Firewall Wizards mailing list archives
RE: iso 17799
From: "Wes Noonan" <mailinglists () wjnconsulting com>
Date: Mon, 19 Jul 2004 12:19:50 -0500
I think that by virtue of requiring people to pay to view its recommendations, in conjunction with numerous RFCs that appear to be comparable, most in the US decided it was not worth the effort and money to figure out what it is all about. Classic example of building a closed standard and finding the market passing you by IMO. Wes Noonan mailinglists () wjnconsulting com http://www.wjnconsulting.com Hardening Network Infrastructure - A concise how to guide Available Spring 2004 Order at http://tinyurl.com/2nof4
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards- admin () honor icsalabs com] On Behalf Of Rachel Rosencrantz Sent: Friday, July 16, 2004 10:47 To: avraham shir-el (arthur sherman); firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] iso 17799 From my understanding ISO 17799 receives a lot of focus in Europe, especially with government agencies, especially in the UK where it started as BS7799. For whatever reason it has not received as much attention over in the USA. Perhaps it is the IETF/ISO Open/Closed divide. When I first heard of ISO 17799 you needed to pay to see what was in it. I suspect this probably reduced people's familiarity with it, and reduced how much anyone would talk about it. I have seen more mention of ISO 17799 as of late so it may become more popular/more part of the common knowledge. Thus far I haven't actually been able to read it, just vague documents about it or tips on compliance that were filled with vapid statements. It appears that earlier versions were not flexible enough, and I still don't see much publicly available information on it beyond the "it is a comprehensive set of controls....". It makes it a bit hard to evaluate and decide if it is any better than say, any of these RFC references: http://www.more.net/security/best/other.html -Rachel On 7/13/04 8:48 AM, "avraham shir-el (arthur sherman)" <avraham () jct ac il> wrote:i hope i'm not opening a pandora's box here, but- i'm following this list for ~ a year now and haven't seen any mention of iso 17799. it's defined on their website as "a comprehensive set of controls comprising best practices in IS" i've seen lots on this list about best practices w/o any refrences to 17799. any opinions on it? or does the extremely noticable lack of attention say it all? tnx ams _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- iso 17799 avraham shir-el (arthur sherman) (Jul 15)
- Re: iso 17799 Rachel Rosencrantz (Jul 19)
- RE: iso 17799 Wes Noonan (Jul 19)
- Re: iso 17799 Bennett Todd (Jul 19)
- Re: iso 17799 Chuck Swiger (Jul 19)
- Re: iso 17799 Devdas Bhagat (Jul 19)
- Re: iso 17799 George Capehart (Jul 19)
- Re: iso 17799 Chuck Swiger (Jul 19)
- Re: iso 17799 Paul D. Robertson (Jul 19)
- Re: iso 17799 Marcus J. Ranum (Jul 19)
- Re: iso 17799 George Capehart (Jul 20)
- Re: iso 17799 Marcus J. Ranum (Jul 19)
- Re: iso 17799 Christine Kronberg (Jul 20)
- <Possible follow-ups>
- Re: iso 17799 J. Oquendo (Jul 19)
(Thread continues...)
- Re: iso 17799 Rachel Rosencrantz (Jul 19)