[council] Re: Fwd: Security meeting - more details

["Paul M. Kane" <Paul.Kane@REACTO.com>]

Stuart

Thanks for sending me a copy of your email to the NC... I have been
"excluded" from receiving NC emails list since 8th September in
Montevideo....

Security issues - It may be helpful for ICANN and the Names Council to
take a brief look at a British Standard I was involved in drafting
concerning Security Issues in the Digital Age a few years back.  It has
since been adopted as ISO 17799.

I've asked one of my guys to make it available on the web at
http://www.securityissues.ac

Best

Paul

"M. Stuart Lynn" wrote:

> Earlier today I forwarded this note to the Names Council, and it has
> probably been passed on to you. But I am forwarding it directly, just
> in case. Apologies for duplicates.
>
> Stuart
>
> >Date: Tue, 2 Oct 2001 15:12:53 -0700
> >To: council@dnso.org, ac-coord@aso.icann.org, "Vladimir Androuchko
> >for PSO Council" <vladimir.androuchko@itu.int>, "ASO Address Council
> >coordination list" <ac-coord@aso.icann.org>, "Donna Austin for GAC
> >distribution" <Donna.Austin@noie.gov.au>
> >From: "M. Stuart Lynn" <lynn@icann.org>
> >Subject: Security meeting - more details
> >Cc:
> >Bcc:
> >X-Attachments:
> >
> >Dear colleagues:
> >
> >The meeting on security is beginning to shape up although it will be
> >several days yet before we can fill in the details. A program
> >committee is being formed to define the agenda and invite speakers.
> >We will provide details as they become available. In the meantime,
> >your suggestions for how to make the agenda as meaningful to you as
> >possible would be welcome, as well as your suggestions for invited
> >speakers.
> >
> >The overall purposes of the program - beyond those stated in
> >previous announcement - are to educate, to enhance awareness, to
> >assess security and readiness in the broadest terms, and to launch
> >continuing efforts to assess and improve security and readiness
> >across the scope of ICANN's activities and communities. In large
> >part, this will be a bottom-up process of analysis and development
> >of processes and recommendations, culminating is presentations to be
> >made by Councils and Advisory Committees to the Board on the final
> >day.
> >
> >To make it a little clearer, by "security" I mean security primarily
> >of DNS services and the entities that provide them, including both
> >protection against potential threats and the ability to recover from
> >actual serious failures. This includes practices such as site
> >security, network security, data backup and escrow, recovery
> >procedures and processes, management and personnel practices, etc.
> >In addition, we need to become informed about  the status of
> >improved technical standards, such as DNSSEC, and other technical
> >issues that apply to the broader context of the DNS. I am sure most
> >DNS service providers take these matters very seriously and work
> >hard to keep their systems and networks secure; the November
> >discussions will proceed on the assumption that there is always room
> >for self-assessment, dialogue, and improvement.
> >
> >Here is how we are currently envisioning the meeting program
> >(subject to further input and refinement). In very rough outline
> >(more later) the meeting would open with a series of plenary
> >orientation talks and panels focusing on both management and
> >technical security issues, and what are the dangers of neglecting
> >these issues. One emphasis would be that security and recovery are
> >as much management issues as technical, and that many (if not most)
> >failures can be attributed to lack of management attention. These
> >orientation sessions would lay out a common framework for the rest
> >of the meeting.They would be followed by a series of facilitated
> >small workshops (everyone participates) that will focus on
> >self-assessment (not for distribution) and tease out issues, ideas,
> >and recommendations through group discussion and mutual education.
> >These outputs would in turn feed into meetings of ICANN
> >constituencies and other component organizations to develop
> >recommendations for future actions, processes, policies etc for
> >future constituency action and consideration, or that would be
> >"synthesized" by Councils along with other recommendations for
> >reporting to the Board the following day. There will be other tracks
> >that would focus on specific technical or other questions that need
> >to be discussed.
> >
> >Incidentally, the reports to the Board would be followed by some
> >open mike time on security, to be followed by a Board discussion of
> >what it has heard. After lunch, there will be separate open mike
> >time for general issues followed by a regular Board meeting for
> >issues that have to be considered (because "time is of the essence").
> >
> >As previously indicated, November 12 is available for other
> >constituency/Council/advisory committee meetings for other business.
> >On the evening of the 12th, however, a Public Forum will be
> >scheduled for a report by the At Large Study Committee followed by
> >discussion in the usual format.
> >
> >The above is an outline. Within that outline are many details to be
> >nailed down over the coming days and weeks. The meeting will only be
> >as successful as you make it, so your thoughts will be greatly
> >appreciated. Please send your ideas and comments to
> >meeting@icann.org from where they will be distributed efficiently to
> >all the people planning the meeting - or to me directly (but, sadly,
> >I am less efficient!).
> >
> >With regards
> >Stuart
> >
> >--
> >
> >__________________
> >Stuart Lynn
> >President and CEO
> >ICANN
> >4676 Admiralty Way, Suite 330
> >Marina del Rey, CA 90292
> >Tel: 310-823-9358
> >Fax: 310-823-8649
> >Email: lynn@icann.org
>
> --
>
> __________________
> Stuart Lynn
> President and CEO
> ICANN
> 4676 Admiralty Way, Suite 330
> Marina del Rey, CA 90292
> Tel: 310-823-9358
> Fax: 310-823-8649
> Email: lynn@icann.org