Re: [fw-wiz] iso 17799
From: George Capehart (gwc_at_acm.org)
Date: 07/20/04
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Firewalling at the domain users level instead of network level"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] iso 17799"
- Next in thread: Christine Kronberg: "Re: [fw-wiz] iso 17799"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Mon, 19 Jul 2004 22:29:40 -0400
On Monday 19 July 2004 17:33, Marcus J. Ranum allegedly wrote:
> Paul D. Robertson wrote:
> >As far as I can tell, ISO9000 only really worked for the ISO9000
> >consultants. Can't see where 17799 is any different.
>
> Well, as George Capehart points out, NIST thinks in
> http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf
> that Common Criteria are better.
>
> I am trying to see if I can mash down REALLY hard on that particular
> button of Paul's....
*ducking tomatoes and meringue pies*
Well, thanks for dragging *me* into this food fight . . . :> I agree
with NIST's criticism of 17799. Don't know that I am quite comfortable
that the CC are somehow "better," however. Smacks of apples and
oranges to me. I *will* take the position, though, that if one tries
to build an Information Security program around 17799, there will be a
*lot* that is missing . . . IMHO it just doesn't cover all the bases.
My 0.02 $CURRENCY.
/g
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Firewalling at the domain users level instead of network level"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] iso 17799"
- Next in thread: Christine Kronberg: "Re: [fw-wiz] iso 17799"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
