ICANN Board Approves the Risk Appetite Statement




I am pleased to announce that the ICANN Board has approved ICANN organization’s first Risk Appetite Statement. The Risk Appetite Statement articulates the level of risk that the org is willing to take and retain in order to fulfill its mission. The Board also approved publishing a summary of the statement that identifies its purpose, defines risk, and sets forth ICANN’s overarching Risk Appetite Statement. The development of this statement is the result of a multi-year process, and the Board is appreciative of the work and progress made by the Board Risk Committee and org staff.

Risk assessment is a key part of the work we do to ensure the furtherance of ICANN’s mission. By fostering a risk-aware culture that extends throughout the organization and community, we become better prepared to identify, analyze, and mitigate risk on a broad level. The Board is regularly briefed on developments in the risk landscape and on emerging risks. The Board and the org’s Executive team are ultimately responsible for knowing what risks the org faces and for approving an acceptable level of risk. The org leads the development of a robust risk management framework subject to Board oversight. The newly adopted Risk Appetite Statement is a crucial part of this overall framework.

Highlights from the Risk Appetite Statement

As a non-profit organization with a mission to ensure the security, stability, and resiliency of the Internet, the Risk Appetite Statement states that ICANN maintains a low risk appetite for risks directly related to its critical mission. The Risk Appetite Statement also indicates that the org maintains a low or medium risk-level appetite “to balance its operations with the resources required to manage the associated risks.” Together, ICANN’s overall risk appetite is “low to medium.”

Background on the Risk Appetite Statement

ICANN org’s Risk Appetite Statement was developed by the Risk Management team, and input from all teams was incorporated. It was then reviewed by the org’s Executive team and approved by our President and CEO, Göran Marby, for consideration by the Board Risk Committee. Following discussion, the Board Risk Committee recommended that the Board adopt the final Risk Appetite Statement as noted above.

I invite you to review the posted summary and let us know what you think in the Comment section below.
Domain Name SystemInternationalized Domain Name ,IDN,”IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet “”a-z””. An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European “”0-9″”. The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed “”ASCII characters”” (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of “”Unicode characters”” that provides the basis for IDNs. The “”hostname rule”” requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen “”-“”. The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of “”labels”” (separated by “”dots””). The ASCII form of an IDN label is termed an “”A-label””. All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a “”U-label””. The difference may be illustrated with the Hindi word for “”test”” — परीका — appearing here as a U-label would (in the Devanagari script). A special form of “”ASCII compatible encoding”” (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an “”LDH label””. Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as””icann.org”” is not an IDN.”



Source link