the structure from “SSR2_sub_topic_ICANN.SSR” [2] and with the > > content of the following both documents: > > > > * SSR2-ICANNSecurity-workplan-draft [3] > > * ICANN Security Questions for CIO [4] > > > > We will circulate the link of the draft after upload it to google docs > > - not later than Tuesday afternoon. > > As mentioned on last Sunday, please find the draft of the document > attached. Jennifer, it would be great if you could upload the document > to google docs and share the link for commenting purposes. > > > * Please provide final feedback on the audit plan [5] until August 28. > > We will consolidate potential feedback and finalize the document on > > Tuesday, August 29. > > > > * MSSI Secretariat, You will be able to identify all responsible staff > > owners with the first draft of the document [5]. Please confirm their > > availability asap. We should be able to organize parallel tracks on the > > two workshop days. > > Looking forward to hearing from you soon. > > - Boban. > > > -- Boban Kršić Chief Information Security Officer DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248 Mobil: +49 172 67 61 671 https://www.denic.de X.509 Key-ID: 00A54FCB79884413A4 Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716 PGP Key-ID: 0x43C89BA9 Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9 Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main

Karen: To meet ICANN Travel’s deadline, please submit the travel order for this subgroup meeting in LA. Please confirm the participation of the COO ASAP and provide Subgroup members with the names of staff who will be addressing the items noted by the Subgroup. Thanks for your help. -Denise Denise Michel Domain Name System Strategy & Management Facebook, Inc. denisemichel@fb.com On 8/22/17, 3:30 PM, "ssr2-review-bounces@icann.org on behalf of Boban Krsic" <ssr2-review-bounces@icann.org on behalf of krsic@denic.de> wrote: Karen, Thanks, But how about the _COO_, not only the CIO. Responsibilities like Global and Security Operations, Organizational Assessment & Improvement are located there. Just to be sure to catch them all. Thanks, and now I am really off' - it's after midnight ;-) - Boban. Am 23.08.17 um 00:22 schrieb Karen Mulberry: > Boban, > > Thank you, the CIO is planning on attending along with his experts, and I will reach out to Compliance for the experts that can address the questions you have raised with the plan that you and Zarko have put together. > > > Karen Mulberry > Multistakeholder Strategy and Strategic Initiatives (MSSI) > ICANN > > > > On 8/22/17, 4:19 PM, "Boban Krsic" <krsic@denic.de> wrote: > > Dear Karen, > > {moving to the main list} > > Am 22.08.17 um 23:59 schrieb Karen Mulberry: > > For the tentative LA meeting, ICANN Organization has the following ICANN Experts identified to be attending the LA Meeting: > > • CIO /Engineering > > • IANA Technical Operations > > • OCTO > > • Risk Management > > Perfect, With a look to the different topics in the provided document > maybe someone from the Chief Operating Officer department and Compliance > would also be a good choice. > > Furthermore, if we would like to discuss also about key action steps 5-7 > below, we will need additionally experts from GDD Operations. > > ---snip--- > > 5. Perform a comprehensive assessment of internal security, stability > and resiliency of ICANN's operation processes and services. > > 6. Perform an assessment how effectively ICANN has implemented its > processes around vetting registry operators and services concerning the > New gTLD Delegation and Transition process. > > 7. Perform an assessment how effectively ICANN has implemented its > processes to ensure compliance regarding registrar agreements and the > consensus policies. > > ---snip--- > > Thanks a lot! > > - Boban. > > > > > > > > > On 8/22/17, 2:40 PM, "icannsecurity-ssr2-rt-bounces@icann.org on behalf of Boban Krsic" <icannsecurity-ssr2-rt-bounces@icann.org on behalf of krsic@denic.de> wrote: > > > > Dear all, > > > > Am 20.08.17 um 21:42 schrieb Boban Krsic: > > > * Drafted an audit plan [5] for planning purposes, to indicate the right > > > persons at ICANN and to help us in the execution of the workshop - based > > > on the structure from “SSR2_sub_topic_ICANN.SSR” [2] and with the > > > content of the following both documents: > > > > > > * SSR2-ICANNSecurity-workplan-draft [3] > > > * ICANN Security Questions for CIO [4] > > > > > > We will circulate the link of the draft after upload it to google docs > > > - not later than Tuesday afternoon. > > > > As mentioned on last Sunday, please find the draft of the document > > attached. Jennifer, it would be great if you could upload the document > > to google docs and share the link for commenting purposes. > > > > > * Please provide final feedback on the audit plan [5] until August 28. > > > We will consolidate potential feedback and finalize the document on > > > Tuesday, August 29. > > > > > > * MSSI Secretariat, You will be able to identify all responsible staff > > > owners with the first draft of the document [5]. Please confirm their > > > availability asap. We should be able to organize parallel tracks on the > > > two workshop days. > > > > Looking forward to hearing from you soon. > > > > - Boban. > > > > > > > > > -- > > Boban Kršić > Chief Information Security Officer > > DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY > > E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248 > Mobil: +49 172 67 61 671 > https://www.denic.de > > X.509 Key-ID: 00A54FCB79884413A4 > Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716 > > PGP Key-ID: 0x43C89BA9 > Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9 > > Angaben nach § 25a Absatz 1 GenG: > DENIC eG (Sitz: Frankfurt am Main) > Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg > Schweiger > Vorsitzender des Aufsichtsrats: Thomas Keller > Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht > Frankfurt am Main > > > -- Boban Kršić Chief Information Security Officer DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt am Main, GERMANY E-Mail: krsic@denic.de, Fon: +49 69 272 35-120, Fax: -248 Mobil: +49 172 67 61 671 https://www.denic.de X.509 Key-ID: 00A54FCB79884413A4 Fingerprint: 9D37 F593 AF9A D766 FAB4 8B88 D49A 2716 PGP Key-ID: 0x43C89BA9 Fingerprint: B974 E725 FEF7 CB3A E452 BEE0 5B80 73E9 43C8 9BA9 Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main) Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main