Dear all, I agree with kc that a more in-depth slide deck would be useful to provide a more concise summary and also a resource for the shepherds (and others). Our report did change a lot from what people had in hand before, which maybe sets it apart from other reports where that much depth wasn’t necessary. All the best Laurin P.S. My apologies for not registering this either, buried under work.

On Feb 11, 2021, at 17:05, k claffy <kc@caida.org> wrote:

On Fri, Feb 05, 2021 at 06:33:38PM +0000, Jennifer Bryce wrote: Dear SSR2 RT members,

FYI ??? please find attached the slides for the SSR2 webinar next week (11 February @ 15:00 UTC). Have a good weekend!

Jennifer, Russ,

I am so sorry I completely missed that you sent out a slide deck last week. I wish we had had a call to review the slides. I think they missed the mark. They did not even review the recommendations, like we did for the webinars after the draft!

Russ and I have to present a version to SSAC on Monday, is it possible to create an extended deck for that and future discussions. we need at least 87 additional slides, but it should be a straightforward cutting and pasting exercise:

63 slides, one for each specific recommendation, with the recommendation group at the to

e.g., slide 3 of this batch would be:

----------------------------- SSR2 Recommendation 2: Create a C-Suite Position Responsible for Both Strategic and Tactical Security and Risk Management

2.2 ICANN org should include as part of this role's description that this position will manage ICANN org's security function and oversee staff interactions in all relevant areas that impact security. This position should be responsible for providing regular reports to the ICANN Board and community on all SSR-related activities within ICANN org. Existing security functions should be restructured and moved organizationally to report to this new position.

-----------------------------

and then also a batch of 24 slides, one for each group that has title: "Rec N: Measuring Implementation and Effectiveness" two bullets on each slide, placed after each subgroup of recs, e.g., for the above Rec 2, and placed after last slide in group 2

(smaller font) SSR2 Recommendation 2: Create a C-Suite Position Responsible for Both Strategic and Tactical Security and Risk Management

(bigger font) "Measuring Implementation and Effectiveness"

(normal font) Implemented: ICANN org has created and filled the role of Chief Security Officer with responsibilities as defined in the recommendations.

Effective: when ICANN org centralizes security responsibilities such that ICANN org can demonstrably coordinate SSR activities and budget and speak to security issues at the appropriate management level.

-----------------------------

i know this is some work, But we spent three years on this report, and I think we do need to be prepared to engage with the community in-depth.

Also I think the implementation shepherds will need such a document to keep track of progress here so I don't think this slide deck will see double or triple duty

others' thoughts?

k _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fssr2-review&data=04%7C01%7Claurin.weissinger%40yale.edu%7C29062f8e2d1241a551bc08d8cea6d8b5%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637486563283804665%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=02vn0wGfqDueCaoIvYOo%2F7BBEXZQpVxzxvFdR4uiIpU%3D&reserved=0

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy&data=04%7C01%7Claurin.weissinger%40yale.edu%7C29062f8e2d1241a551bc08d8cea6d8b5%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637486563283814661%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IpPjJjqUxXhOY0TcB2ksQ0WxU9g1jXe0uyTUskEGqO4%3D&reserved=0) and the website Terms of Service (https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos&data=04%7C01%7Claurin.weissinger%40yale.edu%7C29062f8e2d1241a551bc08d8cea6d8b5%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637486563283814661%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5%2F9F%2BrC6f9e2JknQ0XxRaWoN63ofidWyEJAefcLRYz0%3D&reserved=0). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

I also support the idea of adding more slides. Few weeks were invited by ALAC to give updates of the report and would appreciate it if we added more slides on the shared deck. Sorry, I missed today's meeting and will follow up on the recording. Regards, MATOGORO Jabhera Open Internet Engineering Fellow, 2019 - 2020 *Mozilla Foundation* Website: www.tzcna.or.tz On Thu, Feb 11, 2021 at 7:25 PM ALAIN AINA via Ssr2-review < ssr2-review@icann.org> wrote:

+++1

We were done with this webinar with more 100 participants in 33 minutes….

—Alain

...

On 11 Feb 2021, at 16:14, Weissinger, Laurin <laurin.weissinger@yale.edu> wrote:

Dear all,

I agree with kc that a more in-depth slide deck would be useful to provide a more concise summary and also a resource for the shepherds (and others). Our report did change a lot from what people had in hand before, which maybe sets it apart from other reports where that much depth wasn’t necessary.

All the best Laurin

P.S. My apologies for not registering this either, buried under work.

...

