dns security and stability analysis working group (dssa) dssa update toronto – october, 2012
TRANSCRIPT
DNS Security and Stability Analysis Working Group (DSSA)
DSSA UpdateToronto – October, 2012
DSSADNS Security and Stability Analysis working group Thursday, 18-October: 11:15-12:45 Harbour C Details: http://toronto45.icann.org/node/34225
Context
Framework
ScenariosEducation, Training,
Awareness
Standards, Tools,Techniques
RiskPlanning
GlueRegional or segment focus
Constituencies
Edge (internal)Within the organization
CoreEcosystem-wide
Collaborative
Risk AssessmentGovernance
Steering
Coordination
Sharing
Delivery
Doing
Security Management/Leadershi
p
Operational & Technical Practices and Controls
Research & Analysis
EventMonitoring
Technology Selection, Deployment & Management
ComplianceMonitoring
Incident Response
Edge (external)Cross-organizational
2
BackgroundAt their meetings during the ICANN Brussels meeting the At-Large Advisory Committee (ALAC), the Country Code Names Supporting Organization (ccNSO), the Generic Names Supporting Organization (GNSO), the Governmental Advisory Committee (GAC), and the Number Resource Organization (NROs)… acknowledged the need for a better understanding of the security and stability of the global domain name system (DNS).
This is considered to be of common interest to the participating Supporting Organisations (SOs), Advisory Committees (ACs) and others, and should be preferably undertaken in a collaborative effort.
3
The DSSA has:
• Established a cross-constituency working group
• Clarified the scope of the effort• Developed a protocol to handle
confidential information• Built a risk-assessment framework• Developed risk scenarios• Documented this work in a report
4
Since Prague:• Refined and consolidated• Launched public-comment cycle
• Refine the methodology• Introduce the framework to a
broader audience• Complete the risk assessment
5
Still to come (if needed)
Methodology
6 6
Risk Scenarios
7 7
Education, Training, Awareness
Standards, Tools,Techniques
RiskPlanning
GlueRegional or segment focus
Constituencies
Edge (internal)Within the organization
CoreEcosystem-wide
CollaborativeRisk
AssessmentGovernanceSteering
CoordinationSharing
DeliveryDoing
Security Management/Leadershi
p
Operational & Technical Practices and Controls
Research & Analysis
EventMonitoring
Technology Selection, Deployment & Management
ComplianceMonitoring
Incident Response
Edge (external)Cross-organizational
Roles and context
8
Education, Training, Awareness
Standards, Tools,Techniques
RiskPlanning
GlueRegional or segment focus
Constituencies
Edge (internal)Within the organization
CoreEcosystem-wide
CollaborativeRisk
AssessmentGovernanceSteering
CoordinationSharing
DeliveryDoing
Security Management/Leadershi
p
Operational & Technical Practices and Controls
Research & Analysis
EventMonitoring
Technology Selection, Deployment & Management
ComplianceMonitoring
Incident Response
Edge (external)Cross-organizational
Question: Who is doing what?
9
Approach: a data-gathering worksheetGoal: complete the map of DNS SSR functions and participants for our report – and provide a foundation for a “gaps and overlaps” analysis
10
Approach: Coordinate DSSA and DNSRMF
11 11
DSS
A(fo
cus/
scop
e:
ICAN
N th
e co
mm
unity
)
Toro
ntoRefine and
consolidate
DN
SRM
F(f
ocus
/sco
pe:
ICAN
N th
e or
g)
Join
t eff
ort
Beiji
ngGather comments and feedback
Launch the Risk Mgmt. function
Public commentPublic comment
ID roles – gaps & overlaps
ID roles – gaps & overlaps
Launch the project to establish the RM
function and complete one “cycle”
Launch the project to establish the RM
function and complete one “cycle”
Determine whether
separate DSSA risk-assessment effort is needed
Determine whether
separate DSSA risk-assessment effort is needed
Revise report and obtain AC/SO endorsement
Revise report and obtain AC/SO endorsement
Obtain community feedback and
incorporate those suggestions into the RM
framework
Obtain community feedback and
incorporate those suggestions into the RM
framework
Establish community-
based portion of RM launch
project
Establish community-
based portion of RM launch
project
Complete DNS risk-management framework
Complete DNS risk-management framework
Select DNS risk-management framework
consultant and launch DNSRMF project
Select DNS risk-management framework
consultant and launch DNSRMF project
Align/Integrate DNSRMF and DSSA
findings/methods/leadership
Align/Integrate DNSRMF and DSSA
findings/methods/leadership
12
• Comment on our Phase I report
• Fill out one of our “Gaps & Overlaps” worksheets
• Comment on our plans going forward
How you can help
https://community.icann.org/x/4AB513