[Owasp-iso17799] component deliverables

Mark Curphey mark at curphey.com
Fri Oct 10 20:49:58 EDT 2003


I think everything's a learning experience and there is always someone who
knows more than me at everything I do so we are in the same boat there. 

I will send you guys a zip files of a set of polices offline from the list.
They are copyrighted. They are probably a better set of templates than the
SANS ones but still I think a little stuffy and maybe bloated.

I think the proposal set out above is a great one. 

I am going to write my next weeks OWASP columns setting out a policy /
standards / procedure framework. I wonder if I could get you guys to take a
look at it and see what you think ? It may also be a starting point of point
of reference for this work. 

I will try and do it tomorrow and send it on.

Excited to be getting on with this at last. 



-----Original Message-----
From: owasp-iso17799-admin at lists.sourceforge.net
[mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Rich
Sent: Thursday, October 09, 2003 7:22 PM
To: samheinrich at hotmail.com; owasp-iso17799 at lists.sourceforge.net

Sam and Mark,
I see the steps for myself as such, once we get this down, we can move more
1.  Read the sans docs.  This will give us a lower end benchmark, based on
what mark has said.
2.  Choose sections to work on, perhaps one each to start with.
3.  Create outlines of content to go into sections 4.  Have Mark approve ,
comment , cticize, laugh etc at what we propose 5.  Fill in the content for
the section 6.  Step 4 on our results.

Once we are comforable with the level of detail required, we can take the
same approach to the other sections. I think we would then be able to set a
time in the future for a first draft, and then work backwards, would you not
agree?  Mark, not to fear, yours is a quick glance and a yea or nay.  In the
latter, a pointing in the right direction might be offered.

Lastly, I am not sure what your background is?  For my part,  I am not a 
security 'guru'  (hate that term btw - but am obliged to use it).   So, what

I don't know, I research - which is part of the reason I have an ambition to
do such a project.  I spent the past two years doing application development
and network debugging for a network security firm, I learned a lot, but was
not invovled in pen-testing and a lot of IDS or Vuln Assessement rule
writting - a bit though.  I also have my CISSP, and have a tried and tested
understanding of things ISO.  So, I humbly submit to you that this will be a
learning experience for me. If you can have peace with that - then all is
well - let read the Sans Docs.  Then, let's chose a section to hammer out.

Thanks for pushing on this Sam...its easy to let the urgent things push out
the important ones - and for me personally this is of longer terms

Richard Seiersen
rich67dev at hotmail.com

>From: "sam heinrich" <samheinrich at hotmail.com>
>To: owasp-iso17799 at lists.sourceforge.net
>Subject: [Owasp-iso17799] component deliverables
>Date: Thu, 09 Oct 2003 20:09:05 +0000
>Hi guys -
>Okay, I just lost an email that I don't think made it out to you...  
>Anyway, my main point was that I get the sense that we're all pretty busy.

>I think whatever deadlines we set should be realistic about our other 
>I think it will be best if we can break the policy template effort into 
>component tasks, set deadlines for these, and each of us take ownership 
>of one or two at a time.  I haven't seen it yet, so I'll take a look at 
>what's checked in tonight and see what I come up with.  Rich, could you 
>maybe send out a list of what you think would make good baby steps, 
>too?  Then we can compare notes and go forward...
>Thanks - Sam
>----Original Message Follows----
>From: "Rich Seiersen" <rich67dev at hotmail.com>
>To: samheinrich at hotmail.com, mark at curphey.com
>Subject: RE: [Owasp-iso17799] Activity?
>Date: Thu, 09 Oct 2003 19:46:45 +0000
>I just did a release to my main customer - so I too have been head 
>down.  I have the template, and am starting to go over it.  Deadlines 
>are a fine thing.  What are you suggesting specifically.
>Richard Seiersen
>rich67dev at hotmail.com
>>From: "sam heinrich" <samheinrich at hotmail.com>
>>To: mark at curphey.com, rich67dev at hotmail.com
>>Subject: RE: [Owasp-iso17799] Activity?
>>Date: Thu, 09 Oct 2003 19:37:18 +0000
>>Hi Mark, Rich,
>>I haven't seen any OWASP-ISO17799 traffic lately - any activity?  For 
>>my part, I've been head-down on a project that finished Monday.  How 
>>have you been?
>>If the policy template has been stalled out, what did you two think of 
>>my earlier suggestion to set ourselves some deadlines?  Regardless, 
>>Mark, could add me to the OWASP project in Sourceforge so I can jump 
>>back in?  I just created an account under "samheinrich"...
>>-----Original Message-----
>>From: owasp-iso17799-admin at lists.sourceforge.net
>>[mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of sam 
>>Sent: Monday, September 22, 2003 12:54 PM
>>To: mark at curphey.com; rich67dev at hotmail.com; 
>>owasp-iso17799 at lists.sourceforge.net
>>Subject: Re: [Owasp-iso17799] Fw: [ISN] ISO17799 Security News
>>hi guys - glad i wasn't the only one - i was out of town, too, for my 
>>sisters wedding.  considering how things get for all of us in our 
>>work/personal lives, should we try spur ourselves on by setting a due 
>>date for a input on the first draft of the policy?  - sam
>>p.s. welcome amol...
>Instant message during games with MSN Messenger 6.0. Download it now FREE!

>This SF.net email is sponsored by: SF.net Giveback Program.
>SourceForge.net hosts over 70,000 Open Source Projects.
>See the people who have HELPED US provide better services:
>Click here: http://sourceforge.net/supporters.php
>Owasp-iso17799 mailing list
>Owasp-iso17799 at lists.sourceforge.net

Get MSN 8 Dial-up Internet Service FREE for one month.  Limited time offer--

sign up now!   http://join.msn.com/?page=dept/dialup

This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
Owasp-iso17799 mailing list
Owasp-iso17799 at lists.sourceforge.net

More information about the Owasp-iso17799 mailing list