From mark at curphey.com Fri Apr 9 15:49:03 2004 From: mark at curphey.com (Mark Curphey) Date: Fri, 9 Apr 2004 15:49:03 -0400 Subject: [Owasp-iso17799] Project Brief In-Reply-To: <002b01c40d69$af7c90c0$6401a8c0@GIANTS> Message-ID: <200404091949.PAA09889@ajax.cnchost.com> Hi team I plan to make a lot of changes to the web site this weekend to prime AppSec 2004, the OWASP conference. Do we think its possible to nail down a release date for the document ? Any chance of some screen shots from Rich's tool ? -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Stan Guzik Sent: Thursday, March 18, 2004 11:22 PM To: owasp-iso17799 at lists.sourceforge.net Subject: [Owasp-iso17799] Project Brief Hello Everyone, We have some new people in our group so I just want to give a brief description of our documentation project and share some ideas for future versions. The first version of the document focuses on operations of a secure web application in production. This is basically the creation of policies and procedure for everyday management of systems in production. We are creating form templates based on the 17799 standard that will help organizations implement the standard. Management can uses these form templates to document their operational policies/procedures. I know the OWASP website states the project will include designing and developing but it's an old statement that I'll update this weekend. We are taking a unique approach in creating 17799 templates. I have seen many documents explaining 17799 and how to audit it but I never seen a document giving you ready to use templates that you can build upon. This approach reminds me how software developers constantly share and reuse code but I rarely see this in management procedures.. It looks like the next phase of this project will include a management tool that will incorporate our 17799 work. Currently Rich Seiersen is developing the tool. Also Adrian Wiesmann is awaiting our templates because he will integrate them into his Security Officers Best Friend tool database. The next phase of the project is open and feedback is appreciated. We can include multiple version of our templates targeted at vertical markets like banking, brokerage, insurance, pharmaceutical, telecom, or etc. Or we can create an audit section or something else. Anyone what to share your thoughts? Thanks, Stan ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 From rich67dev at hotmail.com Fri Apr 9 16:27:47 2004 From: rich67dev at hotmail.com (Rich Seiersen) Date: Fri, 09 Apr 2004 20:27:47 +0000 Subject: [Owasp-iso17799] Project Brief Message-ID: Mark, Here are some screen shots. 1. Is the home page 2. Is the final page of the wizard - Gantt + item descriptions 3. The creation page. I want to hold off on public access to the site until we are ready with a tarball for download, config file etc.... ;-) We should be ready too look at making it sourceforgeable within the next month or so. Richard Seiersen rich67dev at hotmail.com >From: "Mark Curphey" >To: , >Subject: RE: [Owasp-iso17799] Project Brief >Date: Fri, 9 Apr 2004 15:49:03 -0400 > >Hi team > >I plan to make a lot of changes to the web site this weekend to prime >AppSec >2004, the OWASP conference. > >Do we think its possible to nail down a release date for the document ? > >Any chance of some screen shots from Rich's tool ? > >-----Original Message----- >From: owasp-iso17799-admin at lists.sourceforge.net >[mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Stan Guzik >Sent: Thursday, March 18, 2004 11:22 PM >To: owasp-iso17799 at lists.sourceforge.net >Subject: [Owasp-iso17799] Project Brief > >Hello Everyone, > >We have some new people in our group so I just want to give a brief >description of our documentation project and share some ideas for future >versions. > >The first version of the document focuses on operations of a secure web >application in production. This is basically the creation of policies and >procedure for everyday management of systems in production. We are >creating >form templates based on the 17799 standard that will help organizations >implement the standard. Management can uses these form templates to >document >their operational policies/procedures. > >I know the OWASP website states the project will include designing and >developing but it's an old statement that I'll update this weekend. We are >taking a unique approach in creating 17799 templates. I have seen many >documents explaining 17799 and how to audit it but I never seen a document >giving you ready to use templates that you can build upon. >This approach reminds me how software developers constantly share and reuse >code but I rarely