Re: [fw-wiz] iso 17799

From: George Capehart (gwc_at_acm.org)
Date: 07/20/04

  • Next message: Christine Kronberg: "Re: [fw-wiz] iso 17799"
    To: firewall-wizards@honor.icsalabs.com
    Date: Mon, 19 Jul 2004 22:29:40 -0400
    
    

    On Monday 19 July 2004 17:33, Marcus J. Ranum allegedly wrote:
    > Paul D. Robertson wrote:
    > >As far as I can tell, ISO9000 only really worked for the ISO9000
    > >consultants. Can't see where 17799 is any different.
    >
    > Well, as George Capehart points out, NIST thinks in
    > http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf
    > that Common Criteria are better.
    >
    > I am trying to see if I can mash down REALLY hard on that particular
    > button of Paul's....

    *ducking tomatoes and meringue pies*

    Well, thanks for dragging *me* into this food fight . . . :> I agree
    with NIST's criticism of 17799. Don't know that I am quite comfortable
    that the CC are somehow "better," however. Smacks of apples and
    oranges to me. I *will* take the position, though, that if one tries
    to build an Information Security program around 17799, there will be a
    *lot* that is missing . . . IMHO it just doesn't cover all the bases.

    My 0.02 $CURRENCY.

    /g

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Christine Kronberg: "Re: [fw-wiz] iso 17799"

    Relevant Pages

    • Re: [fw-wiz] SCADA (or: How I learned to love receiving FWW in digest form)
      ... Is that *REALLY* who you want drafting computer security regulations? ... Paul D. Robertson "My statements in this message are personal opinions ...
      (Firewall-Wizards)
    • Re: [fw-wiz] smtp proxy on firewall
      ... At 01:11 PM 11/27/2004, Paul D. Robertson wrote: ... Yes, that is correct, the patch resolves a few of the known bugs, some ... >> have fixed the Gauntlet source, not fwtk, so I don't know if they were ever ...
      (Firewall-Wizards)
    • RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]
      ... > think Marcus and Paul are going back and forth on. ... agree that collecting the answers to the question from a self-selected (and ... more reliable data by collecting it in other ways? ...
      (Firewall-Wizards)
    • Re: [fw-wiz] The Outgoing Traffic Problem
      ... If anyone's going to be at USENIX Security, ... Paul D. Robertson "My statements in this message are personal opinions ... paul@xxxxxxxxxxxx which may have no basis whatsoever in fact." ...
      (Firewall-Wizards)
    • Re: [fw-wiz] The home user problem returns
      ... tone down the Trojan problem, which is why this thread is important. ... If there aren't huge chunks of this problem that can be ... Paul "I can identify a beer donor a mile away" Robertson ...
      (Firewall-Wizards)