Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: iso 17799

From: "Wes Noonan" <mailinglists () wjnconsulting com>
Date: Mon, 19 Jul 2004 12:19:50 -0500
I think that by virtue of requiring people to pay to view its
recommendations, in conjunction with numerous RFCs that appear to be
comparable, most in the US decided it was not worth the effort and money to
figure out what it is all about. Classic example of building a closed
standard and finding the market passing you by IMO.

Wes Noonan
mailinglists () wjnconsulting com  
http://www.wjnconsulting.com  
Hardening Network Infrastructure - A concise how to guide
Available Spring 2004
Order at http://tinyurl.com/2nof4 


-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-
admin () honor icsalabs com] On Behalf Of Rachel Rosencrantz
Sent: Friday, July 16, 2004 10:47
To: avraham shir-el (arthur sherman); firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] iso 17799

From my understanding ISO 17799 receives a lot of focus in Europe,
especially with government agencies, especially in the UK where it started
as BS7799.  For whatever reason it has not received as much attention over
in the USA.  Perhaps it is the IETF/ISO Open/Closed divide.

When I first heard of ISO 17799 you needed to pay to see what was in it.
I
suspect this probably reduced people's familiarity with it, and reduced
how
much anyone would talk about it.  I have seen more mention of ISO 17799 as
of late so it may become more popular/more part of the common knowledge.
Thus far I haven't actually been able to read it, just vague documents
about
it or tips on compliance that were filled with vapid statements.

It appears that earlier versions were not flexible enough, and I still
don't
see much publicly available information on it beyond the "it is a
comprehensive set of controls....".  It makes it a bit hard to evaluate
and
decide if it is any better than say, any of these RFC references:
http://www.more.net/security/best/other.html

-Rachel


On 7/13/04 8:48 AM, "avraham shir-el (arthur sherman)" <avraham () jct ac il>
wrote:


i hope i'm not opening a pandora's box here, but-

i'm following this list for ~ a year now and haven't seen any mention of
iso 17799.
it's defined on their website as
"a comprehensive set of controls comprising best
practices in IS"

i've seen lots on this list about best practices w/o
any refrences to 17799.

any opinions on it?
or does the extremely noticable lack of attention
say it all?
tnx
ams
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: