Changes

| headquarters = 1775 Wiehle Avenue, Suite 200<br>Reston Reston VA 20190 USA

'''RISG ''' ( '''Registration Infrastructure Security Group)''' ) is a non-profit organization dedicated in to finding solutions or , and developing the best practices , to decrease the incidence of internet Internet security threats such as identity theft, phishing and malware distribution. ===Background===[[Public Interest Registry]], registry operator of the [[.org]] [[gTLD]], initiated the establishment of RISG in 2008. Its objective is to help improve the existing internet security. [[Alexa Raad]], then CEO of the Public Interest Registry, was the first elected Chairman of the RISG Board.<ref>[http://www.afilias.info/news/2008/10/17/industry-safety-group-announces-formation-improve-internet-security www.afilias.info]</ref> ==Members==The members of the RISG Charter include the Public Interest Registry, [[SIDN]], [[Afilias]] Limited, [[Nominet]], [[NeuStar]], Inc., [[CNNIC|China Internet Network Information Center]] (CNNIC), [[Cyveillance]], Inc., [[Melbourne IT]], [[Symantec Corporation]], [[Shinkuro]], [[GoDaddy]].com, Inc., [[MarkMonitor]], [[Network Solutions]], [[McAfee]], [[Internet Identity]], [[Verisign]], and [[InternetNZ]].<ref>[http://registrysafety.org/website/?page_id=2 Members]</ref> ==Activities and Responsibilities==The following are activities and responsibilities of RISG members:<ref>[http://registrysafety.org/docs/pdf/RISG_CHARTER.pdf RISG Charter]</ref>* Collaborate with the Internet community to develop best practices for Registries and Registrars to prevent Internet security threats.* Appoint a liaison to the Anti-Phishing Working Group every year.* Actively participate in dialogues and share data with RISG members to facilitate the development of policy to solve or decrease the occurrence of phishing and malware distribution.* Conduct a meeting every quarter of the year to discuss relevant issues and strategies to achieve the mission of RISG.* Review the scope and terms of the data sharing plan.* Adopt procedures to resolve disputes or complaints raised by RISG members.* Review and approve any official RISG statement for publication.* Evaluate the adequacy of the RISG Charter annually.

==BackgroundRISG and ICANN==The Registry Internet Security Group commented on [[Public Interest RegistryICANN]], registry operator of High Security Zone and Malicious Conduct Mitigation Programs and expressed that it can not support the major security proposals and procedural implementations included in the [[.orgDAG|Draft Application Guidebook]] generic top level domain name ([[gTLD]]DAG) initiated . RISG emphasized that the establishment of RISG in 2008. Its objective is ICANN security proposals seemed to ignore established security protocols, failed to help improve provide adequate implementation detail, and inappropriately broadened the existing internet scope of ICANN’s securityresponsibilities.<ref>[http://wwwregistrysafety.afilias.infoorg/newsdocs/2008pdf/10/17/industry-safety-group-announces-formation-improve-internet-security Industry Safety Group Announces Formation to Improve Internet SecurityRISG_MC_HSZ_Feb_2010.pdf registrysafety.org]</ref>

==Founding Members==The Founders and first members of RISG enumerated the following objections:<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Board include:Objections]</ref>* '''Chair:''# Several measures are included that violate ICANN' s limited technical coordination role. RISG pointed out that ICANN has a limited technical coordination role and its primary role is to maintain the security and stability of the [[Alexa RaadDNS|Domain Name System]](DNS). According to RISG, Public Interest Registry this role does not extend to the malicious use of domain names.* '''Vice-Chair:''# ICANN' s wider policy process in developing policies related to [[Roelof MeijerWhois]], implementation and the clear disregard to the [[SIDNGNSO]] .* '''Secretary:''' # Measures included in the DAG not related to Internet security such as the issue on [[David CowingsIntellectual Property|intellectual property]]infringement.# Insufficient empirical evidence, academic study or substantive explanation for most of the proposals to demonstrate efficacy or demand.# Considerations for legal issues of indemnification, [[Symantec Corporation]] current contractual requirements and enforcement of current contracts are not substantial.# The lack of consideration of the market impact particularly on differentiated service offerings by registrars.

* '''Members:''' * [[Jay Daley]]The organization recommended for ICANN to focus on the participation of cross-industry groups that have already implemented successful solutions to security threats, [[Nominet]] * Robert Flaimnot to surpass the policy implementation process, Federal Bureau and to be more aware of Investigation) * Thomas Grassoits technical coordination role and to provide empirical data to demonstrate market demand, need, Federal Bureau and the impact of Investigation * new requirements.<ref>[[Adam Palmer]], Public Interest Registry * [[David Maher]], Public Interest Registry * [[Steve Crocker]], Shinkuro * [[Greg Aaron]], [[Afilias]] * [[Ram Mohan]], Afilias * [[Wayne Thayer]], [[Go Daddy]] Group* [[Manoj Srivastava]], [[Cyveillance, Inchttp://registrysafety.]] * [[Maria Mokina]], [[org/docs/pdf/RISG_MC_HSZ_Feb_2010.RU]pdf RISG Recommendations]</ref>