DSSA Update Costa Rica – March, 2012 1. Goals for today Update you on our progress Raise awareness Solicit your input 2.

Slides:



Advertisements
Similar presentations
Whois Task Force GNSO Public Forum Wellington March 28, 2006.
Advertisements

Internationalizing WHOIS Preliminary Approaches for Discussion Internationalized Registration Data Working Group ICANN Meeting, Brussels, Belgium Jeremy.
Stability, Security, and Resilience Review Team Report October 2011 Alejandro Pisanty.
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
DNS Security and Stability Analysis Working Group (DSSA)
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
Advisory Group Wrap-up Richard Jones GM Delivery Service, GS1.
State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.
Ninth Lecture Hour 8:30 – 9:20 pm, Thursday, September 13
1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.
Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)
Cairo 2 November Agenda  Guidebook overview  Supporting and explanatory materials  Guidebook Module detail  Probable timelines 2.
Bridging the Gaps: Public Health and Radiation Emergency Preparedness Mr. James Kish, Director Technological Hazards National Preparedness Directorate.
Joint SSR-RT/DSSA meeting DSSA Progress Update Dakar – October 2011.
Chapter 3: The Project Management Process Groups
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO HAZID 2.
Risk Management.
Risk Assessment Frameworks
Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.
Developing the Logical Frame Work …………….
Session 16: Distribution of Geospatial Data 1 Distribution of Geospatial Data in the Public Environment Hazard Mapping and Modeling.
EOSC Generic Application Security Framework
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
DSSA-WG Progress Update Dakar – October Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee.
Impact assessment framework
Working Group #4: Network Security – Best Practices March 6, 2013 Presenters: Rod Rasmussen, Internet Identity Tony Tauber, Comcast WG #4.
Update report on GNSO- requested Whois studies Liz Gasster Senior Policy Counselor 7–12 March 2010.
Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
Consumer Trust, Consumer Choice & Competition Presenter: Steve DelBianco Chair: Rosemary Sinclair.
David N. Wozei Systems Administrator, IT Auditor.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input.
CcNSO Update for APTLD New Delhi February 2012 Keith Davidson, ccNSO Councillor.
Update from ICANN staff on SSR Activities Greg Rattray Tuesday 21 st 2010.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
Text. #ICANN49 Data & Metrics for Policy Making Working Group Thursday 27 March 2014 – 08:00.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
ENISA efforts for securing European Internet Infrastructure
By Team T-Rex James Houlihan And Gavin Herbert
Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.
Introduction to Hazards Risk Management
DSSA-WG Progress Update Singapore – June Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee.
An Update of COSO’s Internal Control–Integrated Framework
IDN UPDATE Tina Dam ICANN Chief gTLD Registry Liaison Public Forum, Wellington 30 March 2006.
Fostering Multi-Stakeholder Internet Governance Models in the Region Bill Graham, Director, ICANN Board.
Project Organization Chart Roles & Responsibilities Matrix Add Project Name.
DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input.
The Objectives of the Seminar. The Seminar Objectives 1. The ASEAN Committee on Disaster Management (ACDM) launched the ASEAN Regional Program on Disaster.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
Update on Consumer Choice, Competition and Innovation (CCI) WG Rosemary Sinclair.
FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
1 27Apr08 Some thoughts on Internet Governance and expansion of the Domain Name space Paul Twomey President and CEO 9 August 2008 Panel on Internet Governance.
Internal Audit Quality Assessment Guide
Business Continuity Planning 101
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
IS&T Project Reviews September 9, Project Review Overview Facilitative approach that actively engages a number of key project staff and senior IS&T.
Risks and Hazards to Consider Unit 3. Visual 3.1 Unit 3 Overview This unit describes:  The importance of identifying and analyzing possible hazards that.
Insert title here (75 characters maximum)
X-DIS/XBRL Phase 2 Kick-Off
Group Meeting Ming Hong Tsai Date :
Taking the STANDARDS Seriously
Effective Risk Management in Decision Making Process
DSC Contract Management Committee Meeting
Data Security and Protection Toolkit Assurance 2018/19
Presentation transcript:

