[dssa] threats-list review questions
- To: dssa@xxxxxxxxx
- Subject: [dssa] threats-list review questions
- From: "Mike O'Connor" <mike@xxxxxxxxxx>
- Date: Fri, 2 Sep 2011 07:39:31 -0500
here are the questions that emerged from the teleconference yesterday. please
think about these as you review the list.
-- are there other documents i should read/summarize/add to this list?
remember, we're still in the phase where we're adding information pretty
uncritically on the assumption that it's easier to remove things than invent
them. Patrick Jones gets the early-mover gold star on this one, he sent me two
documents *during the call*… thanks Patrick.
-- do you have suggestions about how the list is organized? this is still a
very preliminary sorting of things into categories, so feel free to take note
of duplicates, misplaced items, bad categories, etc.
we also started tipping over into analyzing the information that is already
there -- which is great, since that's coming up on the workplan anyway and
often first-impressions are the best. so let's do "adding" and "analyzing" in
parallel for a while and see how it goes. we can always drop back to a single
thread if things get out of control.
"analyzing" questions that came up on the call…
-- how do we want to identify and handle things duplicated by broader security
standards like ISO 27000 or the PCI standards? this is really two questions
for the price of one. first part -- which items are not unique to the DNS and
addressed by broader standards? second part -- what do we want to do with
those kinds of items?
-- which of these things are in or out of scope for our analysis? this
question is a whole stand-alone task on our work plan and the expectation of
the co-chairs is that we'll spend a fair amount of time/energy on this. but it
never hurts to get an early start. just recognize that i, as meeting
organizer, may cut some of that conversation short at this stage if it starts
to bog us down. rest assured that we will not emerge from this part of the
work (ie Dakar) without a well scrubbed list that will put all of the items in
one of three piles -- in-scope, out-of-scope, under-discussion.
the weather is getting REALLY bad, so that's all for now.
- - - - - - - - -
phone 651-647-6109 (try this first, but routing is currently flakey 'cause of
the hurricane so feel free to hit the cell if this number just rings)