On Feb 11, 2021, at 17:05, k claffy <kc@caida.org> wrote:

On Fri, Feb 05, 2021 at 06:33:38PM +0000, Jennifer Bryce wrote: Dear SSR2 RT members,

FYI ??? please find attached the slides for the SSR2 webinar next week (11 February @ 15:00 UTC). Have a good weekend!

Jennifer, Russ,

I am so sorry I completely missed that you sent out a slide deck last week. I wish we had had a call to review the slides. I think they missed the mark. They did not even review the recommendations, like we did for the webinars after the draft!

Russ and I have to present a version to SSAC on Monday, is it possible to create an extended deck for that and future discussions. we need at least 87 additional slides, but it should be a straightforward cutting and pasting exercise:

63 slides, one for each specific recommendation, with the recommendation group at the to

e.g., slide 3 of this batch would be:

----------------------------- SSR2 Recommendation 2: Create a C-Suite Position Responsible for Both Strategic and Tactical Security and Risk Management

2.2 ICANN org should include as part of this role's description that this position will manage ICANN org's security function and oversee staff interactions in all relevant areas that impact security. This position should be responsible for providing regular reports to the ICANN Board and community on all SSR-related activities within ICANN org. Existing security functions should be restructured and moved organizationally to report to this new position.

-----------------------------

and then also a batch of 24 slides, one for each group that has title: "Rec N: Measuring Implementation and Effectiveness" two bullets on each slide, placed after each subgroup of recs, e.g., for the above Rec 2, and placed after last slide in group 2

(smaller font) SSR2 Recommendation 2: Create a C-Suite Position Responsible for Both Strategic and Tactical Security and Risk Management

(bigger font) "Measuring Implementation and Effectiveness"

(normal font) Implemented: ICANN org has created and filled the role of Chief Security Officer with responsibilities as defined in the recommendations.

Effective: when ICANN org centralizes security responsibilities such that ICANN org can demonstrably coordinate SSR activities and budget and speak to security issues at the appropriate management level.

-----------------------------

i know this is some work, But we spent three years on this report, and I think we do need to be prepared to engage with the community in-depth.

Also I think the implementation shepherds will need such a document to keep track of progress here so I don't think this slide deck will see double or triple duty

others' thoughts?

k _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org

https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fssr2-review&data=04%7C01%7Claurin.weissinger%40yale.edu%7C29062f8e2d1241a551bc08d8cea6d8b5%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637486563283804665%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=02vn0wGfqDueCaoIvYOo%2F7BBEXZQpVxzxvFdR4uiIpU%3D&reserved=0

...

_______________________________________________ By submitting your personal data, you consent to the processing of your

personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy ( https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy&data=04%7C01%7Claurin.weissinger%40yale.edu%7C29062f8e2d1241a551bc08d8cea6d8b5%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637486563283814661%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IpPjJjqUxXhOY0TcB2ksQ0WxU9g1jXe0uyTUskEGqO4%3D&reserved=0) and the website Terms of Service ( https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos&data=04%7C01%7Claurin.weissinger%40yale.edu%7C29062f8e2d1241a551bc08d8cea6d8b5%7Cdd8cbebb21394df8b4114e3e87abeb5c%7C0%7C0%7C637486563283814661%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5%2F9F%2BrC6f9e2JknQ0XxRaWoN63ofidWyEJAefcLRYz0%3D&reserved=0). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

KC: I recall the Webinar prior to public comment where we went through each recommendation. I really felt like the people that had read the report did not need that deatail, and the people that had not read it were trying to figure out what parts they cared about. The slide deck seemed a better approach to me. Russ

On Feb 11, 2021, at 11:05 AM, k claffy <kc@caida.org> wrote:

On Fri, Feb 05, 2021 at 06:33:38PM +0000, Jennifer Bryce wrote: Dear SSR2 RT members,

FYI ??? please find attached the slides for the SSR2 webinar next week (11 February @ 15:00 UTC). Have a good weekend!

Jennifer, Russ,

I am so sorry I completely missed that you sent out a slide deck last week. I wish we had had a call to review the slides. I think they missed the mark. They did not even review the recommendations, like we did for the webinars after the draft!

Russ and I have to present a version to SSAC on Monday, is it possible to create an extended deck for that and future discussions. we need at least 87 additional slides, but it should be a straightforward cutting and pasting exercise:

63 slides, one for each specific recommendation, with the recommendation group at the to

e.g., slide 3 of this batch would be:

----------------------------- SSR2 Recommendation 2: Create a C-Suite Position Responsible for Both Strategic and Tactical Security and Risk Management

2.2 ICANN org should include as part of this role's description that this position will manage ICANN org's security function and oversee staff interactions in all relevant areas that impact security. This position should be responsible for providing regular reports to the ICANN Board and community on all SSR-related activities within ICANN org. Existing security functions should be restructured and moved organizationally to report to this new position.

