Security is an ongoing issue for the domain name system and TLD registries are at the forefront of dealing with it.
So in 2011 CENTR, on its membersâ request, created a Security Working Group for ccTLDs to share security best practices and discuss ways to mitigate security risks, the latest CENTR News highlights.
At a recent workshop in Brussels and for the second time a workshop was dedicated to one topic only, the ISO 27001 security standard.
âOver the past few years I got a lot of questions from colleagues from other ccTLDs about ISO 27001,â Bert ten Brinke, Security Officer with SIDN, Chair of the CENTR Security working group and expert in the field of ISO 27001 told CENTR News. âAfter a short inventory, the idea was born to organise a workshop completely focused on ISO 27001.â
âISO forces you to build a process to deal with security risks within and around your organisation and its core tasks,â reported CENTR News. âWhen everyone involved starts to operate according to this process an organisationâs security will become less dependent on individual employees. Bert ten Brinke feels this is the main reason why ISO 27001 increases the chance of a better secured registry.â
âThere are alternative standards that can be useful for ccTLDs and itâs of course possible to build your own processes follow your own standards. But by doing so, youâll risk having to explain your standard over and over again. Official standards donât have that issue. They are already accepted and used by a whole community.
âFor companies there are a lot of security standards which can be used. Examples are: the American COBIT (Control Objectives for Information and Related Technology), which is an IT governance framework that addresses every aspect of IT and the originally British ISO 27001(International Organization for Standardization). COBIT lays more focus on Risk Management and following Bert ten Brinke it is more difficult to implement than the ISO27001 standard.â
âIt is important to build a standard according to your organisation and not the other way aroundâ. This is Bertâs main advice for ccTLDs that are considering implementing systematic security processes by means of an official standard. Furthermore, in order to start implementing security processes in a successful way the full support of the CEO or Managing Director is crucial.
âAn ISO certificate is an engagement for the future. When you are certified ISO27001 for the first time this is only the beginning. Each year you have to proof that you are âworthâ the certificate and after three years, you have to recertify. For most companies itâs a never ending circle of security improvement.
On registry to recently acquire ISO27001 certification was nic.at, the registry for .at domain names. The announcement was made at the recent Domain Pulse conference held in Salzburg, Austria, and Richard Wein, General Manager, said the certification was proof of the registryâs dedication to security of .at domain names.
Elsewhere in the February 2014 edition of CENTR News, there are articles on CENTR preparations for the next Internet Governance Forum meeting to be held in Istanbul in September. Plus an update on DNSSEC in Europe, which shows there are two-thirds (67%) of registries that have implemented the security standard and a quarter (26%) planning its implementation, which are the findings of a survey of 26 ccTLD registries.
Plus there is a Q&A with Nominet Brand Manager Becky Bradburn and a European ccTLD update.
To download the latest CENTR News, go to https://centr.org/news/european-cctld-news-february-2014.