[Owasp-leaders] 27001 | 27034 comment

Jonathan Marcil jonathan.marcil at owasp.org
Sun Dec 6 21:28:44 UTC 2015


Hi Tom and leaders,

as the person who was directly but non-formally involved on the behalf of
OWASP in 27034, I can help with some rationalization and back stories
updates.

Note that, to my knowledge, this is the 3rd times this has been initiated
on OWASP leaders list. I was there the last 2 times so I can comment on
those.

The first time I've been involved, was when Luc contacted me in order to
assist on 27034 ad-hoc meetings in Montreal to provide an OWASP-like view
on values such as openness and practical usage of the norm on the control
level.
Some threads here:
http://lists.owasp.org/pipermail/owasp-leaders/2013-August/009947.html
http://lists.owasp.org/pipermail/owasp-leaders/2013-August/009973.html
http://lists.owasp.org/pipermail/owasp-leaders/2013-August/010046.html

Then, shortly after that, OWASP has made a move in order to create an
ISO/IEC liaison, documented in the thread here:
http://lists.owasp.org/pipermail/governance/2014-January/000287.html
I don't think this has gone further than discussions, but we then had a
good understanding of what is an ISO/IEC liaison.

In both occasion I did my best to help, and in the end, I decided to focus
my efforts on an OWASP project that will publish one of the first public
implementation of the norm's Application Security Controls
<https://www.owasp.org/index.php/OWASP_ISO_IEC_27034_Application_Security_Controls_Project>
.

I'll continue in that way as well. Note that our project doesn't really
cover what you want to do now. It's is about releasing OWASP content in the
ISO/IEC 27034 format, and have nothing to do about giving recommendation on
a broad level. Note that our project is now stale and will reboot in 2016.

Thanks,

- Jonathan



On Sat, Dec 5, 2015 at 11:34 AM, Tom Brennan - OWASP <tomb at owasp.org> wrote:

> I am issuing a birds of a feather call for participation to provide
> comment on 27034 as a collective.
>
> http://www.iso27001security.com/html/27034.html
>
> If you are interested we will form a working group for 45 days. Meet on
> the objectives and then sprint on recommendations that can be references to
> existing of creation of new materials that will become a ISO global effort.
>
> Consolidate he recommendations and submit then
>
> Want to help?
>
> Please reply off list and I will include you in the collaboration on the
> guidance.
>
>
> --
> Tom Brennan
> Global Board of Directors
> NYC/NJ Metro Chapter Leader
> 973-506-9304
>
>
>
>
> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151206/935f7f12/attachment.html>


More information about the OWASP-Leaders mailing list