History of Computer Security Policy
From: Goh, Yong Kwang (gohyongkwang@hotmail.com)
Date: 02/25/03
- Next message: Ron Ruble: "Re: Security"
- Previous message: dial911info@yahoo.com: "Giving over $37,000 to use their products! 94600"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: gohyongkwang@hotmail.com (Goh, Yong Kwang) Date: 24 Feb 2003 23:21:09 -0800
Dear all,
I'm currently involved in doing an assignment on computer security
policy. This assignment is supposed to provide an general overview,
history, introduction, purpose, components of computer security
policy.
I've been searching the web and newsgroups for information on the
history of computer security policy and has so far found none.
Information found on history of computer and information security does
not relate directly to policy. They usually cover the technical
aspects like research done by Department of Defense (DoD)in
cryptography, operating system and Multics computers back in the
1960's and 70's. In my case, I need information on:
(1) When was the idea of having a security policy to protect an
organization's computing resources first mooted? And who mooted the
idea and where (some seminar or conference)?
(2) How did the concept of security policy evolve from research in
technical aspects like cryptography? When was there a switch in
emphasis in techical aspects to more social aspects of computer
security framework?
(3) When was the term "computer security policy" first defined?
(4) Which is the first security policy (BS 7799? or some proprietary
policy) and how was it like (components/areas covered)?
(5) If security policies used to be some ad-hoc rules with no formal
structure and areas to cover in the early days (in the 60's, 70's and
80's) and are defined by organizations in their own format, why did
they feel that they have to change their practices and that a
standards is better?
(6) When and why did organizations and the computing industry decide
that a formal and structured document in a standard format (security
policy) is needed (compared to existing practices in 60's or 70's with
no security policy) and set to work on some standards with BS 7799 and
other standards as a result of this effort?
(7) How have current security policy standards changed/evolved from
the first security policy ever defined? What were the shortcomings of
the first security policy in terms of comprehensiveness, depth and
scope and the lessons learnt that lead to changes that are
incorporated into modern policy standards (BS 7799, ISO 17799 etc.)?
There seem to be a missing link in between and I can't find any
information so far. Anyone who knows of such resources such as a
online directory or website? Pls let me know thanks in advance.
Currently, I'm thinking of creating a timeline to show the
commencement and publishing of the various standards, like the BS
7799, ISO 17799 and the German BSI Baseline Protection. Are there any
other standards which I can look at?
Thanks in advance.
--- Goh, Yong Kwang Singapore gohyongkwang@hotmail.com
- Next message: Ron Ruble: "Re: Security"
- Previous message: dial911info@yahoo.com: "Giving over $37,000 to use their products! 94600"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
