Changes

}}

}}

'''RISG ( Registration Infrastructure Security Group)''' is a non-profit organization dedicated to finding solutions, and developing the best practices, to decrease the incidence of Internet security threats such as identity theft, phishing and malware distribution.

'''RISG''' ('''Registration Infrastructure Security Group''') is a non-profit organization dedicated to finding solutions, and developing the best practices, to decrease the incidence of Internet security threats such as identity theft, phishing and malware distribution.

===Background===

===Background===

==Members==

==Members==

The members of the RISG Charter include the Public Interest Registry, [[SIDN]], [[Afilias]] Limited,  [[Nominet]], [[NeuStar]], Inc.,China Internet Network Information Center ([[CNNIC]]), [[Cyveillance]], Inc., [[Melbourne IT]], [[Symantec Corporation]], [[Shinkuro]], [[GoDaddy]].com, Inc., [[MarkMonitor]], [[Network Solutions]], [[McAfee]], [[Internet Identity]], [[Verisign]],and [[InternetNZ]].<ref>[http://registrysafety.org/website/?page_id=2 Members]</ref>

The members of the RISG Charter include the Public Interest Registry, [[SIDN]], [[Afilias]] Limited,  [[Nominet]], [[NeuStar]], Inc., [[CNNIC|China Internet Network Information Center]] (CNNIC), [[Cyveillance]], Inc., [[Melbourne IT]], [[Symantec Corporation]], [[Shinkuro]], [[GoDaddy]].com, Inc., [[MarkMonitor]], [[Network Solutions]], [[McAfee]], [[Internet Identity]], [[Verisign]], and [[InternetNZ]].<ref>[http://registrysafety.org/website/?page_id=2 Members]</ref>

==Activities and Responsibilities==

==Activities and Responsibilities==

Below are the following activities and responsibilities of RISG members:<ref>[http://registrysafety.org/docs/pdf/RISG_CHARTER.pdf RISG Charter]</ref>

The following are activities and responsibilities of RISG members:<ref>[http://registrysafety.org/docs/pdf/RISG_CHARTER.pdf RISG Charter]</ref>

* Collaborate with the internet community to develop best practices for Registries and Registrars to prevent internet security threats.

* Collaborate with the Internet community to develop best practices for Registries and Registrars to prevent Internet security threats.

* Appoint a liaison to the Anti-Phishing Working Group every year.

* Appoint a liaison to the Anti-Phishing Working Group every year.

* Actively participate in dialogues and share data with RISG members to facilitate the development of policy to solve or decrease the occurrence of phishing and malware distribution.

* Actively participate in dialogues and share data with RISG members to facilitate the development of policy to solve or decrease the occurrence of phishing and malware distribution.

==RISG and ICANN==

==RISG and ICANN==

The Registry Internet Security Group commented on [[ICANN]] High Security Zone and Malicious Conduct Mitigation Programs and expressed that it can not support the major security proposals and procedural implementations included the Draft Application Guidebook ([[DAG]]). RISG emphasized that the ICANN security proposals seemed to ignore established security protocols, failed to provide adequate implementation detail and inappropriately broaden the scope of ICANN’s security responsibilities.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf registrysafety.org]</ref>

The Registry Internet Security Group commented on [[ICANN]] High Security Zone and Malicious Conduct Mitigation Programs and expressed that it can not support the major security proposals and procedural implementations included in the [[DAG|Draft Application Guidebook]] (DAG). RISG emphasized that the ICANN security proposals seemed to ignore established security protocols, failed to provide adequate implementation detail, and inappropriately broadened the scope of ICANN’s security responsibilities.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf registrysafety.org]</ref>

The RISG enumerated the following objections:<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Objections]</ref>

The RISG enumerated the following objections:<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Objections]</ref>

# Several measures that are included and not part of the ICANN's limited technical coordination role. RISG pointed that ICANN has limited technical coordination role and its primary role is to maintain the security and stability of the Domain Name System ([[DNS]]). According to RISG, this role does not extend to malicious uses of domain names.

# Several measures are included that violate ICANN's limited technical coordination role. RISG pointed out that ICANN has a limited technical coordination role and its primary role is to maintain the security and stability of the [[DNS|Domain Name System]] (DNS). According to RISG, this role does not extend to the malicious use of domain names.

# ICANN's wider policy process in developing policies related to [[Whois]] implementation and the clear disregard to the [[GNSO]].

# ICANN's wider policy process in developing policies related to [[Whois]] implementation and the clear disregard to the [[GNSO]].

# Measures included in the DAG not related to internet security such as the issue on intellectual property infringement.

# Measures included in the DAG not related to Internet security such as the issue on [[Intellectual Property|intellectual property]] infringement.

# Insufficient empirical evidence, academic study or substantive explanation for most of the proposals to demonstrate efficacy or demand.

# Insufficient empirical evidence, academic study or substantive explanation for most of the proposals to demonstrate efficacy or demand.

# Considerations for legal issues of indemnification, current contractual requirements and enforcement of current contracts is not substantial.

# Considerations for legal issues of indemnification, current contractual requirements and enforcement of current contracts are not substantial.

# The lack of consideration of the market impact particularly on differentiated service offerings by registrars.

# The lack of consideration of the market impact particularly on differentiated service offerings by registrars.

The organization recommended for ICANN to focus on the participation of cross-industry groups that have already implemented successful solutions to security threats, not to surpass the policy implementation process and to be more aware of its technical coordination role and to provide empirical data to demonstrate market demand, need, and the impact of new requirements.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Recommendations]</ref>

The organization recommended for ICANN to focus on the participation of cross-industry groups that have already implemented successful solutions to security threats, not to surpass the policy implementation process, and to be more aware of its technical coordination role and to provide empirical data to demonstrate market demand, need, and the impact of new requirements.<ref>[http://registrysafety.org/docs/pdf/RISG_MC_HSZ_Feb_2010.pdf RISG Recommendations]</ref>

==References==

==References==

[[Category:Organizations]]

[[Category:Organizations]]

 

 

__NOTOC__

__NOTOC__