ICANN's risk management
Dear ALAC, FYI: Board Risk Committee shared a document on ICANN's risk management with CCWG on Accountability. Publicly available at:
https://www.icann.org/en/system/files/files/summary-risk-management-process-... Best regards, Rinalia
Dear Rinalia, thank you for this pointer. I am still nervous about ICANN's tendency to mix Risks to the DNS and Risks to ICANN. These are entirely different things. As such, the first example of Risk Management sends to a reference which provides an initial, but very incomplete example of DNS Risks: https://www.icann.org/news/announcement-2014-05-28-en The document then goes on to list an unordered list of Risks. That said, I concede that any ordered list with mitigation should be kept confidential and I therefore hope that the work will be undertaken competently by risks assessment professionals. My confidence in this process could be restored if the document which you point to at least mentioned what methodology (NIST 800-30, ISO31000, CRAMM, other) ICANN would use for its analysis and mitigation scenario building. The document also appears to imply that the list of Risks quoted is complete. I note only four risks relating to scaling and renewal of the ICANN community. I have given them numbers for easy referral: 1. Policy development process is too slow or ineffective, participants decrease or stagnate, or failure to bring new stakeholders into the model. 2. Perception of failure to implement and help achieve a global multi-stakeholder distributed IG ecosystem according to the widely accepted Net Mundial Principles. 3. Possibility that current supporting organization and advisory committee (SO/AC) structures cannot scale to include and support new global entrants and participants. 4. Lack of improving trust in the multi-stakeholder model. (4) is roughly a duplicate of (2). (1) and (3) also resemble each other. None of them mention capacity building. The ALAC is on record, on several occasions, explaining that bringing new stakeholders into the model is one thing but bringing them up to date and making them operationally active with the extremely complex topics addressed in ICANN is another. I would recommend that this risk is also addressed. I assert that this risk, along with the obvious knowledge/time imbalance between people whose job is directly related to domain names, versus people who volunteer to solely defend the public interest, is much more significant than the broad search for new stakeholders. Finally, I would suggest that the links in the document be checked: they failed a direct click on all of my navigators and needed to be cleaned up prior to pointing to the correct documents. Kindest regards, Olivier On 24/01/2015 13:33, Rinalia Abdul Rahim wrote:
Dear ALAC,
FYI:
Board Risk Committee shared a document on ICANN's risk management with CCWG on Accountability.
Publicly available at:
https://www.icann.org/en/system/files/files/summary-risk-management-process-...
Best regards,
Rinalia _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
Dear Olivier, I agree. In LACRALO we have already iniciated the process of ordering of these risks and we will put them in a survey to try to prioritize. It is also likely to add some others. Kind regards Alberto Soto -----Mensaje original----- De: alac-bounces@atlarge-lists.icann.org [mailto:alac-bounces@atlarge-lists.icann.org] En nombre de Olivier MJ Crepin-Leblond Enviado el: sábado, 24 de enero de 2015 08:45 p.m. Para: Rinalia Abdul Rahim; ALAC Working List Asunto: Re: [ALAC] ICANN's risk management Dear Rinalia, thank you for this pointer. I am still nervous about ICANN's tendency to mix Risks to the DNS and Risks to ICANN. These are entirely different things. As such, the first example of Risk Management sends to a reference which provides an initial, but very incomplete example of DNS Risks: https://www.icann.org/news/announcement-2014-05-28-en The document then goes on to list an unordered list of Risks. That said, I concede that any ordered list with mitigation should be kept confidential and I therefore hope that the work will be undertaken competently by risks assessment professionals. My confidence in this process could be restored if the document which you point to at least mentioned what methodology (NIST 800-30, ISO31000, CRAMM, other) ICANN would use for its analysis and mitigation scenario building. The document also appears to imply that the list of Risks quoted is complete. I note only four risks relating to scaling and renewal of the ICANN community. I have given them numbers for easy referral: 1. Policy development process is too slow or ineffective, participants decrease or stagnate, or failure to bring new stakeholders into the model. 2. Perception of failure to implement and help achieve a global multi-stakeholder distributed IG ecosystem according to the widely accepted Net Mundial Principles. 3. Possibility that current supporting organization and advisory committee (SO/AC) structures cannot scale to include and support new global entrants and participants. 4. Lack of improving trust in the multi-stakeholder model. (4) is roughly a duplicate of (2). (1) and (3) also resemble each other. None of them mention capacity building. The ALAC is on record, on several occasions, explaining that bringing new stakeholders into the model is one thing but bringing them up to date and making them operationally active with the extremely complex topics addressed in ICANN is another. I would recommend that this risk is also addressed. I assert that this risk, along with the obvious knowledge/time imbalance between people whose job is directly related to domain names, versus people who volunteer to solely defend the public interest, is much more significant than the broad search for new stakeholders. Finally, I would suggest that the links in the document be checked: they failed a direct click on all of my navigators and needed to be cleaned up prior to pointing to the correct documents. Kindest regards, Olivier On 24/01/2015 13:33, Rinalia Abdul Rahim wrote:
Dear ALAC,
FYI:
Board Risk Committee shared a document on ICANN's risk management with CCWG on Accountability.
