DSSA Update Costa Rica – March, 2012 1. Goals for today Update you on our progress Raise awareness Solicit your input 2.

Slides:



Advertisements
Similar presentations
Whois Task Force GNSO Public Forum Wellington March 28, 2006.
Advertisements

Internationalizing WHOIS Preliminary Approaches for Discussion Internationalized Registration Data Working Group ICANN Meeting, Brussels, Belgium Jeremy.
ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
Stability, Security, and Resilience Review Team Report October 2011 Alejandro Pisanty.
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
DNS Security and Stability Analysis Working Group (DSSA)
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
Policies and Procedures for Civil Society Participation in GEF Programme and Projects presented by GEF NGO Network ECW.
Advisory Group Wrap-up Richard Jones GM Delivery Service, GS1.
State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.
Ninth Lecture Hour 8:30 – 9:20 pm, Thursday, September 13
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Cairo 2 November Agenda  Guidebook overview  Supporting and explanatory materials  Guidebook Module detail  Probable timelines 2.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Joint SSR-RT/DSSA meeting DSSA Progress Update Dakar – October 2011.
Administrivia Lifecycle Architecture (LCA) group assignment will go out later today. Informal feedback meetings with LCO groups EasyShare: Mon, 2:45pm-3:15pm,
SQM - 1DCS - ANULECTURE Software Quality Management Software Quality Management Processes V & V of Critical Software & Systems Ian Hirst.
Risk Management.
Risk Assessment Frameworks
Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)
Supporting you to understand research governance and ethics Emily Lamont Senior Research Manager NFER Claire Easton Senior Research Manager NFER
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
DSSA-WG Progress Update Dakar – October Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee.
RUP Fundamentals - Instructor Notes
Impact assessment framework
Update report on GNSO- requested Whois studies Liz Gasster Senior Policy Counselor 7–12 March 2010.
Consumer Trust, Consumer Choice & Competition Presenter: Steve DelBianco Chair: Rosemary Sinclair.
Non-Native Species in the Antarctic Workshop 10, 11 & 12 April 2006.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input.
CcNSO Update for APTLD New Delhi February 2012 Keith Davidson, ccNSO Councillor.
ICANN COMMUNITY STRATEGIC PLANNING DISCUSSION Brussels, June
Update from ICANN staff on SSR Activities Greg Rattray Tuesday 21 st 2010.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
Text. #ICANN49 Data & Metrics for Policy Making Working Group Thursday 27 March 2014 – 08:00.
Multistakeholder Policy- & Decision-making
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.
1 What is OO Design? OO Design is a process of invention, where developers create the abstractions necessary to meet the system’s requirements OO Design.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
ENISA efforts for securing European Internet Infrastructure
By Team T-Rex James Houlihan And Gavin Herbert
Introducing Project Management Update December 2011.
DSSA-WG Progress Update Singapore – June Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee.
An Update of COSO’s Internal Control–Integrated Framework
Fostering Multi-Stakeholder Internet Governance Models in the Region Bill Graham, Director, ICANN Board.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input.
Arlington, VA March 31, 2004 Presentation for the Advisory Committee for Business & Operations Effective Practices Research Overview For Merit Review This.
The Objectives of the Seminar. The Seminar Objectives 1. The ASEAN Committee on Disaster Management (ACDM) launched the ASEAN Regional Program on Disaster.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
© Plan Plan’s Security Framework – A Refresher. © Plan Understanding Ourselves Values - Child Rights, Impartial, Neutral, Sensitive Mandate - Child Centred,
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
Update on Consumer Choice, Competition and Innovation (CCI) WG Rosemary Sinclair.
Security WG: Report of the Fall 2003 Meeting October 28, 2003 Howard Weiss, NASA/JPL/SPARTA.
FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
Internal Audit Quality Assessment Guide
Business Continuity Planning 101
ServiceNow Special Interest Group Phased WorkTemplate Information & Educational Technology 1 DRAFT
GAC in Nomcom Working Group ICANN56 Helsinki , June 2016
Insert title here (75 characters maximum)
Cyber security Policy development and implementation
Considerations in Development of the SBSTA Five Year Programme of Work on Adaptation Thank Mr. Chairman. Canada appreciates this opportunity to share.
Group Meeting Ming Hong Tsai Date :
An Update of COSO’s Internal Control–Integrated Framework
Taking the STANDARDS Seriously
DSC Contract Management Committee Meeting
Data Security and Protection Toolkit Assurance 2018/19
Presentation transcript:

