[Owasp-iso17799] RE: ISO 17799 Project Status

Mark Curphey mark at curphey.com
Sat Jul 3 15:15:44 EDT 2004

I can send anyone the instructions to edit the xml for the project page if
interested (hint, hint) ;-)

-----Original Message-----
From: Stan Guzik [mailto:stanguzik at yahoo.com] 
Sent: Friday, July 02, 2004 6:43 PM
To: stanguzik at yahoo.com
Subject: ISO 17799 Project Status

Hello Everyone,

I would like to welcome the new members to our project group.  It was nice
to meet some of you at OWASP AppSec 2004.  Based on the feedback from the
conference there is a tremendous interest in this project.   Currently we
have 29 members subscribed to this list.

I haven't received any items from some of the members that have items
assigned from months ago.  I understand that work and family comes before an
open source project and some of your priorities have changed.  Therefore I
would like to open up the project plan to all new and old members of the
group.  Please volunteer for any items that are marked open in the attached
Excel spreadsheet.

I'm working on getting the document into SourceForge CVS.  Steven Rebello
has volunteered to organize the document into a consistent look and feel.
All the documentation is attached in the zip file.  ISO17799OutlineV2.doc is
the main document.  Thanks Steven.

Below is a description of the project for the new members:

The first version of the document focuses on operations of a secure web
application in production.  This is basically the creation of policies and
procedure for everyday management of systems in production.  We are creating
form templates based on the 17799 standard that will help organizations
implement the standard. Management can use these form templates to document
their operational policies/procedures.

I know the OWASP website states the project will include designing and
developing but it's an old statement that I'll update someday. We are taking
a unique approach in creating 17799 templates.  I have seen many documents
explaining 17799 and how to audit it but I haven't seen a document giving
you ready to use templates that you can build upon.

This approach reminds me how software developers constantly share and reuse
code but I rarely see this in management procedures.

Looking forward to seeing volunteers!


More information about the Owasp-iso17799 mailing list