[ALAC] ICANN's risk management

Alberto Soto asoto at ibero-americano.org
Sun Jan 25 03:58:01 UTC 2015

Dear Olivier, I agree.
In LACRALO we have already iniciated the process of ordering of these risks
and we will put them in a survey to try to prioritize.
It is also likely to add some others.
Kind regards

Alberto Soto

-----Mensaje original-----
De: alac-bounces at atlarge-lists.icann.org
[mailto:alac-bounces at atlarge-lists.icann.org] En nombre de Olivier MJ
Enviado el: sábado, 24 de enero de 2015 08:45 p.m.
Para: Rinalia Abdul Rahim; ALAC Working List
Asunto: Re: [ALAC] ICANN's risk management

Dear Rinalia,

thank you for this pointer. I am still nervous about ICANN's tendency to mix
Risks to the DNS and Risks to ICANN. These are entirely different things.

As such, the first example of Risk Management sends to a reference which
provides an initial, but very incomplete example of DNS Risks:

The document then goes on to list an unordered list of Risks. That said, I
concede that any ordered list with mitigation should be kept confidential
and I therefore hope that the work will be undertaken competently by risks
assessment professionals. My confidence in this process could be restored if
the document which you point to at least mentioned what methodology (NIST
800-30, ISO31000, CRAMM, other) ICANN would use for its analysis and
mitigation scenario building.

The document also appears to imply that the list of Risks quoted is
complete. I note only four risks relating to scaling and renewal of the
ICANN community. I have given them numbers for easy referral:

1. Policy development process is too slow or ineffective, participants
decrease or stagnate, or failure to bring new stakeholders into the model.
2. Perception of failure to implement and help achieve a global
multi-stakeholder distributed IG ecosystem according to the widely accepted
Net Mundial Principles.
3. Possibility that current supporting organization and advisory committee
(SO/AC) structures cannot scale to include and support new global entrants
and participants.
4. Lack of improving trust in the multi-stakeholder model.

(4) is roughly a duplicate of (2). (1) and (3) also resemble each other.
None of them mention capacity building. The ALAC is on record, on several
occasions, explaining that bringing new stakeholders into the model is one
thing but bringing them up to date and making them operationally active with
the extremely complex topics addressed in ICANN is another. I would
recommend that this risk is also addressed. I assert that this risk, along
with the obvious knowledge/time imbalance between people whose job is
directly related to domain names, versus people who volunteer to solely
defend the public interest, is much more significant than the broad search
for new stakeholders.

Finally, I would suggest that the links in the document be checked: they
failed a direct click on all of my navigators and needed to be cleaned up
prior to pointing to the correct documents.

Kindest regards,


On 24/01/2015 13:33, Rinalia Abdul Rahim wrote:
> Dear ALAC,
> FYI:
> Board Risk Committee shared a document on ICANN's risk management with 
> CCWG on Accountability.
> Publicly available at:
> https://www.icann.org/en/system/files/files/summary-risk-management-pr
> ocess-23jan15-en.pdf
> Best regards,
> Rinalia
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
> At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: 
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committe
> e+(ALAC)

Olivier MJ Crépin-Leblond, PhD

ALAC mailing list
ALAC at atlarge-lists.icann.org

At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki:

El software de antivirus Avast ha analizado este correo electrónico en busca de virus.

More information about the ALAC mailing list