Publicly available at:
https://www.icann.org/en/system/files/files/summary-risk-management-pr ocess-23jan15-en.pdf
Best regards,
Rinalia _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committe e+(ALAC)
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA C) --- El software de antivirus Avast ha analizado este correo electrónico en busca de virus. http://www.avast.com
Alberto, LACRALO's input would be most welcome and appreciated by the Risk Committee. Best regards, Rinalia On Jan 25, 2015 12:56 PM, "Alberto Soto" <asoto@ibero-americano.org> wrote:
Dear Olivier, I agree. In LACRALO we have already iniciated the process of ordering of these risks and we will put them in a survey to try to prioritize. It is also likely to add some others. Kind regards
Alberto Soto
-----Mensaje original----- De: alac-bounces@atlarge-lists.icann.org [mailto:alac-bounces@atlarge-lists.icann.org] En nombre de Olivier MJ Crepin-Leblond Enviado el: sábado, 24 de enero de 2015 08:45 p.m. Para: Rinalia Abdul Rahim; ALAC Working List Asunto: Re: [ALAC] ICANN's risk management
Dear Rinalia,
thank you for this pointer. I am still nervous about ICANN's tendency to mix Risks to the DNS and Risks to ICANN. These are entirely different things.
As such, the first example of Risk Management sends to a reference which provides an initial, but very incomplete example of DNS Risks: https://www.icann.org/news/announcement-2014-05-28-en
The document then goes on to list an unordered list of Risks. That said, I concede that any ordered list with mitigation should be kept confidential and I therefore hope that the work will be undertaken competently by risks assessment professionals. My confidence in this process could be restored if the document which you point to at least mentioned what methodology (NIST 800-30, ISO31000, CRAMM, other) ICANN would use for its analysis and mitigation scenario building.
The document also appears to imply that the list of Risks quoted is complete. I note only four risks relating to scaling and renewal of the ICANN community. I have given them numbers for easy referral:
1. Policy development process is too slow or ineffective, participants decrease or stagnate, or failure to bring new stakeholders into the model. 2. Perception of failure to implement and help achieve a global multi-stakeholder distributed IG ecosystem according to the widely accepted Net Mundial Principles. 3. Possibility that current supporting organization and advisory committee (SO/AC) structures cannot scale to include and support new global entrants and participants. 4. Lack of improving trust in the multi-stakeholder model.
(4) is roughly a duplicate of (2). (1) and (3) also resemble each other. None of them mention capacity building. The ALAC is on record, on several occasions, explaining that bringing new stakeholders into the model is one thing but bringing them up to date and making them operationally active with the extremely complex topics addressed in ICANN is another. I would recommend that this risk is also addressed. I assert that this risk, along with the obvious knowledge/time imbalance between people whose job is directly related to domain names, versus people who volunteer to solely defend the public interest, is much more significant than the broad search for new stakeholders.
Finally, I would suggest that the links in the document be checked: they failed a direct click on all of my navigators and needed to be cleaned up prior to pointing to the correct documents.
Kindest regards,
Olivier
On 24/01/2015 13:33, Rinalia Abdul Rahim wrote:
Dear ALAC,
FYI:
Board Risk Committee shared a document on ICANN's risk management with CCWG on Accountability.
Publicly available at:
https://www.icann.org/en/system/files/files/summary-risk-management-pr ocess-23jan15-en.pdf
Best regards,
Rinalia _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committe e+(ALAC)
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki:
https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA C)
--- El software de antivirus Avast ha analizado este correo electrónico en busca de virus. http://www.avast.com
Dear Rinalia, we will. Kind regards Alberto De: Rinalia Abdul Rahim [mailto:rinalia.abdulrahim@gmail.com] Enviado el: lunes, 26 de enero de 2015 11:06 a.m. Para: Alberto Soto CC: ALAC Working List Asunto: RE: [ALAC] ICANN's risk management Alberto, LACRALO's input would be most welcome and appreciated by the Risk Committee. Best regards, Rinalia On Jan 25, 2015 12:56 PM, "Alberto Soto" <asoto@ibero-americano.org <mailto:asoto@ibero-americano.org> > wrote: Dear Olivier, I agree. In LACRALO we have already iniciated the process of ordering of these risks and we will put them in a survey to try to prioritize. It is also likely to add some others. Kind regards Alberto Soto -----Mensaje original----- De: alac-bounces@atlarge-lists.icann.org <mailto:alac-bounces@atlarge-lists.icann.org> [mailto:alac-bounces@atlarge-lists.icann.org <mailto:alac-bounces@atlarge-lists.icann.org> ] En nombre de Olivier MJ Crepin-Leblond Enviado el: sábado, 24 de enero de 2015 08:45 p.m. Para: Rinalia Abdul Rahim; ALAC Working List Asunto: Re: [ALAC] ICANN's risk management Dear Rinalia, thank you for this pointer. I am still nervous about ICANN's tendency to mix Risks to the DNS and Risks to ICANN. These are entirely different things. As such, the first example of Risk Management sends to a reference which provides an initial, but very incomplete example of DNS Risks: https://www.icann.org/news/announcement-2014-05-28-en The document then goes on to list an unordered list of Risks. That said, I concede that any ordered list with mitigation should be kept confidential and I therefore hope that the work will be undertaken competently by risks assessment professionals. My confidence in this process could be restored if the document which you point to at least mentioned what methodology (NIST 800-30, ISO31000, CRAMM, other) ICANN would use for its analysis and mitigation scenario building. The document also appears to imply that the list of Risks quoted is complete. I note only four risks relating to scaling and renewal of the ICANN community. I have given them numbers for easy referral: 1. Policy development process is too slow or ineffective, participants decrease or stagnate, or failure to bring new stakeholders into the model. 2. Perception of failure to implement and help achieve a global multi-stakeholder distributed IG ecosystem according to the widely accepted Net Mundial Principles. 3. Possibility that current supporting organization and advisory committee (SO/AC) structures cannot scale to include and support new global entrants and participants. 4. Lack of improving trust in the multi-stakeholder model. (4) is roughly a duplicate of (2). (1) and (3) also resemble each other. None of them mention capacity building. The ALAC is on record, on several occasions, explaining that bringing new stakeholders into the model is one thing but bringing them up to date and making them operationally active with the extremely complex topics addressed in ICANN is another. I would recommend that this risk is also addressed. I assert that this risk, along with the obvious knowledge/time imbalance between people whose job is directly related to domain names, versus people who volunteer to solely defend the public interest, is much more significant than the broad search for new stakeholders. Finally, I would suggest that the links in the document be checked: they failed a direct click on all of my navigators and needed to be cleaned up prior to pointing to the correct documents. Kindest regards, Olivier On 24/01/2015 13:33, Rinalia Abdul Rahim wrote:
Dear ALAC,
FYI:
Board Risk Committee shared a document on ICANN's risk management with CCWG on Accountability.
Publicly available at:
https://www.icann.org/en/system/files/files/summary-risk-management-pr ocess-23jan15-en.pdf
Best regards,
Rinalia _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org <mailto:ALAC@atlarge-lists.icann.org> https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committe e+(ALAC)
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org <mailto:ALAC@atlarge-lists.icann.org> https://atlarge-lists.icann.org/mailman/listinfo/alac At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA C) --- El software de antivirus Avast ha analizado este correo electrónico en busca de virus. http://www.avast.com --- El software de antivirus Avast ha analizado este correo electrónico en busca de virus. http://www.avast.com
Dear Olivier, Thank you for your comments. Part of the board's agenda for Singapore is to address the issue of risk when meeting with community on Constituency Day in Singapore. Please feel free to bring the issues and recommendations up. In the meantime, I will share your comments with the Risk Committee and staff. Do note that the list is not complete. The Risk Committee sent out a message to all SO/ACs recently requesting input to address gaps. The list does not yet reflect community input. Also, risk ranking is done internally. Actual ranking and mitigation will not be disclosed to protect the organization, but the Risk Committee would welcome any input from community to inform ICANN's risk, risk ranking and mitigation. Best regards, Rinalia On Sun, Jan 25, 2015 at 7:44 AM, Olivier MJ Crepin-Leblond <ocl@gih.com> wrote:
Dear Rinalia,
thank you for this pointer. I am still nervous about ICANN's tendency to mix Risks to the DNS and Risks to ICANN. These are entirely different things.
As such, the first example of Risk Management sends to a reference which provides an initial, but very incomplete example of DNS Risks: https://www.icann.org/news/announcement-2014-05-28-en
The document then goes on to list an unordered list of Risks. That said, I concede that any ordered list with mitigation should be kept confidential and I therefore hope that the work will be undertaken competently by risks assessment professionals. My confidence in this process could be restored if the document which you point to at least mentioned what methodology (NIST 800-30, ISO31000, CRAMM, other) ICANN would use for its analysis and mitigation scenario building.
The document also appears to imply that the list of Risks quoted is complete. I note only four risks relating to scaling and renewal of the ICANN community. I have given them numbers for easy referral:
1. Policy development process is too slow or ineffective, participants decrease or stagnate, or failure to bring new stakeholders into the model. 2. Perception of failure to implement and help achieve a global multi-stakeholder distributed IG ecosystem according to the widely accepted Net Mundial Principles. 3. Possibility that current supporting organization and advisory committee (SO/AC) structures cannot scale to include and support new global entrants and participants. 4. Lack of improving trust in the multi-stakeholder model.
(4) is roughly a duplicate of (2). (1) and (3) also resemble each other. None of them mention capacity building. The ALAC is on record, on several occasions, explaining that bringing new stakeholders into the model is one thing but bringing them up to date and making them operationally active with the extremely complex topics addressed in ICANN is another. I would recommend that this risk is also addressed. I assert that this risk, along with the obvious knowledge/time imbalance between people whose job is directly related to domain names, versus people who volunteer to solely defend the public interest, is much more significant than the broad search for new stakeholders.
Finally, I would suggest that the links in the document be checked: they failed a direct click on all of my navigators and needed to be cleaned up prior to pointing to the correct documents.
Kindest regards,
Olivier
On 24/01/2015 13:33, Rinalia Abdul Rahim wrote:
Dear ALAC,
FYI:
Board Risk Committee shared a document on ICANN's risk management with CCWG on Accountability.
Publicly available at:
https://www.icann.org/en/system/files/files/summary-risk-management-process-...
Best regards,
Rinalia _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki:
https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
On Sat, Jan 24, 2015 at 6:44 PM, Olivier MJ Crepin-Leblond <ocl@gih.com> wrote:
I am still nervous about ICANN's tendency to mix Risks to the DNS and Risks to ICANN. These are entirely different things.
+1. Should have resisted response longer.... -CAS ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
I had resisted responding to this risk business because what was missing was the contextual map; alleging risk absent context is, well, a wash. What a grab bag - or as CLO would say 'a dog's breakfast' - this is! Everybody and their halfwit brother will find something there, won't they? First of all, I cannot help but notice the bulk of them could be replaced with one phrase, 'goodwill deprivation', seeing they mostly redound to goodwill. Second of all, I'm always wary when auditors throw this bag of jack at me; the intent is never to inform but to obfuscate. Call that killing us with science. That last link to details of the 'strategic risks' doesn't work! Come to think, maybe that is where the 'sense making' takes place huh? -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Sat, Jan 24, 2015 at 7:33 AM, Rinalia Abdul Rahim < rinalia.abdulrahim@gmail.com> wrote:
Dear ALAC,
FYI:
Board Risk Committee shared a document on ICANN's risk management with CCWG on Accountability.
Publicly available at:
https://www.icann.org/en/system/files/files/summary-risk-management-process-...
Best regards,
Rinalia _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
Hi. Can ALAC members give me feedback on whether the last link in the document works for you? I am getting mixed feedback (works for some and not for others). Please include information on what browser and device you are using to access the links. Thanks! Rinalia
participants (4)
-
Alberto Soto -
Carlton Samuels -
Olivier MJ Crepin-Leblond -
Rinalia Abdul Rahim