RE: [fw-wiz] iso 17799
From: Wes Noonan (mailinglists_at_wjnconsulting.com)
To: "'Rachel Rosencrantz'" <firstname.lastname@example.org>, "'avraham shir-el (arthur sherman)'" <email@example.com>, <firstname.lastname@example.org> Date: Mon, 19 Jul 2004 12:19:50 -0500
I think that by virtue of requiring people to pay to view its
recommendations, in conjunction with numerous RFCs that appear to be
comparable, most in the US decided it was not worth the effort and money to
figure out what it is all about. Classic example of building a closed
standard and finding the market passing you by IMO.
> -----Original Message-----
> From: email@example.com [mailto:firewall-wizards-
> firstname.lastname@example.org] On Behalf Of Rachel Rosencrantz
> Sent: Friday, July 16, 2004 10:47
> To: avraham shir-el (arthur sherman); email@example.com
> Subject: Re: [fw-wiz] iso 17799
> From my understanding ISO 17799 receives a lot of focus in Europe,
> especially with government agencies, especially in the UK where it started
> as BS7799. For whatever reason it has not received as much attention over
> in the USA. Perhaps it is the IETF/ISO Open/Closed divide.
> When I first heard of ISO 17799 you needed to pay to see what was in it.
> suspect this probably reduced people's familiarity with it, and reduced
> much anyone would talk about it. I have seen more mention of ISO 17799 as
> of late so it may become more popular/more part of the common knowledge.
> Thus far I haven't actually been able to read it, just vague documents
> it or tips on compliance that were filled with vapid statements.
> It appears that earlier versions were not flexible enough, and I still
> see much publicly available information on it beyond the "it is a
> comprehensive set of controls....". It makes it a bit hard to evaluate
> decide if it is any better than say, any of these RFC references:
> On 7/13/04 8:48 AM, "avraham shir-el (arthur sherman)" <firstname.lastname@example.org>
> > i hope i'm not opening a pandora's box here, but-
> > i'm following this list for ~ a year now and haven't seen any mention of
> > iso 17799.
> > it's defined on their website as
> > "a comprehensive set of controls comprising best
> > practices in IS"
> > i've seen lots on this list about best practices w/o
> > any refrences to 17799.
> > any opinions on it?
> > or does the extremely noticable lack of attention
> > say it all?
> > tnx
> > ams
> > _______________________________________________
> > firewall-wizards mailing list
> > email@example.com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> firewall-wizards mailing list
firewall-wizards mailing list