<<<
Chronological Index
>>> <<<
Thread Index
>>>
Forwarding comment from Anne-Marie Eklund-Löwinder
- To: "comments-dns-rmf-final-23aug13@xxxxxxxxx" <comments-dns-rmf-final-23aug13@xxxxxxxxx>
- Subject: Forwarding comment from Anne-Marie Eklund-Löwinder
- From: Patrick Jones <patrick.jones@xxxxxxxxx>
- Date: Sun, 6 Oct 2013 13:17:36 -0700
-----Ursprungligt meddelande-----
Från: Anne-Marie Eklund-Löwinder
Skickat: den 13 september 2013 23:14
Till:
comments-dns-rmf-final-23aug13@xxxxxxxxx<mailto:comments-dns-rmf-final-23aug13@xxxxxxxxx>
Ämne: ICANN DNS Risk Management Framework DRAFT - 19 August 2013 version
* PGP Signed: 2013-09-13 at 23:13:38
These are my comments regarding the ICANN DNS Risk Management Framework DRAFT -
19 August 2013 version.
The first 40 or so pages of the report is a lot of words that doesn't really
add anything substantial. To be honest, I would have expected more.
Starting on page 42 with the summary, I am of the opinion that while it is
preferable to refer to common standards, it is important to consider that ISO
31000 is a quite recent standard (2009) that hasn't been widely adopted yet.
That would be a good reason to use Risk Management systems that is more widely
spread and used already, at least as a comparison in the suggested management
system, like for instance ISO 27005 and NIST 800 Series of Risk Management
standards for Computer Security.
Nevertheless, I am convinced that ISO 31000:2009 provides generic guidelines
for the design, implementation and maintenance of risk management processes
throughout an organization. This approach to formalizing risk management
practices will facilitate broader adoption by companies who require an
enterprise risk management standard to harmonize and get the work coordinated.
The report is held on a theoretical level, and moreover, it doesn't make
perfectly clear if the suggested framework is for the ICANN organization as
such, or if it is for DNS Risk Management in specific. It might be a good start
to begin with the organizational level before one focus on specific functions
like DNS.
The report lack references of what has been done so far and how risk management
are taken care of within ICANN already.
The framework doesn't seem to be addressing DNS related risks at all, and I
regret to say that I find it hard to believe that it will be of any guidance to
ICANN on how to proceed.
With all due respect,
Anne-Marie Eklund Löwinder
Chief Information Security Officer
.SE (The Internet Infrastructure Foundation)
Direct: +46(8)-452 35 17 | Mobile: +46(73)-43 15 310
Twitter: @amelsec
Mail: PO Box 7399, SE-103 91 Stockholm, Sweden
Visitors: Ringvägen 100
https://www.iis.se/en/
* Anne-Marie Eklund-Lowinder
<anne-marie.eklund-lowinder@xxxxxx<mailto:anne-marie.eklund-lowinder@xxxxxx>>
* 0x42B1CF94
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|