[OCC] Connections Committee
Lorna Alamri
lorna.alamri at owasp.org
Wed Jan 20 18:49:47 EST 2010
Robert,
Seems like a good list to start with. I'm wondering though if the Health
care vertical HITECH might be better to start with rather than HIPAA. As an
approach I'm wondering how hard it would be to get on their agendas? These
groups usually meet periodically. I'm wondering if the best approach
wouldn't be to set up some time for one of you guys to talk with them about
OWASP, projects, goals and direction.
Would it make sense to take a list of the regulations you've put together.
Put it into a spreadsheet, attach contacts to each of the organizations and
meeting place/time. And then prioritize the regulatory agencies to approach?
We could then decide if we would want to take a low hanging fruit approach
or look at which regulation strategically would give us the most bang.
I can put this together if everyone feels it would be a good approach.
Regards,
Lorna
On Wed, Jan 20, 2010 at 2:39 PM, Jim Manico <jim.manico at owasp.org> wrote:
> Perhaps we can come up with a generic guide for "Utilizing OWASP in
> Standards" and lure them to us. (As well as going spear-fishing for the
> big fish). We make their job easier...
>
> - Jim
>
> > Gotcha. As a side note, not that I think anyone was necessarily in
> disagreement, but I thought I'd advise a cautionary note - while I think
> it's a fine idea to tackle all of the standards I also think that's a bit
> impractical at the moment. I think we should concentrate on those that a)
> have the most bang for the buck in terms of impact and b) we think are most
> achievable. There are thousands of laws we could tackle (especially if you
> get down to the state and local level) but I think we should focus on the
> biggest for now.
> >
> > Robert Hansen, CISSP
> > CEO -- SecTheory Ltd
> > Cell: (530) 521-2542
> > FAX: (512) 628-6299
> >
> >
> > -----Original Message-----
> > From: Jim Manico [mailto:jim.manico at owasp.org]
> > Sent: Tuesday, January 19, 2010 10:48 PM
> > To: Robert Hansen
> > Cc: owasp-connections-committee at lists.owasp.org
> > Subject: Re: [OCC] Connections Committee
> >
> > Robert,
> >
> > Some follow-up info from Dan Philpot...
> >
> > ****
> >
> > Not sure about the NSA requirements but developing some contacts with
> > the folks at the CNSS (Committee for National Security Systems) would be
> > appropriate. They are the group that are doing the standards compliance
> > standards for the Intelligence Community. They've already issued CNSSI
> > 1253 (the IC counterpart to NIST SP 800-53 Revision 3). Another
> > organization to cultivate might be the CIO Council.
> >
> > ADA/508 isn't really security or an OWASP focus but it is loosely
> > related as it is another web compliance requirement in the Federal
> > government.
> >
> > Some other regulations, mandates, policies and procedures that popped
> > into my head: E-Authentication, Privacy Act, Enterprise Architecture
> > These are related to the web, security and/or to application
> > development in the Federal government.
> >
> >
>
>
> --
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Manager
> http://www.manico.net
>
> _______________________________________________
> Owasp-connections-committee mailing list
> Owasp-connections-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-connections-committee
>
--
Lorna Alamri
OWASP Connections
skype: lorna.alamri
lorna.alamri at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-connections-committee/attachments/20100120/0615d265/attachment-0001.html
More information about the Owasp-connections-committee
mailing list