Charter and direction of the SSPHWG
"SSPHWG-Co-chairs" <ph@cert.sei.cmu.edu> Fri, 06 April 1990 20:31 UTC
Received: from XX0.CERT.SEI.CMU.EDU by cert.sei.cmu.edu (5.61/2.2) id AA06799; Fri, 6 Apr 90 16:31:58 -0400
Received: from localhost by xx1.cert.sei.cmu.edu (5.61/2.3) id AA00275; Fri, 6 Apr 90 16:31:54 -0400
Message-Id: <9004062031.AA00275@xx1.cert.sei.cmu.edu>
To: ssphwg@cert.sei.cmu.edu
Cc: jkrey@isi.edu
From: SSPHWG-Co-chairs <ph@cert.sei.cmu.edu>
Subject: Charter and direction of the SSPHWG
Date: Fri, 06 Apr 1990 16:31:51 -0400
Sender: ph@cert.sei.cmu.edu
As a few messages have already made clear, now is a good time to clarify what is this group about and what we hope to accomplish. I've included the charter again at the end of this message to refresh your memories. Those who joined from the post on the CERT-Tools list saw an abridged version of this charter, so please review it again. We'd like to take this opportunity to set expectations and goals. We hope that by letting everyone know what we believe the group is (and isn't) we'll have a better chance of coming to some agreement in developing a quality handbook that can be produced in a timely manner. This mailing list is the discussion forum for an IETF Working Group. This list is not a general discussion list for security problems. Rather, we hope that it will be a means for constructive input into actually producing a useful handbook for the Internet community. Appropriate topics include anything having to do with security policy, what to do during and after an incident, legal issues, and anything else related to the task of getting the handbook out. In general, technical discussion of security problems is probably not appropriate. Although discussions of these kinds of issues are useful, this group was not created to address those issues. Discussions of technical questions is appropriate to the cert-tools list, which is a moderated discussion of security tools and techniques. For more information, contact: cert-tools-request@cert.sei.cmu.edu. We hope to have a high standard of messages. As a model, consider the RISKS digest moderated by Peter Neumann. Some suggested guidelines for contributions: - Messages that describe your experiences or your needs in dealing with security at your site are especially welcome. If we are going to produce a handbook that well help people with the security problem, we need to know what kind of problems people are facing. - Please consider whether the entire group would benefit from reading your message. If you are responding to another person's comments, consider responding directly to the person and summarizing to the list. - If you disagree with someone else's post, please give some cogent reasons why and suggest an alternative. Please avoid flaming. We're not trying to discourage contributions. Rather, we want an informed discussion that will help us all understand the problem better. The list is currently unmoderated, but if the traffic on the list warrants it we will change to a moderated list. We'll post several more messages outlining the next steps for this group. Site Security Policy Handbook Working Group (SSPHWG) Co-Chairs: Paul Holbrook/CERT ph@CERT.SEI.CMU.EDU Joyce K. Reynolds/USC-ISI jkrey@ISI.EDU Mailing lists: General discussion: ssphwg@cert.sei.cmu.edu To subscribe: ssphwg-request@cert.sei.cmu.edu Description of Working Group: The Site Security Policy Handbook Working Group is chartered to create a handbook that will help sites develop their own site-specific policies and procedures to deal with computer security problems and their prevention. Objectives: Among the issues to be considered in this group are: 1) Establishing official site policy on computer security. 2) Establishing procedures to prevent security problems. 3) Establishing procedures to use when unauthorized activity occurs. 4) Establishing post-incident procedures. A specific schedule of activities will be worked out in the near future. This group will meet at the next IETF meeting, in Pittsburgh. The formation of this group provided an excellent opportunity for cooperation between areas within the new IESG structure. The User Services director (Craig Partridge) and the Security Area director (Steve Crocker) joined together to support the formation of this working group. After some discussion, it was agreed to place administrative responsibility for this group within the security area, but the work will be reported to and reviewed by both areas in parallel. J. Paul Holbrook Joyce K. Reynolds SSPHWG/co-chairs
- Charter and direction of the SSPHWG SSPHWG-Co-chairs