[gnso-thickwhoispdp-wg] risk-assessment framework
<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">hi all,<div><br></div><div>i promised to send along some materials extracted from the DSSA (DNS Security and Stability Analysis) working group where i serve as GNSO co-chair and day-to-day project leader. this is in the "break a large puzzle into smaller pieces" department.</div><div><br></div><div>i've attached a one page summary of the process that we've been working on (it's based on NIST SP 800-30 for you in the security world), and thought i'd build a list of questions that people could use as a starting point in building risk scenarios associated with the transition from thin to thick Whois. </div><div><br></div><div>Questions:</div><div><br></div><div>-- What is the description of the threat event? [1st-try, open to editing, guess -- "disclosure of non-public registrant information"]</div><div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><br></div></blockquote>-- What is the source of this threat? [options/examples -- criminals, governments, businesses, etc.]</div><div><br>-- What are the capability, intent and targeting of that threat source?<br><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><br></div></blockquote>-- What vulnerabilities might these threat-sources exploit in order to achieve their aim? [categories -- managerial, operational or technical vulnerabilities]</div><div><br>-- Where [registries, registrars?], and how severe are these vulnerabilities?<br><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><br></div></blockquote>-- What is the likelihood that such a threat would be initiated?<br><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><br></div></blockquote>-- What would the impact on the registrant be?</div><div><br></div>-- How likely is it that this impact will be felt?<br><br>-- How severe is the impact?<br><br>-- What's the range of impact (how many registrants would this be a problem for)?<br><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><br></div></blockquote><div><br></div><div><br></div>if you want to read more about this DSSA stuff, here's a link to a page where you can download the final Phase I report;<div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span><a href="https://community.icann.org/display/AW/Phase+1+Final+Report";>https://community.icann.org/display/AW/Phase+1+Final+Report</a><br><div><br></div><div>and here's a link to a page where you can download an Excel worksheet that we've been developing as an alpha-test of this tool</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>https://community.icann.org/display/AW/Risk+Scenario+worksheet</div><div><br></div><div>thanks,</div><div><br></div><div>mikey</div><div><br></div><div></div></div></body></html> Attachment:
Thick Whois - risk-assessment framework.pdf <html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><br><div><br></div><div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><br></div></blockquote></div><div><div> <br class="Apple-interchange-newline"><span style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ">PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)</span> </div> <br></div></div></div></body></html> Attachment:
smime.p7s
|