Perform an assessment of ICANN's Information Security Management System.
Dear Alain, Dear Noorul, It is my hope that this email will find you doing fine. I am writing as a follow-up on any status regarding our topic - Perform an assessment of ICANN's Information Security Management System. Please let me know if you have something already. Otherwise, I would be happy to write something later today and share it back by next week for your quick review. Regards, -- MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185*
Matogoro, I have nothing. After the DNS crypto, i am now working on the L-root practices.. —Alain
On 25 Apr 2019, at 08:01, Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Dear Alain, Dear Noorul,
It is my hope that this email will find you doing fine. I am writing as a follow-up on any status regarding our topic - Perform an assessment of ICANN's Information Security Management System.
Please let me know if you have something already. Otherwise, I would be happy to write something later today and share it back by next week for your quick review.
Regards, -- MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185*
Dear Alain, Thank you for this updates. I am waiting for Noorul to see if he has something to share. Otherwise, I am allocating my effort to develop zero draft for your review and input. Regards, MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185* On Thu, Apr 25, 2019 at 4:19 AM ALAIN AINA <aalain@trstech.net> wrote:
Matogoro,
I have nothing. After the DNS crypto, i am now working on the L-root practices..
—Alain
On 25 Apr 2019, at 08:01, Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Dear Alain, Dear Noorul,
It is my hope that this email will find you doing fine. I am writing as a follow-up on any status regarding our topic - Perform an assessment of ICANN's Information Security Management System.
Please let me know if you have something already. Otherwise, I would be happy to write something later today and share it back by next week for your quick review.
Regards, -- MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185*
Hi Matogoro,
From the response on compliance frameworks ICANN does not prescribe to ISO 27001 ISMS. They are moving forward with NIST CSF as their standard, however ISMS is an ISO definition. Feel free to draft a response.
-Scott *Scott McCormick* Security Compliance mobile 443.691.2013 smccormick@hackerone.com <https://www.hackerone.com> *Check out the 2018 Hacker Powered Security Report <https://www.hackerone.com/sites/default/files/2018-07/The%20Hacker-Powered%20Security%20Report%202018.pdf>* [image: linkedin3.png] <https://www.linkedin.com/company/hackerone> [image: twitter-xxl.png] <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...> [image: facebook-symbol_318-37686.jpg] <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...> On Thu, Apr 25, 2019 at 5:17 AM Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Dear Alain,
Thank you for this updates. I am waiting for Noorul to see if he has something to share. Otherwise, I am allocating my effort to develop zero draft for your review and input.
Regards, MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185*
On Thu, Apr 25, 2019 at 4:19 AM ALAIN AINA <aalain@trstech.net> wrote:
Matogoro,
I have nothing. After the DNS crypto, i am now working on the L-root practices..
—Alain
On 25 Apr 2019, at 08:01, Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Dear Alain, Dear Noorul,
It is my hope that this email will find you doing fine. I am writing as a follow-up on any status regarding our topic - Perform an assessment of ICANN's Information Security Management System.
Please let me know if you have something already. Otherwise, I would be happy to write something later today and share it back by next week for your quick review.
Regards, -- MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185*
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
Scott and Matagoro: I personally like the way that NIST CSF maps to the organizations mission statement. That seems like very pragmatic approach to me. I realize that it is not an ISO standard, but I cannot fault any organization for choosing NIST CSF as a way to make sure that the things that really matter to the organization are being addressed. Do you see things differently? Russ
On May 1, 2019, at 4:13 PM, Scott McCormick via Ssr2-review <ssr2-review@icann.org> wrote:
Hi Matogoro, From the response on compliance frameworks ICANN does not prescribe to ISO 27001 ISMS. They are moving forward with NIST CSF as their standard, however ISMS is an ISO definition. Feel free to draft a response.
-Scott Scott McCormick Security Compliance mobile 443.691.2013 smccormick@hackerone.com <mailto:smccormick@hackerone.com> <https://www.hackerone.com/>
Check out the 2018 Hacker Powered Security Report <https://www.hackerone.com/sites/default/files/2018-07/The%20Hacker-Powered%2...> <https://www.linkedin.com/company/hackerone> <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...> <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...>
On Thu, Apr 25, 2019 at 5:17 AM Matogoro Jabera <jaberamatogoro@gmail.com <mailto:jaberamatogoro@gmail.com>> wrote: Dear Alain,
Thank you for this updates. I am waiting for Noorul to see if he has something to share. Otherwise, I am allocating my effort to develop zero draft for your review and input.
