1 / 11

RISK MANAGEMENT OF DOMAIN NAME ABUSES

RISK MANAGEMENT OF DOMAIN NAME ABUSES. 1 November 2010 Soon Wei San, Senior Mgr (SGNIC). Agenda. Introduction - What is risk management & risk management methodology? Our Experience - Risk Identification and Analysis Our Experience - Risk Control and Monitoring. What is Risk Management?.

srichmond
Download Presentation

RISK MANAGEMENT OF DOMAIN NAME ABUSES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RISK MANAGEMENT OF DOMAIN NAME ABUSES 1 November 2010 Soon Wei San, Senior Mgr (SGNIC)

  2. Agenda Introduction - What is risk management & risk management methodology? Our Experience - Risk Identification and Analysis Our Experience - Risk Control and Monitoring

  3. What is Risk Management? Risks are “Uncertainties which impact our objectives” Not risk avoidance (Fail safe) Being prepared for the worst (Safe fail)

  4. Risk Management Methodology Risk identification (knowing our risks), Risk analysis (understanding our risks), Risk control (responding to our risks), and Risk monitoring (keeping an eye on our risks).

  5. Risk Identification & Analysis Domain Name Abuses

  6. Risk Control = 3 Lines of Defense

  7. Preventive Controls Clear policy and contractual terms specifying what acts of abuse are prohibited. Include generic terms to handle all unforeseen abuse situations. Powers to suspend or delete names (immediate or with notice). Reserve names deemed undesirable. Rigorous check on registration eligibility at the point of application.

  8. Detective and Responsive Controls Daily screening with special focus on high risk category (i.e. wrong category), bulk registrations, dubious looking contact info (e.g. abc.gmail.com for aptld.org.sg). Establish working arrangements with relevant Authorities. Where names are not allowed for trade, review names with nameservers of auction sites. Act on complaints quickly.

  9. Detective and Responsive Controls Establish a Business Intelligence Response Centre to sieve out names that might be subject to abuse. For names that we have a reason to suspect abuse, we will freeze the names prior to engaging the registrars/registrants to ask for information. For all the controls established, it is important to have clear documentation of the procedures.

  10. Risk Monitoring Continue to keep an eye on the risks.

  11. Thank You!

More Related