[Owasp-iso17799] Project Brief

Stan Guzik stanguzik at yahoo.com
Thu Mar 18 23:21:42 EST 2004


Hello Everyone,

We have some new people in our group so I just want to give a brief
description of our documentation project and share some ideas for future
versions.

The first version of the document focuses on operations of a secure web
application in production.  This is basically the creation of policies
and procedure for everyday management of systems in production.  We are
creating form templates based on the 17799 standard that will help
organizations implement the standard. Management can uses these form
templates to document their operational policies/procedures.

I know the OWASP website states the project will include designing and
developing but it's an old statement that I'll update this weekend.  We
are taking a unique approach in creating 17799 templates.  I have seen
many documents explaining 17799 and how to audit it but I never seen a
document giving you ready to use templates that you can build upon.
This approach reminds me how software developers constantly share and
reuse code but I rarely see this in management procedures..

It looks like the next phase of this project will include a management
tool that will incorporate our 17799 work.  Currently Rich Seiersen is
developing the tool.  Also Adrian Wiesmann is awaiting our templates
because he will integrate them into his Security Officers Best Friend
tool database.

The next phase of the project is open and feedback is appreciated.  We
can include multiple version of our templates targeted at vertical
markets like banking, brokerage, insurance, pharmaceutical, telecom, or
etc.  Or we can create an audit section or something else.  Anyone what
to share your thoughts?

Thanks,
Stan





More information about the Owasp-iso17799 mailing list