-----------------------------

and then also a batch of 24 slides, one for each group that has title: "Rec N: Measuring Implementation and Effectiveness" two bullets on each slide, placed after each subgroup of recs, e.g., for the above Rec 2, and placed after last slide in group 2

(smaller font) SSR2 Recommendation 2: Create a C-Suite Position Responsible for Both Strategic and Tactical Security and Risk Management

(bigger font) "Measuring Implementation and Effectiveness"

(normal font) Implemented: ICANN org has created and filled the role of Chief Security Officer with responsibilities as defined in the recommendations.

Effective: when ICANN org centralizes security responsibilities such that ICANN org can demonstrably coordinate SSR activities and budget and speak to security issues at the appropriate management level.

-----------------------------

i know this is some work, But we spent three years on this report, and I think we do need to be prepared to engage with the community in-depth.

Also I think the implementation shepherds will need such a document to keep track of progress here so I don't think this slide deck will see double or triple duty

others' thoughts?

k _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

These look good to me. Thanks very much. Russ

On Feb 12, 2021, at 7:58 PM, Heather Flanagan <hlf@sphericalcowconsulting.com> wrote:

Hello all,

I’ve updated the slides in prep for the SSAC meeting. They can be found in the Final Report folder,

https://drive.google.com/drive/folders/1FKSxLF204CNiM0wrPY8gE5Ltz6eOM4OC?usp... <https://drive.google.com/drive/folders/1FKSxLF204CNiM0wrPY8gE5Ltz6eOM4OC?usp...>

Heather Flanagan — Translator of Geek to Human https://sphericalcowconsulting.com <https://sphericalcowconsulting.com/> On Feb 11, 2021, 11:24 AM -0800, Russ Housley <housley@vigilsec.com>, wrote:

...

KC:

I recall the Webinar prior to public comment where we went through each recommendation. I really felt like the people that had read the report did not need that deatail, and the people that had not read it were trying to figure out what parts they cared about. The slide deck seemed a better approach to me.

Russ

...

On Feb 11, 2021, at 11:05 AM, k claffy <kc@caida.org> wrote:

On Fri, Feb 05, 2021 at 06:33:38PM +0000, Jennifer Bryce wrote: Dear SSR2 RT members,

FYI ??? please find attached the slides for the SSR2 webinar next week (11 February @ 15:00 UTC). Have a good weekend!

Jennifer, Russ,

I am so sorry I completely missed that you sent out a slide deck last week. I wish we had had a call to review the slides. I think they missed the mark. They did not even review the recommendations, like we did for the webinars after the draft!

Russ and I have to present a version to SSAC on Monday, is it possible to create an extended deck for that and future discussions. we need at least 87 additional slides, but it should be a straightforward cutting and pasting exercise:

63 slides, one for each specific recommendation, with the recommendation group at the to

e.g., slide 3 of this batch would be:

----------------------------- SSR2 Recommendation 2: Create a C-Suite Position Responsible for Both Strategic and Tactical Security and Risk Management

2.2 ICANN org should include as part of this role's description that this position will manage ICANN org's security function and oversee staff interactions in all relevant areas that impact security. This position should be responsible for providing regular reports to the ICANN Board and community on all SSR-related activities within ICANN org. Existing security functions should be restructured and moved organizationally to report to this new position.

-----------------------------

and then also a batch of 24 slides, one for each group that has title: "Rec N: Measuring Implementation and Effectiveness" two bullets on each slide, placed after each subgroup of recs, e.g., for the above Rec 2, and placed after last slide in group 2

(smaller font) SSR2 Recommendation 2: Create a C-Suite Position Responsible for Both Strategic and Tactical Security and Risk Management

(bigger font) "Measuring Implementation and Effectiveness"

(normal font) Implemented: ICANN org has created and filled the role of Chief Security Officer with responsibilities as defined in the recommendations.

Effective: when ICANN org centralizes security responsibilities such that ICANN org can demonstrably coordinate SSR activities and budget and speak to security issues at the appropriate management level.

-----------------------------

i know this is some work, But we spent three years on this report, and I think we do need to be prepared to engage with the community in-depth.

Also I think the implementation shepherds will need such a document to keep track of progress here so I don't think this slide deck will see double or triple duty

others' thoughts?

k _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.