in

Commons Blog

May 2007 - Posts

  • It's all About Semantics

    As you can see from the rolling titles on the front page of the ISM Community just getting agreement on simple terminology is not as simple as it could be. Thanks to some great contributions from ebreece, jason and dave we are starting to roll.

    I have added a definition block to the Glossary working document that looks like this and when we are happy with the first set of definitions I will add them.

    Title

    Authentication

    Definition

    The process of determining whether someone or something is, in fact, who or what it has declared itself to be.

    Examples

    User KLO is authenticated as she was able to provide her secret pass code.

    I checked the dollar bill to authenticate that is was indeed real.

    References

    Insert them here

    Notes

    Insert them here

    ISM Community Discussion URL

    http://www.ism-community.org/forums/t/542.aspx

    As always if anyone would like to volunteer to own updating the glossary and can commit to doing so in a regular basis please drop myself or Paul Zedeck an email.

    Posted May 10 2007, 04:18 PM by mcurphey with no comments

  • Welcome to the Commons Project Blog

    Welcome to the Commons Focus Area. I plan to blog post here weekly with news of progress for those that don't want to delve into the forums / mailing lists. You can subscribe to these updates via RSS at the side bar.

    The first project I want to start is an Information Security Glossary. Why you may well ask? There are a million of the things there like NIST surely? Yes and yes! There are many glossaries and some are OK but not one I have found is good for the majority of cases. NIST is very US government centric, others quite frankly confuse the hell out of me and some are just plain old wrong. I think nomenclature does matter and its essential that all of our projects can reference a common source of definitions. Just yesterday I witnessed a dozen mailing to the Security Metrics mailing list debating definitions for Threats and Vulnerabilities.

    Paul Zedeck has made a start by compiling various terms into a spreadsheet that I will be posting in the files area shortly. I will maintain a Word document and add to it gradually. I think the strategy should be to focus on quality definitions and not quantity.

    If you are interested in helping, please email me or join the mailing list / discussion forum.

    Posted May 01 2007, 11:29 AM by mcurphey with no comments
More Posts
All Rights Reserved - The ISM-Community
Powered by Community Server (Commercial Edition), by Telligent Systems