[ST-WP] nearly complete draft of Applying Stress Tests
Mathieu Weill
mathieu.weill at afnic.fr
Wed Mar 18 06:54:21 UTC 2015
Dear Colleagues,
As discussed yesterday during the call, regarding stress test #11, I
would like to suggest the following edit to the "proposed accountability
measure".
> No measures yet suggested would force ICANN management to execute its
> stated security procedures for employees and contractors.
>
> One proposed measure is to empower the community to force ICANN’s
> board to implement a recommendation arising from an AoC Review –
> namely, /Security Stability and Resiliency/.
>
Suggested addition ; best practice of accountability in terms of
information security could be added to the CCWG recommendations. They
include :
- adoption of audit policies including the practice of regular (at least
once a year in terms of security) external audits, inclusion of reports
regarding audit policy compliance into annual reports.
- certification according to security international standards (such as
ISO 27001), and publication of outcome of certification audits summaries
(these standards generally require regular, more focused audits)
>
> Another possibility is to empower the community to force ICANN to
> respond to security recommendations from advisory committees such as SSAC.
While this is typically work stream 2, I guess we'd better record it
right away.
I also believe this type of recommendation could be helpful with regards
to stress tests #1 and #2 and, more generally, to demonstrate Icann's
accountability to its purpose of excellence in operations. Business
excellence standards commitment, and external assessments would
certainly be appropriate, not only for IANA operations but for all of
Icann operations, from the most technically oriented to the organisation
of meetings or support of policy decisions. I can testify of this
first-hand since this is a key reason why Afnic (other ccTLD managers
did that as well) engaged into both EFQM external assessments (to
demonstrate the excellence of our operations to our customers and
stakeholders) and ISO27001 (for the security aspects).
Best
Mathieu
Le 11/03/2015 02:28, Samantha Eisner a écrit :
> Hi everyone,
>
> In advance of our call later, here are some comments, questions and
> proposed edits.
>
> Best,
>
> Sam
>
> From: Steve DelBianco <sdelbianco at netchoice.org
> <mailto:sdelbianco at netchoice.org>>
> Date: Friday, March 6, 2015 at 8:19 PM
> To: Cheryl Langdon-Orr <langdonorr at gmail.com
> <mailto:langdonorr at gmail.com>>, "ccwg-accountability4 at icann.org
> <mailto:ccwg-accountability4 at icann.org>"
> <ccwg-accountability4 at icann.org <mailto:ccwg-accountability4 at icann.org>>
> Cc: ACCT-Staff <acct-staff at icann.org <mailto:acct-staff at icann.org>>
> Subject: [ST-WP] nearly complete draft of Applying Stress Tests
>
> Cheryl and team — the attached is a nearly-complete draft of how we
> might apply those 25 Stress Tests
> <https://community.icann.org/display/acctcrosscomm/ST-WP+--+Stress+Tests+Work+Party>
> to what the CWG and CCWG are presently considering.
>
> As we’ve said, you can’t apply stress tests definitively until you
> have a defined mechanism/structure to test.
>
> Nonetheless, we’ll do our best with the proposed mechanisms at this
> point.
>
> Please review over the weekend and provide edits. We can discuss on
> our call Wednesday 11-March at 11:00 UTC.
>
> Regards,
> Steve
>
> —
> Steve DelBianco
> Executive Director
> NetChoice
> http://www.NetChoice.org <http://www.netchoice.org/> and
> http://blog.netchoice.org <http://blog.netchoice.org/>
> +1.703.615.6206
>
>
>
>
> _______________________________________________
> Ccwg-accountability4 mailing list
> Ccwg-accountability4 at icann.org
> https://mm.icann.org/mailman/listinfo/ccwg-accountability4
--
*****************************
Mathieu WEILL
AFNIC - directeur général
Tél: +33 1 39 30 83 06
mathieu.weill at afnic.fr
Twitter : @mathieuweill
*****************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ccwg-accountability4/attachments/20150318/ce6dde5e/attachment.html>
More information about the Ccwg-accountability4
mailing list