see this in management procedures.. > >It looks like the next phase of this project will include a management tool >that will incorporate our 17799 work. Currently Rich Seiersen is >developing >the tool. Also Adrian Wiesmann is awaiting our templates because he will >integrate them into his Security Officers Best Friend tool database. > >The next phase of the project is open and feedback is appreciated. We can >include multiple version of our templates targeted at vertical markets like >banking, brokerage, insurance, pharmaceutical, telecom, or etc. Or we can >create an audit section or something else. Anyone what to share your >thoughts? > >Thanks, >Stan > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial >presented by Daniel Robbins, President and CEO of GenToo technologies. >Learn >everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 _________________________________________________________________ Watch LIVE baseball games on your computer with MLB.TV, included with MSN Premium! http://join.msn.com/?page=features/mlb&pgmarket=en-us/go/onm00200439ave/direct/01/ -------------- next part -------------- A non-text attachment was scrubbed... Name: 17799HomePage.doc Type: application/octet-stream Size: 204288 bytes Desc: not available Url : http://lists.owasp.org/pipermail/owasp-iso17799/attachments/20040409/da99a553/attachment.obj From stanguzik at yahoo.com Sun Apr 11 22:20:31 2004 From: stanguzik at yahoo.com (Stan Guzik) Date: Sun, 11 Apr 2004 22:20:31 -0400 Subject: [Owasp-iso17799] Project Brief In-Reply-To: <200404091949.PAA09889@ajax.cnchost.com> Message-ID: <003101c42034$bafb34f0$6401a8c0@GIANTS> I'm waiting to receive some first drafts. Can we commit to submit them all no later than May 14? This would give me 2 weeks to pull everything together into a document. Please let me know if you can commit to this date? -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Mark Curphey Sent: Friday, April 09, 2004 3:49 PM To: stanguzik at yahoo.com; owasp-iso17799 at lists.sourceforge.net Subject: RE: [Owasp-iso17799] Project Brief Hi team I plan to make a lot of changes to the web site this weekend to prime AppSec 2004, the OWASP conference. Do we think its possible to nail down a release date for the document ? Any chance of some screen shots from Rich's tool ? -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Stan Guzik Sent: Thursday, March 18, 2004 11:22 PM To: owasp-iso17799 at lists.sourceforge.net Subject: [Owasp-iso17799] Project Brief Hello Everyone, We have some new people in our group so I just want to give a brief description of our documentation project and share some ideas for future versions. The first version of the document focuses on operations of a secure web application in production. This is basically the creation of policies and procedure for everyday management of systems in production. We are creating form templates based on the 17799 standard that will help organizations implement the standard. Management can uses these form templates to document their operational policies/procedures. I know the OWASP website states the project will include designing and developing but it's an old statement that I'll update this weekend. We are taking a unique approach in creating 17799 templates. I have seen many documents explaining 17799 and how to audit it but I never seen a document giving you ready to use templates that you can build upon. This approach reminds me how software developers constantly share and reuse code but I rarely see this in management procedures.. It looks like the next phase of this project will include a management tool that will incorporate our 17799 work. Currently Rich Seiersen is developing the tool. Also Adrian Wiesmann is awaiting our templates because he will integrate them into his Security Officers Best Friend tool database. The next phase of the project is open and feedback is appreciated. We can include multiple version of our templates targeted at vertical markets like banking, brokerage, insurance, pharmaceutical, telecom, or etc. Or we can create an audit section or something else. Anyone what to share your thoughts? Thanks, Stan ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 From stanguzik at yahoo.com Sun Apr 11 22:40:55 2004 From: stanguzik at yahoo.com (Stan Guzik) Date: Sun, 11 Apr 2004 22:40:55 -0400 Subject: [Owasp-iso17799] Project Brief In-Reply-To: Message-ID: <003301c42037$94ae0860$6401a8c0@GIANTS> Hello Rich, Will you be attending the OWASP conf in NYC on June 19 and 20? I remember you said it was unlikely. If not, when the tool is ready please give me a crash course in the tool and I can present it at the conference. If you're attending you can present it. Thanks, Stan -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Rich Seiersen Sent: Friday, April 09, 2004 4:28 PM To: mark at curphey.com Cc: owasp-iso17799 at lists.sourceforge.net Subject: RE: [Owasp-iso17799] Project Brief Mark, Here are some screen shots. 