[Owasp-leaders] 27001 | 27034 comment

Jonathan Marcil jonathan.marcil at owasp.org
Sun Dec 6 21:28:44 UTC 2015

Hi Tom and leaders,

as the person who was directly but non-formally involved on the behalf of
OWASP in 27034, I can help with some rationalization and back stories

Note that, to my knowledge, this is the 3rd times this has been initiated
on OWASP leaders list. I was there the last 2 times so I can comment on

The first time I've been involved, was when Luc contacted me in order to
assist on 27034 ad-hoc meetings in Montreal to provide an OWASP-like view
on values such as openness and practical usage of the norm on the control
Some threads here:

Then, shortly after that, OWASP has made a move in order to create an
ISO/IEC liaison, documented in the thread here:
I don't think this has gone further than discussions, but we then had a
good understanding of what is an ISO/IEC liaison.

In both occasion I did my best to help, and in the end, I decided to focus
my efforts on an OWASP project that will publish one of the first public
implementation of the norm's Application Security Controls

I'll continue in that way as well. Note that our project doesn't really
cover what you want to do now. It's is about releasing OWASP content in the
ISO/IEC 27034 format, and have nothing to do about giving recommendation on
a broad level. Note that our project is now stale and will reboot in 2016.


- Jonathan

On Sat, Dec 5, 2015 at 11:34 AM, Tom Brennan - OWASP <tomb at owasp.org> wrote:

> I am issuing a birds of a feather call for participation to provide
> comment on 27034 as a collective.
> http://www.iso27001security.com/html/27034.html
> If you are interested we will form a working group for 45 days. Meet on
> the objectives and then sprint on recommendations that can be references to
> existing of creation of new materials that will become a ISO global effort.
> Consolidate he recommendations and submit then
> Want to help?
> Please reply off list and I will include you in the collaboration on the
> guidance.
> --
> Tom Brennan
> Global Board of Directors
> NYC/NJ Metro Chapter Leader
> 973-506-9304
> The information contained in this message and any attachments may be
> privileged, confidential, proprietary or otherwise protected from
> disclosure. If you, the reader of this message, are not the intended
> recipient, you are hereby notified that any dissemination, distribution,
> copying or use of this message and any attachment is strictly prohibited.
> If you have received this message in error, please notify the sender
> immediately by replying to the message, permanently delete it from your
> computer and destroy any printout.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151206/935f7f12/attachment.html>

More information about the OWASP-Leaders mailing list