DSSA Update Costa Rica – March,

Goals for today Update you on our progress Raise awareness Solicit your input 2

Goals and Objectives Report to respective participating SO’s and AC’s on: – Actual level, frequency and severity of threats to the DNS – Current efforts and activities to mitigate these threats to the DNS – Gaps (if any) in the current response to DNS issues – Possible additional risk mitigation activities that would assist in closing those gaps (if considered feasible and appropriate by the WG) 3

Activity since Singapore The working group has: – Developed a protocol for handling confidential information – Selected a methodology to structure the remaining work – Begun the detailed analysis of the risk assessment 4

Methodology – NIST Rationale The DSSA realized that using a predefined methodology would save time and improve our work product We selected NIST after reviewing several dozen alternatives The reasons we selected this one include: – It’s available at no cost – It’s being actively supported and maintained – It’s widely known and supported in the community – It’s likely to be consistent with the needs of other parts of ICANN (and thus our pioneering may produce something that can be “repurposed” elsewhere in the organization) – It’s available in English 5

Methodology – NIST Adversarial Risk Model An example of the model – risks from “adversarial” events (which differs from “non-adversarial” threats such as errors, accidents, etc.) Benefits: Consistent terminology Shared model Structured work Sample deliverables world 6

Where we are… Approach and status Launch Identify Threats & Vulnerabilities Analyze Threats & Vulnerabilities Analyze Threats & Vulnerabilities Report We are here – getting started with this phase of the work We are hoping to have a substantial portion of this done by Prague 7

Where we are and where we’re going Analysis phase – based on tailored NIST methods Assess threat events Assess vulnerabilities, controls and predisposing conditions Determine likelihood Determine level of impact Determine risk We have concluded that there are three threat-events: Zone does not resolve Zone is incorrect Zone security is compromised Vulnerabilities – are they severe and widespread? Predisposing conditions – are they pervasive? Controls and mitigation – are they effective and deployed? Threat sources – how broad is range of impact, what are their capabilities, how strong is their intent, are they targeting the DNS? Initiation – what is the likelihood that a threat-event will happen? In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone. Given all of the above – what are the high-risk scenarios? 8

How we work (design credit -- CLO) Live chat Polling Definitions Agenda Participants Shared document 9

Questions? 10

Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee (ALAC), the Country Code Names Supporting Organization (ccNSO), the Generic Names Supporting Organization (GNSO), the Governmental Advisory Committee (GAC), and the Number Resource Organization (NROs) acknowledged the need for a better understanding of the security and stability of the global domain name system (DNS). This is considered to be of common interest to the participating Supporting Organisations (SOs), Advisory Committees (ACs) and others, and should be preferably undertaken in a collaborative effort. 11

The methodology presumes a tiered approach to the work DSSA is chartered to look at the broadest, most general tier However we feel it may be useful to pursue one or two deeper, narrower analyses of specific threats once our “survey” work is complete Methodology – NIST Risk Management Hierarchy 12

Problem: the evaluation per NIST methodology does not scale It’s all about choices Threat tree could easily grow to over 1000 permutations Prune the tree along the way, in order to focus on the highest risks Leave a framework that can be used to address: – New things – Changes – Greater detail 13

Architecture 14

Confidential information Note: Sensitivity, attribution and release to public are determined by info-provider SensitiveNot sensitive Not attributed to source (transmitted through trusted 3 rd party or summaries of Type 1 developed by sub-group) Type 2: Distributed to sub- groups only. (Info-providers determine ultimate distribution) Info-provider authorizes release Type 3: Distributed to DSSA and public (“sanitized” info from sub- groups and other non- attributed information) Attributed to sourceType 1: Distributed to sub- groups only (under NDA, most- protected) Confidential info must never pass through this path. This is the exposure of information we’re trying to prevent. Type 4: Distributed to DSSA and public 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.