Registration Infrastructure Security Group: Difference between revisions
No edit summary |
|||
(2 intermediate revisions by one other user not shown) | |||
Line 22: | Line 22: | ||
}} | }} | ||
'''RISG ( Registration Infrastructure Security Group | '''RISG''' ('''Registration Infrastructure Security Group''') is a non-profit organization dedicated to finding solutions, and developing the best practices, to decrease the incidence of Internet security threats such as identity theft, phishing and malware distribution. | ||
===Background=== | ===Background=== | ||
Line 32: | Line 32: | ||
==Activities and Responsibilities== | ==Activities and Responsibilities== | ||
The following are activities and responsibilities of RISG members:<ref>[http://registrysafety.org/docs/pdf/RISG_CHARTER.pdf RISG Charter]</ref> | |||
* Collaborate with the | * Collaborate with the Internet community to develop best practices for Registries and Registrars to prevent Internet security threats. | ||
* Appoint a liaison to the Anti-Phishing Working Group every year. | * Appoint a liaison to the Anti-Phishing Working Group every year. | ||
* Actively participate in dialogues and share data with RISG members to facilitate the development of policy to solve or decrease the occurrence of phishing and malware distribution. | * Actively participate in dialogues and share data with RISG members to facilitate the development of policy to solve or decrease the occurrence of phishing and malware distribution. | ||
Line 43: | Line 43: | ||
==RISG and ICANN== | ==RISG and ICANN== | ||
The Registry Internet Security Group commented on [[ICANN]] High Security Zone and Malicious Conduct Mitigation Programs and expressed that it can not support the major security proposals and procedural implementations included the Draft Application Guidebook ( | The Registry Internet Security Group commented on [[ICANN]] High Security Zone and Malicious Conduct Mitigation Programs and expressed that it can not support the major security proposals and procedural implementations included in the [[DAG|Draft Application Guidebook]] (DAG). RISG emphasized that the ICANN security proposals seemed to ignore established security protocols, failed to provide adequate implementation detail, and inappropriately broadened the scope of ICANN’s security responsibilities.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf registrysafety.org]</ref> | ||
The RISG enumerated the following objections:<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Objections]</ref> | The RISG enumerated the following objections:<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Objections]</ref> | ||
# Several measures | # Several measures are included that violate ICANN's limited technical coordination role. RISG pointed out that ICANN has a limited technical coordination role and its primary role is to maintain the security and stability of the [[DNS|Domain Name System]] (DNS). According to RISG, this role does not extend to the malicious use of domain names. | ||
# ICANN's wider policy process in developing policies related to [[Whois]] implementation and the clear disregard to the [[GNSO]]. | # ICANN's wider policy process in developing policies related to [[Whois]] implementation and the clear disregard to the [[GNSO]]. | ||
# Measures included in the DAG not related to | # Measures included in the DAG not related to Internet security such as the issue on [[Intellectual Property|intellectual property]] infringement. | ||
# Insufficient empirical evidence, academic study or substantive explanation for most of the proposals to demonstrate efficacy or demand. | # Insufficient empirical evidence, academic study or substantive explanation for most of the proposals to demonstrate efficacy or demand. | ||
# Considerations for legal issues of indemnification, current contractual requirements and enforcement of current contracts | # Considerations for legal issues of indemnification, current contractual requirements and enforcement of current contracts are not substantial. | ||
# The lack of consideration of the market impact particularly on differentiated service offerings by registrars. | # The lack of consideration of the market impact particularly on differentiated service offerings by registrars. | ||
The organization recommended for ICANN to focus on the participation of cross-industry groups that have already implemented successful solutions to security threats, not to surpass the policy implementation process and to be more aware of its technical coordination role and to provide empirical data to demonstrate market demand, need, and the impact of new requirements.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Recommendations]</ref> | The organization recommended for ICANN to focus on the participation of cross-industry groups that have already implemented successful solutions to security threats, not to surpass the policy implementation process, and to be more aware of its technical coordination role and to provide empirical data to demonstrate market demand, need, and the impact of new requirements.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Recommendations]</ref> | ||
==References== | ==References== | ||
Line 59: | Line 59: | ||
[[Category:Organizations]] | [[Category:Organizations]] | ||
[[Category:Glossary]] | |||
__NOTOC__ | __NOTOC__ |
Revision as of 04:54, 6 August 2011
Type: | Non-profit |
Industry: | Internet Security |
Founded: | 2008 |
Headquarters: | 1775 Wiehle Avenue, Suite 200 Reston Reston VA 20190 USA |
Country: | USA |
Website: | registrysafety.org |
Key People | |
Roelof Meijer, (Acting Chair) Jeff Neuman, Board Secretary Jay Daley, Board Treasurer Manoj Srivastava & James Bladel, Board Members |
RISG (Registration Infrastructure Security Group) is a non-profit organization dedicated to finding solutions, and developing the best practices, to decrease the incidence of Internet security threats such as identity theft, phishing and malware distribution.
