ICANN ICANN Email List Archives

[comments-dns-rmf-final-23aug13]

<<< Chronological Index >>>        Thread Index >>>

Commentary re: ICANN DNS Risk Management Framework - 19 Aug 2013 version

  • To: "comments-dns-rmf-final-23aug13@xxxxxxxxx" <comments-dns-rmf-final-23aug13@xxxxxxxxx>
  • Subject: Commentary re: ICANN DNS Risk Management Framework - 19 Aug 2013 version
  • From: Rick Koeller <rick.koeller@xxxxxxx>
  • Date: Wed, 4 Sep 2013 10:10:13 -0400
I offer the following observations and commentary regarding gaps within the 
ICANN DNS Risk Management Framework DRAFT - 19 August 2013 version.


*         The document provides a mature framework for ICANN to utilize, as an 
internal facing framework.

*         The scope of this framework should be clearly acknowledged as an 
internal risk framework that is necessary for ICANN to mature it's risk 
management posture.

*         It should be clear if the framework is designed as an Enterprise Risk 
Management Framework for ICANN the organization or if the framework is designed 
as a DNS Risk Management Framework.  While the title is ICANN DNS Risk 
Management Framework, I understand that the maturity of risk management within 
ICANN is not strong and that the intention of this framework is to provide an 
enterprise level framework.

*         There is nothing within this framework that is clearly tailored for 
DNS related risk, unlike the tools and processes prepared by the DSSA Working 
Group.

*         It doesn't appear as though the risk consultants have taken any steps 
to illustrate or analyze the DSSA Risk Management tools and methodology and how 
they contribute to the DNS Risk Management policy or procedures

*         The framework doesn't offer any sense of risk evaluation scales or 
definition. The sample Risk Register Template provides fields of information to 
be captured but no deeper content than a title.

*         The framework lacks any integration with the management of an issue 
or incident in the event that a risk materializes. There is no obvious linkage 
with existing process such as ICANN's Coordinated Vulnerability Disclosure  
Guidelines.

Respectfully,

Rick


RICK KOELLER, PMP, MANAGER, PROJECT MANAGEMENT OFFICE
Canadian Internet Registration Authority (CIRA)
Tel: 613 237-5335 ext 254 http://www.cira.ca<http://www.cira.ca/>
Trends, Commentary, Perspective.  Stay tuned to 
cirablog.ca<http://www.cirablog.ca/>
Have questions? Get answers quickly through our new live chat tool at 
cira.ca<http://www.cira.ca/>.
<<< Chronological Index >>>        Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy