Commentary re: ICANN DNS Risk Management Framework - 19 Aug 2013 version
I offer the following observations and commentary regarding gaps within the ICANN DNS Risk Management Framework DRAFT - 19 August 2013 version. * The document provides a mature framework for ICANN to utilize, as an internal facing framework. * The scope of this framework should be clearly acknowledged as an internal risk framework that is necessary for ICANN to mature it's risk management posture. * It should be clear if the framework is designed as an Enterprise Risk Management Framework for ICANN the organization or if the framework is designed as a DNS Risk Management Framework. While the title is ICANN DNS Risk Management Framework, I understand that the maturity of risk management within ICANN is not strong and that the intention of this framework is to provide an enterprise level framework. * There is nothing within this framework that is clearly tailored for DNS related risk, unlike the tools and processes prepared by the DSSA Working Group. * It doesn't appear as though the risk consultants have taken any steps to illustrate or analyze the DSSA Risk Management tools and methodology and how they contribute to the DNS Risk Management policy or procedures * The framework doesn't offer any sense of risk evaluation scales or definition. The sample Risk Register Template provides fields of information to be captured but no deeper content than a title. * The framework lacks any integration with the management of an issue or incident in the event that a risk materializes. There is no obvious linkage with existing process such as ICANN's Coordinated Vulnerability Disclosure Guidelines. Respectfully, Rick RICK KOELLER, PMP, MANAGER, PROJECT MANAGEMENT OFFICE Canadian Internet Registration Authority (CIRA) Tel: 613 237-5335 ext 254 http://www.cira.ca<http://www.cira.ca/> Trends, Commentary, Perspective. Stay tuned to cirablog.ca<http://www.cirablog.ca/> Have questions? Get answers quickly through our new live chat tool at cira.ca<http://www.cira.ca/>.