Regards, MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz <http://www.udom.ac.tz/> IEEE Membership ID: 93934185
On Thu, Apr 25, 2019 at 4:19 AM ALAIN AINA <aalain@trstech.net <mailto:aalain@trstech.net>> wrote: Matogoro,
I have nothing. After the DNS crypto, i am now working on the L-root practices..
—Alain
On 25 Apr 2019, at 08:01, Matogoro Jabera <jaberamatogoro@gmail.com <mailto:jaberamatogoro@gmail.com>> wrote:
Dear Alain, Dear Noorul,
It is my hope that this email will find you doing fine. I am writing as a follow-up on any status regarding our topic - Perform an assessment of ICANN's Information Security Management System.
Please let me know if you have something already. Otherwise, I would be happy to write something later today and share it back by next week for your quick review.
Regards, -- MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz <http://www.udom.ac.tz/> *IEEE Membership ID: 93934185*
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org <mailto:Ssr2-review@icann.org> https://mm.icann.org/mailman/listinfo/ssr2-review <https://mm.icann.org/mailman/listinfo/ssr2-review> _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
Dear Russ, This question seems to be widely discussed in the literature. We may need to have a broad discussion before drafting a recommendation on it. If it happen we have something that improve the SSR1 recommendation on the certification. Regards, Matogoro On Wed, 1 May 2019, 23:32 Russ Housley, <housley@vigilsec.com> wrote:
Scott and Matagoro:
I personally like the way that NIST CSF maps to the organizations mission statement. That seems like very pragmatic approach to me. I realize that it is not an ISO standard, but I cannot fault any organization for choosing NIST CSF as a way to make sure that the things that really matter to the organization are being addressed.
Do you see things differently?
Russ
On May 1, 2019, at 4:13 PM, Scott McCormick via Ssr2-review < ssr2-review@icann.org> wrote:
Hi Matogoro, From the response on compliance frameworks ICANN does not prescribe to ISO 27001 ISMS. They are moving forward with NIST CSF as their standard, however ISMS is an ISO definition. Feel free to draft a response.
-Scott *Scott McCormick* Security Compliance mobile 443.691.2013 smccormick@hackerone.com <https://www.hackerone.com/>
*Check out the 2018 Hacker Powered Security Report <https://www.hackerone.com/sites/default/files/2018-07/The%20Hacker-Powered%20Security%20Report%202018.pdf>* [image: linkedin3.png] <https://www.linkedin.com/company/hackerone> [image: twitter-xxl.png] <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...> [image: facebook-symbol_318-37686.jpg] <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...>
On Thu, Apr 25, 2019 at 5:17 AM Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Dear Alain,
Thank you for this updates. I am waiting for Noorul to see if he has something to share. Otherwise, I am allocating my effort to develop zero draft for your review and input.
Regards, MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185*
On Thu, Apr 25, 2019 at 4:19 AM ALAIN AINA <aalain@trstech.net> wrote:
Matogoro,
I have nothing. After the DNS crypto, i am now working on the L-root practices..
—Alain
On 25 Apr 2019, at 08:01, Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Dear Alain, Dear Noorul,
It is my hope that this email will find you doing fine. I am writing as a follow-up on any status regarding our topic - Perform an assessment of ICANN's Information Security Management System.
Please let me know if you have something already. Otherwise, I would be happy to write something later today and share it back by next week for your quick review.
Regards, -- MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185*
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
Matogoro: Yes, this could be a follow-on to the SSR1 recommendations, but if it deviates in some way from the original SSR1 recommendation, then it belonds in a different section. Russ
On May 2, 2019, at 12:45 AM, Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Dear Russ,
This question seems to be widely discussed in the literature. We may need to have a broad discussion before drafting a recommendation on it. If it happen we have something that improve the SSR1 recommendation on the certification.
Regards, Matogoro
On Wed, 1 May 2019, 23:32 Russ Housley, <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote: Scott and Matagoro:
I personally like the way that NIST CSF maps to the organizations mission statement. That seems like very pragmatic approach to me. I realize that it is not an ISO standard, but I cannot fault any organization for choosing NIST CSF as a way to make sure that the things that really matter to the organization are being addressed.
Do you see things differently?
Russ
On May 1, 2019, at 4:13 PM, Scott McCormick via Ssr2-review <ssr2-review@icann.org <mailto:ssr2-review@icann.org>> wrote:
Hi Matogoro, From the response on compliance frameworks ICANN does not prescribe to ISO 27001 ISMS. They are moving forward with NIST CSF as their standard, however ISMS is an ISO definition. Feel free to draft a response.
