Skip to main content

Board Risk Committee (RC) Meeting – Minutes

RC Attendees: Steve Crocker, Bill Graham, Ram Mohan, Mike Silber – Chair, Jonne Soininen, Kuo-Wei Wu, Gonzalo Navarro, and Suzanne Woolf

Executive and Staff Attendees:  Susanna Bennett (Chief Operating Officer), Megan Bishop (Board Support Coordinator), John Jeffrey (General Counsel and Secretary), Jacks Khawaja (Enterprise Risk Director), Randy Watanabe (Enterprise Risk Manager), Christine Willett (Vice President, gTLD Operations), John Crain (Chief Security, Stability & Resiliency Officer), and Amy Stathos (Deputy General Counsel)

Invited Attendees: Rinalia Abdul Rahim, and Asha Hemrajani

The following is a summary of discussions, actions taken, and actions identified:

  1. Action items   Staff provided a recap of the action items stemming from the Board Workshop in Istanbul and indicated that most of the noted action items will be addressed in this RC meeting.
  2. DNS Risk Assessment   Staff provided an update on the DNS Risk Assessment, noting that 23 risks were identified via the DNS Risk Assessment Project. Staff is currently assessing and categorizing each risk regarding: (a) areas within ICANN's direct control; (b) areas where ICANN can have direct influence; and (c) areas outside of ICANN's control. Staff intends to write whitepapers regarding each of the identified risks that can then be discussed. The whitepapers regarding denial of service, IP transition from IPv4 to IPv6, and DNS resolving are being drafted for discussion during ICANN 51.
    • Actions:
      • Staff to consider gathering data from APNIC regarding the usage of IPv6 and utilizing the data in the President and CEO's Community Report.
      • Staff to consider preparing whitepapers on the 23 risks identified in the DNS Risk Assessment.
      • Staff to review and report on the approach and challenges between the risk management model and the Universal Acceptance approach.
      • Staff to update the Committee on the results of the ICANN 51 DNS Risk Community Session.
  3. Enterprise Risk Management Update   Staff provided an update on the progress of the ERM Dashboard, which includes prioritization of risks and refinement of the Key Performance Indicators (KPIs). In its 10 September 2014 meeting, the RC tasked staff with: (i) gathering the 2015 risk ratings; (ii) ranking the risks according to likelihood and severity of that risk; (iii) creating a summary of the most critical risks affecting ICANN; and (iv) identifying applicable KPIs for each identified risk. Staff provided an overview of the top 10 ranked risks along with recommended KPIs. The RC discussed the identification of the top risks, the prioritization of those risks, and the refinement of the KPIs to measure the progress and expected outcome of each risk.
    • Actions:
      • Staff to confirm the identification and prioritization of the enterprise risks with the global leaders to there is consensus regarding the top ranked risks.
      • Staff to review the recommended KPIs with the global leaders to determine whether and what further refinement is needed.
  4. New gTLD Risk Update   Staff provided an overview of the new gTLD risk quantification update, identifying: (i) the Key Risks of the New gTLD Program; (ii) the mitigation efforts and existing controls applicable to each risk; (iii) the potential impact of each risk; and (iv) the likelihood of occurrence of each risk. Next steps include quantification of the costs of the identified risks, and creation of a communications plan.

Published on 6 February 2015

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."