[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: updated charter



Here's the text version of the draft. It's not very pretty but I think
you'll be able to review it. I'll cc the list in case others would prefer
this format.

Barb

[Image][Image][Image][Image][Image][Image][Image][Image][Image][Image][Image
][Image]
  ------------------------------------------------------------------------

G and R for Security Incident Processing (grip)

Last Modified: 28-Jan-99

Chair(s):

Barbara Fraser <byf@cert.org>
K.-P. Kossakowski <klaus-peter@kossakowski.de>

Operations and Management Area Director(s):

Harald Alvestrand <Harald.Alvestrand@maxware.no>
Bert Wijnen <wijnen@vnet.ibm.com>

Operations and Management Area Advisor:

Harald Alvestrand <Harald.Alvestrand@maxware.no>

Mailing Lists:

General Discussion:<grip-wg@uu.net>
To Subscribe: <grip-wg-request@uu.net>
Archive: http://www-ext.eng.uu.net/grip-wg/grip-wg.txt

Description of Working Group:

The full name of this working group is Guidelines and Recommendations for
Security Incident Processing.

This working group is co-chartered by the Security Area.

The purpose of the GRIP Working Group is to provide guidelines and
recommendations to facilitate the consistent handling of security incidents
in the Internet community. Guidelines will address technology vendors,
network service providers and response teams in their roles assisting
organizations in resolving security incidents. These relationships are
functional and can exist within and across organizational boundaries.

The working group will produce a set of documents:

1) Guidelines for security incident response teams (IRT).

2) Guidelines for internet service providers (ISP) consisting of three
documents covering the following topics:

   * Expectations on how ISPs will coordinate with each other and IRTs in
     incident handling
   * Consumer Checklist on ISPs
   * Site Security Handbook (SSH) Addendum for ISPs

3) Guidelines for vendors (technology producers).

Goals and Milestones:

 March 98    "Expectations for Security Incident Response" submitted  done
             to IESG
 May 98      "Expectations for Security Incident Response" accepted   done
             as Best Current Practice
 June 98     "Expectations for Security Incident Response" published  done
             as RFC 2350
 Februrary 99Split actual draft on ISPs (grip-isp-07) into three new
             drafts reflecting the new outline and incorporate
             comments from December 98 meeting:

                * Expectations for ISPs
                * Consumer Checklist on ISPs
                * SSH Addendum for ISPs

             Create new version of actual draft as grip-isp-08 to
             provide readers with a roadmap through the new drafts.
             Release new versions of all for grip-isp-... drafts.
 February 99 Put all previous discussion results about the document
             for technology providers into a first draft.
 March 99    Meet during the IETF.
             Discuss latest versions of all grip-isp-... documents.
             Discuss draft document for technology provider.
 May 99      Incorporate comments from April meeting into the
             discussed versions of all grip-isp-... documents as
             appropriate.
             Release all versions for WG last call.
             Second draft of technology provider document grip-tp-01.
 June 99     Submit all current drafts of the grip-isp-... documents
             to the IESG for consideration as Best Current Practice.
 July 99     Second draft of technolgy provider document grip-tp-02.
 August 99   Meeting during the IETF.
             Discuss latest version of grip-tp-... documents.
 September 99Incorporate comments from August meeting into the
             discussed version of the grip-tp-... document.
             Release versions for working group last call.
 October 99  Submit current draft of the grip-tp-... document to the
             IESG for consideration as Best Current Practice.

Internet-Drafts:

Security Expectations for Internet Service Providers (60667 bytes)

Request For Comments:

Expectations for Computer Security Incident Response (RFC 2350) (86545
bytes)
  ------------------------------------------------------------------------
IETF Secretariat - Please send questions, comments, and/or suggestions to
ietf-web@ietf.org.

[Image]  Return to working group directory.

[Image]  [Image] Return to IETF home page.