1. Is the home page 2. Is the final page of the wizard - Gantt + item descriptions 3. The creation page. I want to hold off on public access to the site until we are ready with a tarball for download, config file etc.... ;-) We should be ready too look at making it sourceforgeable within the next month or so. Richard Seiersen rich67dev at hotmail.com >From: "Mark Curphey" >To: , >Subject: RE: [Owasp-iso17799] Project Brief >Date: Fri, 9 Apr 2004 15:49:03 -0400 > >Hi team > >I plan to make a lot of changes to the web site this weekend to prime >AppSec >2004, the OWASP conference. > >Do we think its possible to nail down a release date for the document ? > >Any chance of some screen shots from Rich's tool ? > >-----Original Message----- >From: owasp-iso17799-admin at lists.sourceforge.net >[mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Stan Guzik >Sent: Thursday, March 18, 2004 11:22 PM >To: owasp-iso17799 at lists.sourceforge.net >Subject: [Owasp-iso17799] Project Brief > >Hello Everyone, > >We have some new people in our group so I just want to give a brief >description of our documentation project and share some ideas for future >versions. > >The first version of the document focuses on operations of a secure web >application in production. This is basically the creation of policies and >procedure for everyday management of systems in production. We are >creating >form templates based on the 17799 standard that will help organizations >implement the standard. Management can uses these form templates to >document >their operational policies/procedures. > >I know the OWASP website states the project will include designing and >developing but it's an old statement that I'll update this weekend. We are >taking a unique approach in creating 17799 templates. I have seen many >documents explaining 17799 and how to audit it but I never seen a document >giving you ready to use templates that you can build upon. >This approach reminds me how software developers constantly share and reuse >code but I rarely see this in management procedures.. > >It looks like the next phase of this project will include a management tool >that will incorporate our 17799 work. Currently Rich Seiersen is >developing >the tool. Also Adrian Wiesmann is awaiting our templates because he will >integrate them into his Security Officers Best Friend tool database. > >The next phase of the project is open and feedback is appreciated. We can >include multiple version of our templates targeted at vertical markets like >banking, brokerage, insurance, pharmaceutical, telecom, or etc. Or we can >create an audit section or something else. Anyone what to share your >thoughts? > >Thanks, >Stan > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial >presented by Daniel Robbins, President and CEO of GenToo technologies. >Learn >everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 _________________________________________________________________ Watch LIVE baseball games on your computer with MLB.TV, included with MSN Premium! http://join.msn.com/?page=features/mlb&pgmarket=en-us/go/onm00200439ave/ direct/01/ From samheinrich at hotmail.com Mon Apr 12 22:24:47 2004 From: samheinrich at hotmail.com (sam heinrich) Date: Tue, 13 Apr 2004 02:24:47 +0000 Subject: [Owasp-iso17799] Project Brief Message-ID: Hi Stan, I just want to confirm that you had reassigned the compliance section to another participant and decided to continue with the document structure parallel to the ISO 17799. As far as I know, you are not waiting on any deliverables from me. Thanks, Sam ----Original Message Follows---- From: "Stan Guzik" Reply-To: To: "'Mark Curphey'" , Subject: RE: [Owasp-iso17799] Project Brief Date: Sun, 11 Apr 2004 22:20:31 -0400 I'm waiting to receive some first drafts. Can we commit to submit them all no later than May 14? This would give me 2 weeks to pull everything together into a document. Please let me know if you can commit to this date? -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Mark Curphey Sent: Friday, April 09, 2004 3:49 PM To: stanguzik at yahoo.com; owasp-iso17799 at lists.sourceforge.net Subject: RE: [Owasp-iso17799] Project Brief Hi team I plan to make a lot of changes to the web site this weekend to prime AppSec 2004, the OWASP conference. Do we think its possible to nail down a release date for the document ? Any