[Owasp-iso17799] component deliverables
rich67dev at hotmail.com
Thu Oct 9 19:22:02 EDT 2003
Sam and Mark,
I see the steps for myself as such, once we get this down, we can move more
1. Read the sans docs. This will give us a lower end benchmark, based on
what mark has said.
2. Choose sections to work on, perhaps one each to start with.
3. Create outlines of content to go into sections
4. Have Mark approve , comment , cticize, laugh etc at what we propose
5. Fill in the content for the section
6. Step 4 on our results.
Once we are comforable with the level of detail required, we can take the
same approach to the other sections. I think we would then be able to set a
time in the future for a first draft, and then work backwards, would you not
agree? Mark, not to fear, yours is a quick glance and a yea or nay. In the
latter, a pointing in the right direction might be offered.
Lastly, I am not sure what your background is? For my part, I am not a
security 'guru' (hate that term btw - but am obliged to use it). So, what
I don't know, I research - which is part of the reason I have an ambition to
do such a project. I spent the past two years doing application development
and network debugging for a network security firm, I learned a lot, but was
not invovled in pen-testing and a lot of IDS or Vuln Assessement rule
writting - a bit though. I also have my CISSP, and have a tried and tested
understanding of things ISO. So, I humbly submit to you that this will be a
learning experience for me. If you can have peace with that - then all is
well - let read the Sans Docs. Then, let's chose a section to hammer out.
Thanks for pushing on this Sam...its easy to let the urgent things push out
the important ones - and for me personally this is of longer terms
rich67dev at hotmail.com
>From: "sam heinrich" <samheinrich at hotmail.com>
>To: owasp-iso17799 at lists.sourceforge.net
>Subject: [Owasp-iso17799] component deliverables
>Date: Thu, 09 Oct 2003 20:09:05 +0000
>Hi guys -
>Okay, I just lost an email that I don't think made it out to you...
>Anyway, my main point was that I get the sense that we're all pretty busy.
>I think whatever deadlines we set should be realistic about our other
>I think it will be best if we can break the policy template effort into
>component tasks, set deadlines for these, and each of us take ownership of
>one or two at a time. I haven't seen it yet, so I'll take a look at what's
>checked in tonight and see what I come up with. Rich, could you maybe send
>out a list of what you think would make good baby steps, too? Then we can
>compare notes and go forward...
>Thanks - Sam
>----Original Message Follows----
>From: "Rich Seiersen" <rich67dev at hotmail.com>
>To: samheinrich at hotmail.com, mark at curphey.com
>Subject: RE: [Owasp-iso17799] Activity?
>Date: Thu, 09 Oct 2003 19:46:45 +0000
>I just did a release to my main customer - so I too have been head down. I
>have the template, and am starting to go over it. Deadlines are a fine
>thing. What are you suggesting specifically.
>rich67dev at hotmail.com
>>From: "sam heinrich" <samheinrich at hotmail.com>
>>To: mark at curphey.com, rich67dev at hotmail.com
>>Subject: RE: [Owasp-iso17799] Activity?
>>Date: Thu, 09 Oct 2003 19:37:18 +0000
>>Hi Mark, Rich,
>>I haven't seen any OWASP-ISO17799 traffic lately - any activity? For my
>>part, I've been head-down on a project that finished Monday. How have you
>>If the policy template has been stalled out, what did you two think of my
>>earlier suggestion to set ourselves some deadlines? Regardless, Mark,
>>could add me to the OWASP project in Sourceforge so I can jump back in? I
>>just created an account under "samheinrich"...
>>From: owasp-iso17799-admin at lists.sourceforge.net
>>[mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of sam
>>Sent: Monday, September 22, 2003 12:54 PM
>>To: mark at curphey.com; rich67dev at hotmail.com;
>>owasp-iso17799 at lists.sourceforge.net
>>Subject: Re: [Owasp-iso17799] Fw: [ISN] ISO17799 Security News
>>hi guys - glad i wasn't the only one - i was out of town, too, for my
>>sisters wedding. considering how things get for all of us in our
>>work/personal lives, should we try spur ourselves on by setting a due date
>>for a input on the first draft of the policy? - sam
>>p.s. welcome amol...
>Instant message during games with MSN Messenger 6.0. Download it now FREE!
>This SF.net email is sponsored by: SF.net Giveback Program.
>SourceForge.net hosts over 70,000 Open Source Projects.
>See the people who have HELPED US provide better services:
>Click here: http://sourceforge.net/supporters.php
>Owasp-iso17799 mailing list
>Owasp-iso17799 at lists.sourceforge.net
Get MSN 8 Dial-up Internet Service FREE for one month. Limited time offer--
sign up now! http://join.msn.com/?page=dept/dialup
More information about the Owasp-iso17799