Re: [dssa] weekly status report

["Mike O'Connor" <mike@xxxxxxxxxx>]

yep!  there are several things all wrapped together in these scenarios.

-- we'll want to look at normalizing these a bit -- there's a fair amount of 
variation in the way that people approached the choosing and scaling of things 
-- part of the magnitude problem comes from the sensitivity of the arithmetic.  
each column can add an order of magnitude.  

-- we have the "one size fits all?" puzzle to look at -- some of these 
scenarios play out differently depending on what organizational vantage point 
you're looking from

-- then there's the "where's the data?" question -- i think it's fair to say 
that our evaluation in this first ("go fast") pass will have to be pretty 
subjective, with the empirical data rolling in during "go deep"

what do people think of trying to iron the "normalizing" problem out with the 
most massive amazing polling setup you've ever seen in Adobe Connect?  i'm 
thinking that we could just walk through each scenario (no more than a few 
minutes on each), take an initial-reaction poll for each column, and see if we 
can smooth out the swings a bit.  

i think if we do that, we'd have to agree not to do anything but take that 
first poll and note where we agree/disagree.  debate would have to wait 'til 
another day because i think in some cases those debates will take weeks or even 
months (and may require going off after some data).  but it would be helpful to 
get a first-reaction sense-of-the-group about these, no?

what say you?

mikey


On Apr 23, 2012, at 6:55 AM, Jörg Schweiger wrote:

> Hi Mickey, all,
> 
> not so much a comment on how you (Mikey) did summarizing but an 
> observation possible as a result of your doing so. It seems like we have 
> to make a pass through the defined scenarios as the thoughts/scales in 
> peoples minds seem to differ quite substantially. 
> Example: "Nation-state alternate root, cyber terrorism and DNS hacking" 
> (line 9) in its description refers to a risk pretty much simular to the 
> one stated in "Global, massive attack against a day zero vulnerability in 
> DNS software ..."  (line 39). Nevertheless the "calculated" overall risk 
> differs some magnitudes. And now compare both cited risks to the risk of 
> the DDOS scenario. Magnitudes again.
> 
> regards
> 
> Jörg 
> 
> ________________________________
> 
> 
> 
> 
> Von:    "Mike O'Connor" <mike@xxxxxxxxxx>
> An:     DSSA WG <dssa@xxxxxxxxx>
> Datum:  21.04.2012 17:50
> Betreff:        [dssa] weekly status report
> Gesendet von:   owner-dssa@xxxxxxxxx
> 
> 
> 
> hi all,
> 
> hey!  a status report with a red mark!  neato.  in this case i'd set a 
> target to get to preliminary consensus on the "confidential information" 
> draft on the call this week and we didn't get there.  but we learned a lot 
> and conversation has continued on the list.  we'll be back with another 
> try on the call this week.  our slippery solution will be to publish it as 
> "draft" if we can't get to consensus before Prague, but the conversation 
> is good and the draft is definitely getting better so i'm calm.
> 
> i've come up with a first-try at the "summary" worksheet we mentioned on 
> the call, and have posted it to the Worksheets page on the wiki.  it has 
> two tabs because the columns for table I-5 (Adversarial risk scenarios) 
> are slightly different than the ones in table I-6 (Non-Adversarial Risk 
> Scenarios).  i've also taken a really-preliminary try at clumping them. 
> here's the link to the page (look down at the very bottom of the page for 
> the spreadsheet -- dated 21-April-2012);
> 
> 
> https://community.icann.org/display/AW/Risk+Scenario+worksheets
> 
> thanks,
> 
> mikey
> 
> [Anhang "DSSA Status report 49 Sheet1.pdf" gelöscht von Jörg 
> Schweiger/Denic] 
> - - - - - - - - -
> phone            651-647-6109 
> fax                              866-280-2356 
> web              http://www.haven2.com
> handle           OConnorStP (ID for public places like Twitter, Facebook, 
> Google, etc.)
> 
> 
> 

- - - - - - - - -
phone   651-647-6109  
fax             866-280-2356  
web     http://www.haven2.com
handle  OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)