12 November, 2010

CIRT: An Update on ICANN Security Efforts

Patrick Jones, ICANN's Senior Manager of Continuity & Risk Management, writing on the ICANN Blog -- excerpts:

"As part of our effort to strengthen and improve the security, stability and continuity of ICANN internal operations, consistent with the 2010-13 Strategic Plan, the Security and Information Technology teams formalized internal incident response practices in September 2010. The ICANN Computer Incident Response Team is intended to be the primary responder in handling internal ICANN organizational information security incidents, and detail on this team is posted on our website at http://www.icann.org/en/cirt/.

In establishing an internal CIRT, ICANN is following best practices set by other operators of Internet infrastructure.

We understand there has been some confusion about whether the internal CIRT is related to the DNS-CERT initiative. The CIRT is not the foundation for a DNS-CERT. ICANN stated very clearly in Brussels, and in the summary and analysis of comments on the Security Strategic Initiatives and DNS-CERT Business Case in May 2010, that ICANN was not taking steps to operate a DNS-CERT.

No comments:

Post a Comment