-Scott Scott McCormick Security Compliance mobile 443.691.2013 smccormick@hackerone.com <mailto:smccormick@hackerone.com> <https://www.hackerone.com/>
Check out the 2018 Hacker Powered Security Report <https://www.hackerone.com/sites/default/files/2018-07/The%20Hacker-Powered%2...> <https://www.linkedin.com/company/hackerone> <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...> <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...>
On Thu, Apr 25, 2019 at 5:17 AM Matogoro Jabera <jaberamatogoro@gmail.com <mailto:jaberamatogoro@gmail.com>> wrote: Dear Alain,
Thank you for this updates. I am waiting for Noorul to see if he has something to share. Otherwise, I am allocating my effort to develop zero draft for your review and input.
Regards, MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz <http://www.udom.ac.tz/> IEEE Membership ID: 93934185
On Thu, Apr 25, 2019 at 4:19 AM ALAIN AINA <aalain@trstech.net <mailto:aalain@trstech.net>> wrote: Matogoro,
I have nothing. After the DNS crypto, i am now working on the L-root practices..
—Alain
On 25 Apr 2019, at 08:01, Matogoro Jabera <jaberamatogoro@gmail.com <mailto:jaberamatogoro@gmail.com>> wrote:
Dear Alain, Dear Noorul,
It is my hope that this email will find you doing fine. I am writing as a follow-up on any status regarding our topic - Perform an assessment of ICANN's Information Security Management System.
Please let me know if you have something already. Otherwise, I would be happy to write something later today and share it back by next week for your quick review.
Regards, -- MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz <http://www.udom.ac.tz/> *IEEE Membership ID: 93934185*
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org <mailto:Ssr2-review@icann.org> https://mm.icann.org/mailman/listinfo/ssr2-review <https://mm.icann.org/mailman/listinfo/ssr2-review> _______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org <mailto:Ssr2-review@icann.org> https://mm.icann.org/mailman/listinfo/ssr2-review <https://mm.icann.org/mailman/listinfo/ssr2-review>
Dear Scott, I have seen alot of discussion in the literature whether ISO or NIST. We may need to discuss this further in our meeting and provide a better guidance to ICANN Community. Thank you for pointing it out. Regards, Matogoro On Wed, 1 May 2019, 23:13 Scott McCormick, <smccormick@hackerone.com> wrote:
Hi Matogoro, From the response on compliance frameworks ICANN does not prescribe to ISO 27001 ISMS. They are moving forward with NIST CSF as their standard, however ISMS is an ISO definition. Feel free to draft a response.
-Scott *Scott McCormick* Security Compliance mobile 443.691.2013 smccormick@hackerone.com <https://www.hackerone.com>
*Check out the 2018 Hacker Powered Security Report <https://www.hackerone.com/sites/default/files/2018-07/The%20Hacker-Powered%20Security%20Report%202018.pdf>* [image: linkedin3.png] <https://www.linkedin.com/company/hackerone> [image: twitter-xxl.png] <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...> [image: facebook-symbol_318-37686.jpg] <http://t.yesware.com/tt/324020b77f436d605944dd917f93cf8de45fe242/62c45ebe131...>
On Thu, Apr 25, 2019 at 5:17 AM Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Dear Alain,
Thank you for this updates. I am waiting for Noorul to see if he has something to share. Otherwise, I am allocating my effort to develop zero draft for your review and input.
Regards, MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185*
On Thu, Apr 25, 2019 at 4:19 AM ALAIN AINA <aalain@trstech.net> wrote:
Matogoro,
I have nothing. After the DNS crypto, i am now working on the L-root practices..
—Alain
On 25 Apr 2019, at 08:01, Matogoro Jabera <jaberamatogoro@gmail.com> wrote:
Dear Alain, Dear Noorul,
It is my hope that this email will find you doing fine. I am writing as a follow-up on any status regarding our topic - Perform an assessment of ICANN's Information Security Management System.
Please let me know if you have something already. Otherwise, I would be happy to write something later today and share it back by next week for your quick review.
Regards, -- MATOGORO Jabhera Assistant Lecturer College of Informatics and Virtual Education The University of Dodoma P.O Box 490, Dodoma. Website: www.udom.ac.tz *IEEE Membership ID: 93934185*
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
participants (4)
-
ALAIN AINA -
Matogoro Jabera -
Russ Housley -
Scott McCormick