chance of some screen shots from Rich's tool ? -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Stan Guzik Sent: Thursday, March 18, 2004 11:22 PM To: owasp-iso17799 at lists.sourceforge.net Subject: [Owasp-iso17799] Project Brief Hello Everyone, We have some new people in our group so I just want to give a brief description of our documentation project and share some ideas for future versions. The first version of the document focuses on operations of a secure web application in production. This is basically the creation of policies and procedure for everyday management of systems in production. We are creating form templates based on the 17799 standard that will help organizations implement the standard. Management can uses these form templates to document their operational policies/procedures. I know the OWASP website states the project will include designing and developing but it's an old statement that I'll update this weekend. We are taking a unique approach in creating 17799 templates. I have seen many documents explaining 17799 and how to audit it but I never seen a document giving you ready to use templates that you can build upon. This approach reminds me how software developers constantly share and reuse code but I rarely see this in management procedures.. It looks like the next phase of this project will include a management tool that will incorporate our 17799 work. Currently Rich Seiersen is developing the tool. Also Adrian Wiesmann is awaiting our templates because he will integrate them into his Security Officers Best Friend tool database. The next phase of the project is open and feedback is appreciated. We can include multiple version of our templates targeted at vertical markets like banking, brokerage, insurance, pharmaceutical, telecom, or etc. Or we can create an audit section or something else. Anyone what to share your thoughts? Thanks, Stan ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 _________________________________________________________________ Check out MSN PC Safety & Security to help ensure your PC is protected and safe. http://specials.msn.com/msn/security.asp From scott.ammon at hushmail.com Tue Apr 13 16:33:57 2004 From: scott.ammon at hushmail.com (scott.ammon at hushmail.com) Date: Tue, 13 Apr 2004 13:33:57 -0700 Subject: [Owasp-iso17799] Project Brief Message-ID: <200404132033.i3DKXwob069533@mailserver1.hushmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know I've been dragging my feet on the compliance section but I can definitely commit to first draft by May 14. I have everything together it just needs to be crafted into a useable form for ISO. /scott On Sun, 11 Apr 2004 19:20:31 -0700 Stan Guzik wrote: >I'm waiting to receive some first drafts. Can we commit to submit >them >all no later than May 14? This would give me 2 weeks to pull everything >together into a document. Please let me know if you can commit >to this >date? > >-----Original Message----- >From: owasp-iso17799-admin at lists.sourceforge.net >[mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of >Mark >Curphey >Sent: Friday, April 09, 2004 3:49 PM >To: stanguzik at yahoo.com; owasp-iso17799 at lists.sourceforge.net >Subject: RE: [Owasp-iso17799] Project Brief > >Hi team > >I plan to make a lot of changes to the web site this weekend to >prime >AppSec >2004, the OWASP conference. > >Do we think its possible to nail down a release date for the document >? > >Any chance of some screen shots from Rich's tool ? > >-----Original Message----- >From: owasp-iso17799-admin at lists.sourceforge.net >[mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of >Stan >Guzik >Sent: Thursday, March 18, 2004 11:22 PM >To: owasp-iso17799 at lists.sourceforge.net >Subject: [Owasp-iso17799] Project Brief > >Hello Everyone, > >We have some new people in our group so I just want to give a brief >description of our documentation project and share some ideas for >future >versions. > >The first version of the document focuses on operations of a secure >web >application in production. This is basically the creation of policies >and >procedure for everyday management of systems in production. We >are >creating >form templates based on the 17799 standard that will help organizations >implement the standard. Management can uses these form templates >to >document >their operational policies/procedures. > >I know the OWASP website states the project will include designing >and >developing but it's an old statement that I'll update this weekend. > We >are >taking a unique approach in creating 17799 templates. I have seen >many >documents explaining 17799 and how to audit it but I never seen >a >document >giving you ready to use templates that you can build upon. >This approach reminds me how software developers constantly share >and >reuse >code but I rarely see this in management procedures.. > >It looks like the next phase of this project will include a management >tool >that will incorporate our 17799 work. Currently Rich Seiersen is >developing >the tool. Also Adrian Wiesmann is awaiting our templates because >he >will >integrate them into his Security Officers Best Friend tool database. > >The next phase of the project is open and feedback is appreciated. > We >can >include multiple version of our templates targeted at vertical markets >like >banking, brokerage, insurance, pharmaceutical, telecom, or etc. > Or we >can >create an audit section or something else. Anyone what to share >your >thoughts? > >Thanks, >Stan > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux >tutorial >presented by Daniel Robbins, President and CEO of GenToo technologies. >Learn >everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO >of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO >of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 > > -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAkB8Tu0ACgkQzhSc4ju+ZEKbEACghSIElVReEw2FUOZYLXWH/lDoWmwA n3F6hp51U3va5+eWcErf2CECJCO1 =IV1X -----END PGP SIGNATURE----- From stanguzik at yahoo.com Tue Apr 13 18:35:19 2004 From: stanguzik at yahoo.com (Stan Guzik) Date: Tue, 13 Apr 2004 18:35:19 -0400 Subject: [Owasp-iso17799] Project Brief In-Reply-To: <200404132033.i3DKXwob069533@mailserver1.hushmail.com> Message-ID: <000b01c421a7$9b015f70$6401a8c0@GIANTS> Scott, Great, if you have anything before the 14th that you would like some feedback please feel free to send it. Thanks, Stan -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of scott.ammon at hushmail.com Sent: Tuesday, April 13, 2004 4:34 PM To: mark at curphey.com; owasp-iso17799 at lists.sourceforge.net; stanguzik at yahoo.com Subject: RE: [Owasp-iso17799] Project Brief -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know I've been dragging my feet on the compliance section but I can definitely commit to first draft by May 14. I have everything together it just needs to be crafted into a useable form for ISO. /scott On Sun, 11 Apr 2004 19:20:31 -0700 Stan Guzik wrote: >I'm waiting to receive some first drafts. Can we commit to submit >them >all no later than May 14? This would give me 2 weeks to pull everything >together into a document. Please let me know if you can commit >to this >date? > >-----Original Message----- >From: owasp-iso17799-admin at lists.sourceforge.net >[mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of >Mark >Curphey >Sent: Friday, April 09, 2004 3:49 PM >To: stanguzik at yahoo.com; owasp-iso17799 at lists.sourceforge.net >Subject: RE: [Owasp-iso17799] Project Brief > >Hi team > >I plan to make a lot of changes to the web site this weekend to >prime >AppSec >2004, the OWASP conference. > >Do we think its possible to nail down a release date for the document >? > >Any chance of some screen shots from Rich's tool ? > >-----Original Message----- >From: owasp-iso17799-admin at lists.sourceforge.net >[mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of >Stan >Guzik >Sent: Thursday, March 18, 2004 11:22 PM >To: owasp-iso17799 at lists.sourceforge.net >Subject: [Owasp-iso17799] Project Brief > >Hello Everyone, > >We have some new people in our group so I just want to give a brief >description of our documentation project and share some ideas for >future >versions. > >The first version of the document focuses on operations of a secure >web >application in production. This is basically the creation of policies >and >procedure for everyday management of systems in production. We >are >creating >form templates based on the 17799 standard that will help organizations >implement the standard. Management can uses these form templates >to >document >their operational policies/procedures. > >I know the OWASP website states the project will include designing >and >developing but it's an old statement that I'll update this weekend. > We >are >taking a unique approach in creating 17799 templates. I have seen >many >documents explaining 17799 and how to audit it but I never seen >a >document >giving you ready to use templates that you can build upon. >This approach reminds me how software developers constantly share >and >reuse >code but I rarely see this in management procedures.. > >It looks like the next phase of this project will include a management >tool >that will incorporate our 17799 work. Currently Rich Seiersen is >developing >the tool. Also Adrian Wiesmann is awaiting