Firewall Wizards mailing list archives
Re: iso 17799
From: Dana Nowell <DanaNowell () cornerstonesoftware com>
Date: Wed, 21 Jul 2004 19:47:33 -0400
At 07:04 PM 7/21/2004 -0400, Frederick M Avolio wrote:
Years ago Win Treese (Project Athena, DEC Cambridge Research Lab, Open Market, etc.) came to the following conclusion: "not only is all human knowledge on USENET, it's typed in every two weeks. The information you ask for is out there. And it has been repeated multiple times. Having it in one repository only means it is one more place people will ignore. Seriously. Nothing Marcus said earlier in this thread was anything he and others hadn't said 10 years ago. No joke.
I agree lots of the information exists that's the easy part :-). Unfortunately crud exists at a ratio of 10,000,000+ to one gem. If you guys think I'm worried about creating the info, you're wrong, I know a lot of it exists. However, the organization stinks. I search on Google and it takes up to an hour or so to find a good in-depth article on some topic (2,000,000 hits, mostly marketing drivel). Now Paul needs it, so he spends an hour, then Marcus, then ... How about I find it (cost .5 hours, 'cause I'm good;), I post a link somewhere, Paul finds it (cost .1 hour), then Marcus (cost .1 hour) and ... Total number of hours saved per year could be anywhere from zero to a really big number. More available hours is a good thing. Of course this only works if the poster can be trusted and if the deluge of info/links can be categorized/searched/sliced/diced. Now let's toss in any papers written by us for the list (e.g., how does application X's protocol work), post them to a web site and link'em (more grist for the mill). What we have is a pre-vetted 'search result set'. The hard part is the vetting and the organization (search engine?). Toss in some automation to weed dead links periodically and magic, a helpful repository (assuming people actually post to it and the vetting mechanism works). Why is it helpful. People don't post some stuff to the list (risk analysis papers, long documents, sample configs, ...) because it is bad form to force feed it to several thousand uninterested people, we now lose that data/help. We now have a non-intrusive method to make that available. Some people are bad at using search engines and a small 'more on topic' search engine improves their ability to find stuff. Some people have no clue about the topic they are researching, it is new to them. They now have a source 'vetted by peers' to start from. I'm sure several other reasons will occur to others. It seems to me that the technology exists, lots of the information exists, the people with knowledge to separate the wheat from the chaff exist (on this list). What lacks is hosting, disk space, some possibly hard code, a politically correct and workable solution to the vetting issue, and the will to do it.
But, Dana, I have a suggestion. You can gather the answers together and publish them. I am not kidding. Books written by someone who has to actually deal with what they write about are terrific. (Don't take that to mean big sellers... I have personal experience in that area.) And finding someone to publish nowadays is really easy.
IMO, the information is too dynamic. Any book would be obsolete before it hits the store. We need a dynamic resource that ebbs and flows with the changes on the net. A new spiffy killer app/hardware doo-dad/protocol hits the street and we get links to several analysis/review papers, over time (weeks/months/years) the item gets less useful/popular/important, the links decay, and they get weeded from the knowledge base. Books can't really cover that very well. Besides, my spelling stinks ;). -- Dana Nowell Cornerstone Software Inc. Voice: 603-595-7480 Fax: 603-882-7313 email: DanaNowell_at_CornerstoneSoftware.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: irc was Re: iso 17799, (continued)
- Re: irc was Re: iso 17799 Marcus J. Ranum (Jul 21)
- Re: irc was Re: iso 17799 ArkanoiD (Jul 21)
- Re: irc was Re: iso 17799 Marcus J. Ranum (Jul 21)
- Re: iso 17799 Dana Nowell (Jul 21)
- Message not available
- Re: iso 17799 Marcus J. Ranum (Jul 21)
- Re: iso 17799 Dana Nowell (Jul 21)
- Re: iso 17799 R. DuFresne (Jul 22)
- Re: iso 17799 Paul D. Robertson (Jul 22)
- Re: iso 17799 Paul D. Robertson (Jul 26)
- Message not available
- Re: iso 17799 Frederick M Avolio (Jul 21)
- Re: iso 17799 Dana Nowell (Jul 21)
- Message not available
- Re: iso 17799 Frederick M Avolio (Jul 22)
- Re: iso 17799 Dana Nowell (Jul 23)
- Re: iso 17799 ArkanoiD (Jul 26)
- Re: iso 17799 mlh (Jul 27)
- Re: iso 17799 Marcus J. Ranum (Jul 27)
- Re: iso 17799 Dana Nowell (Jul 28)
- Re: iso 17799 George Capehart (Jul 21)
- Re: iso 17799 Julian Gomez (Jul 23)