Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Jeff Johnson's CAMM work

From: genek () tripwiresecurity com (Gene Kim)
Date: Thu, 23 Dec 1999 11:58:31 -0800

Hey, guys...

Here is a summary of the information that was sent to me regarding Jeff
Johnson's Computer Assurance Maturity Model (CAMM) work.

1.  Jeff Johnson is now CEO of META Security Group.  CAMM work is still in
development, but is temporarily on hold due to company building.  (Thanks
Jackie Chan [blue0ne () igloo org] and Jeff Johnson
[Jeff.Johnson () metagroup com])

2.  b.g.miller [b.g.miller () home com] pointed me to http://www.sse-cmm.org/
which is an effort to apply CMM software engineering concepts to security
engineering.  Looks like CSI, ICSA, and NSA are involved.

3.  Max Vision [vision () whitehats com] provided the following two links:

http://xent.ics.uci.edu/FoRK-archive/oct97/0036.html
http://xent.ics.uci.edu/FoRK-archive/oct97/0039.html

Again, thanks for all the helpful info!

Cheers,
Gene

Gene Kim (mailto:genek () tripwiresecurity com)
Chief Technology Officer
Tripwire, Inc. (http://www.tripwiresecurity.com)
1631 NW Thurman St., 1st Floor
Portland, OR 97209
Office: 503-223-0280
Fax:    503-223-0182 

Tripwire in the news!
http://www.forbes.com/asap/html/99/0615/feat.htm

Tripwire is Linux World Security Editor's Choice!
http://www.wpi.com/linuxworld/lw-ec-winners.html
 
-----Original Message-----
From: Gene Kim [mailto:genek () tripwiresecurity com]
Sent: Monday, December 20, 1999 9:25 AM
To: 'Max Vision'
Cc: ids () uow edu au
Subject: IDS: Jeff Johnson's CAMM work

To everyone:  Thank you all for the great information on Jeff Johnson's work
-- in fact, Jeff dropped me a note on Saturday.
(Unfortunately, I wasn't able to send out my reply until today, due to
traveling and troubles with VPN -- but that's another story.  :-)
Does anyone find it just a little amazing that not only did I get all these
great references to CAMM, but I also heard from Jeff himself.  For your
amusement, let me extend an analogy that I gave Gene Spafford seven years
ago:
One afternoon, a wild-eyed and disheveled person walks into a grocery store,
shuffles to the middle of the produce section, and then proceeds to scream
out, "I demand to speak to the inventor of Charmin!  I want to know what
kind of trees you use, and I've got eighteen secret brilliant ideas that you
need me to tell you!  Now!"
Amazingly, numerous fellow customers around him proceed to tell him where he
can find the Charmin inventor (whose name is Bob, by the way), one tells him
Bob's home telephone number, two people promise to convey the note to Bob,
and most amazingly, Bob appears from behind the banana display and actually
engages him in a conversation.
Pretty amazing world we live in, huh?  :-) 
Thanks again! 
Cheers, 
Gene 
--- 
Gene Kim (mailto:genek () tripwiresecurity com) 
Chief Technology Officer 
Tripwire, Inc. (http://www.tripwiresecurity.com) 
1631 NW Thurman St., 1st Floor 
Portland, OR 97209 
Office: 503-223-0280 
Fax:    503-223-0182 
Tripwire in the news! 
http://www.forbes.com/asap/html/99/0615/feat.htm 
Tripwire is Linux World Security Editor's Choice! 
http://www.wpi.com/linuxworld/lw-ec-winners.html 

-----Original Message----- 
From: Max Vision [mailto:vision () whitehats com] 
Sent: Saturday, December 11, 1999 5:33 AM 
To: Gene Kim 
Subject: Re: IDS: Jeff Johnson's CMM security model -- any pointers? 


http://xent.ics.uci.edu/FoRK-archive/oct97/0036.html 
http://xent.ics.uci.edu/FoRK-archive/oct97/0039.html 

On Fri, 10 Dec 1999, Gene Kim wrote: 


Hey, all... 

A couple of months back, I was talking with Karen Worstell, and she 
mentioned some work that Jeff Johnson had done a while 

back, basically 

creating something like a Security Capability Maturity Model. 

Does anyone know where I can find a reference to this, and 

better yet, know 

how to reach Jeff Johnson these days?  

The model was pretty interesting.  It reminds me of a 

presentation that I 

saw from Stephen Katz about the Citicorp ISEM model, which 

measures the 

security awareness of an organization, from complacency, awareness, 
integration, measurement, and continual improvement.  (My 

paraphrase, 

unfortunately...) 

Thanks a bunch... 

Cheers, 
Gene 

--- 
Gene Kim (mailto:genek () tripwiresecurity com) 
Chief Technology Officer 
Tripwire, Inc. (http://www.tripwiresecurity.com) 
1631 NW Thurman St., 1st Floor 
Portland, OR 97209 
Office: 503-223-0280 
Fax:    503-223-0182 

Tripwire in the news! 
http://www.forbes.com/asap/html/99/0615/feat.htm 

Tripwire is Linux World Security Editor's Choice! 
http://www.wpi.com/linuxworld/lw-ec-winners.html
Previous By Date Next
Previous By Thread Next

Current thread: