Skip to main content
Resources

Board Risk Committee (RC) – Minutes

RC Attendees: Steve Crocker, Ray Plzak, Mike Silber – Chair, Bruce Tonkin, R. Ramaraj, Thomas Roessler, and Suzanne Woolf

Other Board Attendees: George Sadowsky, Ram Mohan and Thomas Narten

RC Apologies: Judith Vazquez

Staff Attendees: Akram Atallah – Chief Operational Officer; Xavier Calvez – Chief Financial Officer; John Jeffrey – General Counsel and Secretary; Jeff Moss – Chief Security Officer; Kurt Pritz – Chief Strategy Officer, Stakeholder Relations; Edward Beck, Megan Bishop, Michelle Bright, Samantha Eisner, Daniel Halloran, Patrick Jones, Denise Michel and Amy Stathos


The following is a summary of discussions, actions taken and actions identified:

  1. Minutes of Previous Meeting: The RC approved the minutes of its previous meeting in September 2012.
  2. ICANN Strategic Risks: Staff provided the RC with a review of the high-level areas that have been the focus of ICANN's risk management efforts. Staff also discussed ICANN's work in coordinating cross-functional risk management teams to continually discuss risks. A risk template was also introduced, as a format to help deal with risk-related issues in common terminology across the organization.
    • Action:
      • Staff to refine template to incorporate standard risk management terminology.
  3. DNS Risk Management Framework WG: Staff reported that the RFP was posted after Prague and a consultant has been identified to assist with the DNS Risk Management Framework. The WG that was formed to oversee this effort will likely then be folded into the RC for continued oversight of this work, though the WG has not yet formalized any transition plans. Staff reported that the finalized framework is expected to be delivered in 2013 (with comments on drafts prior), and will describe roles, responsibilities, authority and accountability for each component. The framework will address some of the recommendations coming out of the Security and Stability Review Team. The RC also discussed how it can plan and bring in ad hoc expertise from other Board members as its necessary.
    • Action:
      • Chair of WG and Chair of RC to discuss transition and knowledge transfer from the WG to the RC.
      • RC to draft note for Board Governance Committee regarding the Board member skills that are useful for service on the RC.
  4. MyICANN: The RC received a presentation on the introduction of MyICANN, which will initially serve to aggregate information from public sites to form streams to organize activity within ICANN. Staff confirmed that the security staff has reviewed the MyICANN platform to assess risks and mitigation. There is a long-term focus on increasing security within the platform. The RC received a report on the coordination among ICANN's security, legal and IT teams to assure that the MyICANN vendor is aware of ICANN's needs, including receipt of security procedures documentation, access needs and additional items that will be incorporated into standard evaluation and use of other third-party hosted systems by ICANN. Staff confirmed that risk assessment for future phases is already underway.
  5. New gTLD Risk Area Summary: The RC received a report from staff on the areas of risk within the New gTLD Program that have been reviewed and are being tracked with the New gTLD Program Committee, as well as work on the ongoing risk assessment and analysis over the Program.
  6. Any Other Business: The RC raised the issue of cloud computing and requested some risk guidance on the use of cloud services and mobile devices. The RC also discussed how it can better track comprehensive risks to the organization, including a regular reporting structure and cycle.
    • Action:
      • Staff to provide information and guidelines on the use of cloud computing and mobile devices.
      • Staff to provide an update to a comprehensive risk matrix for ICANN.
      • The RC should review the document at its next face-to-face meeting to refine the document and assure it meets the organization's needs.
      • Each RC meeting should begin with a short review to identify the changes to the risk matrix.
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."