our templates because >he >will >integrate them into his Security Officers Best Friend tool database. > >The next phase of the project is open and feedback is appreciated. > We >can >include multiple version of our templates targeted at vertical markets >like >banking, brokerage, insurance, pharmaceutical, telecom, or etc. > Or we >can >create an audit section or something else. Anyone what to share >your >thoughts? > >Thanks, >Stan > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux >tutorial >presented by Daniel Robbins, President and CEO of GenToo technologies. >Learn >everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO >of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 > > > >------------------------------------------------------- >This SF.Net email is sponsored by: IBM Linux Tutorials >Free Linux tutorial presented by Daniel Robbins, President and CEO >of >GenToo technologies. Learn everything from fundamentals to system >administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click >_______________________________________________ >Owasp-iso17799 mailing list >Owasp-iso17799 at lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 > > -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAkB8Tu0ACgkQzhSc4ju+ZEKbEACghSIElVReEw2FUOZYLXWH/lDoWmwA n3F6hp51U3va5+eWcErf2CECJCO1 =IV1X -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 From stanguzik at yahoo.com Tue Apr 13 19:20:35 2004 From: stanguzik at yahoo.com (Stan Guzik) Date: Tue, 13 Apr 2004 19:20:35 -0400 Subject: [Owasp-iso17799] Project Brief In-Reply-To: Message-ID: <001201c421ad$ed5b77f0$6401a8c0@GIANTS> See Scott's email from today. -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of sam heinrich Sent: Monday, April 12, 2004 10:25 PM To: stanguzik at yahoo.com Cc: owasp-iso17799 at lists.sourceforge.net Subject: RE: [Owasp-iso17799] Project Brief Hi Stan, I just want to confirm that you had reassigned the compliance section to another participant and decided to continue with the document structure parallel to the ISO 17799. As far as I know, you are not waiting on any deliverables from me. Thanks, Sam ----Original Message Follows---- From: "Stan Guzik" Reply-To: To: "'Mark Curphey'" , Subject: RE: [Owasp-iso17799] Project Brief Date: Sun, 11 Apr 2004 22:20:31 -0400 I'm waiting to receive some first drafts. Can we commit to submit them all no later than May 14? This would give me 2 weeks to pull everything together into a document. Please let me know if you can commit to this date? -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Mark Curphey Sent: Friday, April 09, 2004 3:49 PM To: stanguzik at yahoo.com; owasp-iso17799 at lists.sourceforge.net Subject: RE: [Owasp-iso17799] Project Brief Hi team I plan to make a lot of changes to the web site this weekend to prime AppSec 2004, the OWASP conference. Do we think its possible to nail down a release date for the document ? Any chance of some screen shots from Rich's tool ? -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Stan Guzik Sent: Thursday, March 18, 2004 11:22 PM To: owasp-iso17799 at lists.sourceforge.net Subject: [Owasp-iso17799] Project Brief Hello Everyone, We have some new people in our group so I just want to give a brief description of our documentation project and share some ideas for future versions. The first version of the document focuses on operations of a secure web application in production. This is basically the creation of policies and procedure for everyday management of systems in production. We are creating form templates based on the 17799 standard that will help organizations implement the standard. Management can uses these form templates to document their operational policies/procedures. I know the OWASP website states the project will include designing and developing but it's an old statement that I'll update this weekend. We are taking a unique approach in creating 17799 templates. I have seen many documents explaining 17799 and how to audit it but I never seen a document giving you ready to use templates that you can build upon. This approach reminds me how software developers constantly share and reuse code but I rarely see this in management procedures.. It looks like the next phase of this project will include a management tool that will incorporate our 17799 work. Currently Rich Seiersen is developing the tool. Also Adrian Wiesmann is awaiting our templates because he will integrate them into his Security Officers Best Friend tool database. The next phase of the project is open and feedback is appreciated. We can include multiple version of our templates targeted at vertical markets like banking, brokerage, insurance, pharmaceutical, telecom, or etc. Or we can create an audit section or something else. Anyone what to share your thoughts? Thanks, Stan ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 _________________________________________________________________ Check out MSN PC Safety & Security to help ensure your PC is protected and safe. http://specials.msn.com/msn/security.asp ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 From samheinrich at hotmail.com Tue Apr 13 19:47:48 2004 From: samheinrich at hotmail.com (sam heinrich) Date: Tue, 13 Apr 2004 23:47:48 +0000 Subject: [Owasp-iso17799] Project Brief Message-ID: i didn't receive any other emails from the group ... ----Original Message Follows---- From: "Stan Guzik" Reply-To: To: "'sam heinrich'" CC: Subject: RE: [Owasp-iso17799] Project Brief Date: Tue, 13 Apr 2004 19:20:35 -0400 See Scott's email from today. -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of sam heinrich Sent: Monday, April 12, 2004 10:25 PM To: stanguzik at yahoo.com Cc: owasp-iso17799 at lists.sourceforge.net Subject: RE: [Owasp-iso17799] Project Brief Hi Stan, I just want to confirm that you had reassigned the compliance section to another participant and decided to continue with the document structure parallel to the ISO 17799. As far as I know, you are not waiting on any deliverables from me. Thanks, Sam ----Original Message Follows---- From: "Stan Guzik" Reply-To: To: "'Mark Curphey'" , Subject: RE: [Owasp-iso17799] Project Brief Date: Sun, 11 Apr 2004 22:20:31 -0400 I'm waiting to receive some first drafts. Can we commit to submit them all no later than May 14? This would give me 2 weeks to pull everything together into a document. Please let me know if you can commit to this date? -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Mark Curphey Sent: Friday, April 09, 2004 3:49 PM To: stanguzik at yahoo.com; owasp-iso17799 at lists.sourceforge.net Subject: RE: [Owasp-iso17799] Project Brief Hi team I plan to make a lot of changes to the web site this weekend to prime AppSec 2004, the OWASP conference. Do we think its possible to nail down a release date for the document ? Any chance of some screen shots from Rich's tool ? -----Original Message----- From: owasp-iso17799-admin at lists.sourceforge.net [mailto:owasp-iso17799-admin at lists.sourceforge.net] On Behalf Of Stan Guzik Sent: Thursday, March 18, 2004 11:22 PM To: owasp-iso17799 at lists.sourceforge.net Subject: [Owasp-iso17799] Project Brief Hello Everyone, We have some new people in our group so I just want to give a brief description of our documentation project and share some ideas for future versions. The first version of the document focuses on operations of a secure web application in production. This is basically the creation of policies and procedure for everyday management of systems in production. We are creating form templates based on the 17799 standard that will help organizations implement the standard. Management can uses these form templates to document their operational policies/procedures. I know the OWASP website states the project will include designing and developing but it's an old statement that I'll update this weekend. We are taking a unique approach in creating 17799 templates. I have seen many documents explaining 17799 and how to audit it but I never seen a document giving you ready to use templates that you can build upon. This approach reminds me how software developers constantly share and reuse code but I rarely see this in management procedures.. It looks like the next phase of this project will include a management tool that will incorporate our 17799 work. Currently Rich Seiersen is developing the tool. Also Adrian Wiesmann is awaiting our templates because he will integrate them into his Security Officers Best Friend tool database. The next phase of the project is open and feedback is appreciated. We can include multiple version of our templates targeted at vertical markets like banking, brokerage, insurance, pharmaceutical, telecom, or etc. Or we can create an audit section or something else. Anyone what to share your thoughts? Thanks, Stan ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 _________________________________________________________________ Check out MSN PC Safety & Security to help ensure your PC is protected and safe. http://specials.msn.com/msn/security.asp ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Owasp-iso17799 mailing list Owasp-iso17799 at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/owasp-iso17799 _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar ? get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/