[ST-WP] nearly complete draft of Applying Stress Tests

Wed Mar 18 06:54:21 UTC 2015

Dear Colleagues,

As discussed yesterday during the call, regarding stress test #11, I 
would like to suggest the following edit to the "proposed accountability 
measure".

> No measures yet suggested would force ICANN management to execute its 
> stated security procedures for employees and contractors.
>
> One proposed measure is to empower the community to force ICANN’s 
> board to implement a recommendation arising from an AoC Review – 
> namely, /Security Stability and Resiliency/.
>
Suggested addition ; best practice of accountability in terms of 
information security could be added to the CCWG recommendations. They 
include :
- adoption of audit policies including the practice of regular (at least 
once a year in terms of security) external audits, inclusion of reports 
regarding audit policy compliance into annual reports.
- certification according to security international standards (such as 
ISO 27001), and publication of outcome of certification audits summaries 
(these standards generally require regular, more focused audits)
>
> Another possibility is to empower the community to force ICANN to 
> respond to security recommendations from advisory committees such as SSAC.

While this is typically work stream 2, I guess we'd better record it 
right away.

I also believe this type of recommendation could be helpful with regards 
to stress tests #1 and #2 and, more generally, to demonstrate Icann's 
accountability to its purpose of excellence in operations. Business 
excellence standards commitment, and external assessments would 
certainly be appropriate, not only for IANA operations but for all of 
Icann operations, from the most technically oriented to the organisation 
of meetings or support of policy decisions. I can testify of this 
first-hand since this is a key reason why Afnic (other ccTLD managers 
did that as well) engaged into both EFQM external assessments (to 
demonstrate the excellence of our operations to our customers and 
stakeholders) and ISO27001 (for the security aspects).

Best
Mathieu

Le 11/03/2015 02:28, Samantha Eisner a écrit :
> Hi everyone,
>
> In advance of our call later, here are some comments, questions and 
> proposed edits.
>
> Best,
>
> Sam
>
> From: Steve DelBianco <sdelbianco at netchoice.org 
> <mailto:sdelbianco at netchoice.org>>
> Date: Friday, March 6, 2015 at 8:19 PM
> To: Cheryl Langdon-Orr <langdonorr at gmail.com 
> <mailto:langdonorr at gmail.com>>, "ccwg-accountability4 at icann.org 
> <mailto:ccwg-accountability4 at icann.org>" 
> <ccwg-accountability4 at icann.org <mailto:ccwg-accountability4 at icann.org>>
> Cc: ACCT-Staff <acct-staff at icann.org <mailto:acct-staff at icann.org>>
> Subject: [ST-WP] nearly complete draft of Applying Stress Tests
>
> Cheryl and team — the attached is a nearly-complete draft of how we 
> might apply those 25 Stress Tests 
> <https://community.icann.org/display/acctcrosscomm/ST-WP+--+Stress+Tests+Work+Party> 
> to what the CWG and CCWG are presently considering.
>
> As we’ve said, you can’t apply stress tests definitively until you 
> have a defined mechanism/structure to test.
>
> Nonetheless, we’ll do our best with the proposed mechanisms at this 
> point.
>
> Please review over the weekend and provide edits.  We can discuss on 
> our call Wednesday 11-March at 11:00 UTC.
>
> Regards,
> Steve
>
> —
> Steve DelBianco
> Executive Director
> NetChoice
> http://www.NetChoice.org <http://www.netchoice.org/> and 
> http://blog.netchoice.org <http://blog.netchoice.org/>
> +1.703.615.6206
>
>
>
>
> _______________________________________________
> Ccwg-accountability4 mailing list
> Ccwg-accountability4 at icann.org
> https://mm.icann.org/mailman/listinfo/ccwg-accountability4

-- 
*****************************
Mathieu WEILL
AFNIC - directeur général
Tél: +33 1 39 30 83 06
mathieu.weill at afnic.fr
Twitter : @mathieuweill
*****************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ccwg-accountability4/attachments/20150318/ce6dde5e/attachment.html>