DSSA Update Costa Rica – March,

Goals for today Update you on our progress Raise awareness Solicit your input 2

Charter: Goals and Objectives Report to participating SO’s and AC’s on: – Actual level, frequency and severity of threats to the DNS – Current efforts and activities to mitigate these – Gaps in the current response to DNS issues – Possible additional risk mitigation activities that would assist in closing those gaps 3

Unpacking some terms Our charter speaks to “Threats” Threat-events (what happens) should not be confused with: Adverse impacts - that may result Vulnerabilities - that allow them to happen Predisposing conditions - that help prevent them Threat-sources – that initiate them Controls and mitigation – that reduce likelihood and impact 4

Activity since Singapore The working group has: – Developed a protocol for handling confidential information – Selected, and begun to tailor, a methodology to structure the remaining work – Begun the detailed analysis of the risk assessment 5

Methodology – NIST Rationale Using a predefined methodology will save time and improve our work product Reviewed several dozen alternatives We selected this one because it’s: – Available at no cost – Actively supported and maintained – Widely known and endorsed in the community – Reusable elsewhere in ICANN 6

Methodology – NIST Example – Adversarial Risk Model 7 Benefits: Consistent terminology Shared model Structured work Sample deliverables world

Where we are… Approach 8 Launch Identify Threats & Vulnerabilities Analyze Threats & Vulnerabilities Analyze Threats & Vulnerabilities Report We are here – getting started with this phase of the work We are hoping to have a high-level version of this done by Prague

Where we are… Status 9 43 weeks (or 43 hours) in We’ve developed substantial (and reusable) – Data – Methods Given our resources, pick any 2 of 3 going forward – Detail (identify vs. analyze high-risk scenarios) – Speed (6 months vs. 36) – Accuracy

Where we are… Determinations – Threat events and level of impact 10 Threat events: Zone does not resolve Zone is incorrect Zone security is compromised Level of Impact: In the worst case there would be broad harm/consequence/impact to operations, assets, individuals, other organizations and the world if any of these threat-events occur. And in all cases there would be significant problems for registrants and users in the zone.

Where we are… Determinations – Nature of impact 11 Damage to a critical infrastructure sector Damage to trust relationships or reputation Harm to individuals Harm to assets Harm to operations

Where we are going 12 Vulnerabilities – severe and widespread? Predisposing conditions – pervasive? Controls and mitigation – effective and deployed? Threat sources – how broad is range of impact, what are their capabilities, how strong is their intent, are they targeting the DNS? Initiation – what is the likelihood that a threat-event will happen? Given all of the above – what are the high- risk scenarios?

Questions? 13

How we work (design credit -- CLO) 14 Live chat Polling Definitions Agenda Participants Shared document

Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee (ALAC), the Country Code Names Supporting Organization (ccNSO), the Generic Names Supporting Organization (GNSO), the Governmental Advisory Committee (GAC), and the Number Resource Organization (NROs) acknowledged the need for a better understanding of the security and stability of the global domain name system (DNS). This is considered to be of common interest to the participating Supporting Organisations (SOs), Advisory Committees (ACs) and others, and should be preferably undertaken in a collaborative effort. 15

The methodology presumes a tiered approach to the work DSSA is chartered to look at the broadest, most general tier However it may be useful to pursue one or two deeper, narrower analyses of specific threats once the “survey” work is complete Methodology – NIST Risk Management Hierarchy 16

Problem: the evaluation per NIST methodology does not scale It’s all about choices Threat tree could easily grow to over 1000 permutations Prune the tree along the way, in order to focus on the highest risks Leave a framework that can be used to address: – New things – Changes – Greater detail 17

Confidential information 18 Note: Sensitivity, attribution and release to public are determined by info-provider SensitiveNot sensitive Not attributed to source (transmitted through trusted 3 rd party or summaries of Type 1 developed by sub-group) Type 2: Distributed to sub- groups only. (Info-providers determine ultimate distribution) Info-provider authorizes release Type 3: Distributed to DSSA and public (“sanitized” info from sub- groups and other non- attributed information) Attributed to sourceType 1: Distributed to sub- groups only (under NDA, most- protected) Confidential info must never pass through this path. This is the exposure of information we’re trying to prevent. Type 4: Distributed to DSSA and public

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.