Background
Public Interest Registry, registry operator of the .org gTLD, initiated the establishment of RISG in 2008. Its objective is to help improve the existing internet security. Alexa Raad, then CEO of the Public Interest Registry, was the first elected Chairman of the RISG Board.[1]
Members
The members of the RISG Charter include the Public Interest Registry, SIDN, Afilias Limited, Nominet, NeuStar, Inc., China Internet Network Information Center (CNNIC), Cyveillance, Inc., Melbourne IT, Symantec Corporation, Shinkuro, GoDaddy.com, Inc., MarkMonitor, Network Solutions, McAfee, Internet Identity, Verisign, and InternetNZ.[2]
Activities and Responsibilities
The following are activities and responsibilities of RISG members:[3]
- Collaborate with the Internet community to develop best practices for Registries and Registrars to prevent Internet security threats.
- Appoint a liaison to the Anti-Phishing Working Group every year.
- Actively participate in dialogues and share data with RISG members to facilitate the development of policy to solve or decrease the occurrence of phishing and malware distribution.
- Conduct a meeting every quarter of the year to discuss relevant issues and strategies to achieve the mission of RISG.
- Review the scope and terms of the data sharing plan.
- Adopt procedures to resolve disputes or complaints raised by RISG members.
- Review and approve any official RISG statement for publication.
- Evaluate the adequacy of the RISG Charter annually.
RISG and ICANN
The Registry Internet Security Group commented on ICANN High Security Zone and Malicious Conduct Mitigation Programs and expressed that it can not support the major security proposals and procedural implementations included in the Draft Application Guidebook (DAG). RISG emphasized that the ICANN security proposals seemed to ignore established security protocols, failed to provide adequate implementation detail, and inappropriately broadened the scope of ICANN’s security responsibilities.[4]
The RISG enumerated the following objections:[5]
- Several measures are included that violate ICANN's limited technical coordination role. RISG pointed out that ICANN has a limited technical coordination role and its primary role is to maintain the security and stability of the Domain Name System (DNS). According to RISG, this role does not extend to the malicious use of domain names.
- ICANN's wider policy process in developing policies related to Whois implementation and the clear disregard to the GNSO.
- Measures included in the DAG not related to Internet security such as the issue on intellectual property infringement.
- Insufficient empirical evidence, academic study or substantive explanation for most of the proposals to demonstrate efficacy or demand.
- Considerations for legal issues of indemnification, current contractual requirements and enforcement of current contracts are not substantial.
- The lack of consideration of the market impact particularly on differentiated service offerings by registrars.
The organization recommended for ICANN to focus on the participation of cross-industry groups that have already implemented successful solutions to security threats, not to surpass the policy implementation process, and to be more aware of its technical coordination role and to provide empirical data to demonstrate market demand, need, and the impact of new requirements.[6]