BS 7799/ISO 17799
Back to list
Jul 06 2007 04:38AM
iso 27000 (is27001 gmail com)
RE: Control clarification
Jul 06 2007 08:16AM
Maddison, Kirk (Kirk Maddison homegroup org uk)
In ISO/IEC 27001: 2005 A.10.4.2 (Control against mobile code) 'Mobile
Code' refers to software code or scripts that can execute with little or
no interaction from a user. When dealing with this control I typically
consider all host scripting languages that can run on client OS (e.g.
Win32: Windows Script Host, Powershell, Batch / *nix: Bash, CSH).
Things I usually consider are:
* How can mobile code be tested in an isolated environment (i.e. not a
- so admins/developers don't break things!
* Does the use of mobile code be blocked in your environment?
- usually most user do not need to run scripts, so can you block
* How can you block the receipt or execution of mobile code
- Outlook has been quite vulnerable to attack, how can you
prevent mobile code landing in a users inbox?
* How can you prevent unauthorised code from executing?
- Do you need to digitally sign mobile code so that systems will
only execute trusted code?
There are more than this, the above is the tip of the iceberg! I hope
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of iso 27000
Sent: 06 July 2007 05:38
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: Control clarification
What does "mobile code" mean in the context of the control "10.4.2" -
Control against mobile code?
Does this refer to mobile malicious software like worms or some other
custom software code?
This e-mail has been scanned for all viruses by Star. The service is
powered by MessageLabs. For more information on a proactive anti-virus
service working around the clock, around the globe, visit:
The following are all part of Home:
Stonham, Home Scotland, Live Smart @ Home, Copeland Homes, Nashayman Housing.
Home Group Limited* (Charitable I & P Society no. 22981R); Home in Scotland Limited** ( Charitable I & P Society no. 1935R(S). Scottish Charity no. SC005247); Live Smart @ Home Limited* ( Registered in England under no. 03402204); Home Group Developments Limited* ( Registered in England under no. 04664018).
* Registered office address: 2 Gosforth Park Way, Gosforth Business Park, Newcastle upon Tyne NE12 8ET.
** Registered office address: Q Court, Quality Street, Davidson's Mains, Edinburgh EH4 5BP.
Confidentiality: this email and any attachments sent with it are intended only for the use of the person(s) named above, and are confidential. If they have come to you in error you must not act upon them, nor must you copy them, print them or show them to anyone else. Please notify the sender as soon as possible by replying to this email, and then delete this email (and its attachments) from your system. If you require assistance please telephone our Information Systems
Service Desk on +44 (0) 845 155 3222.
Security Warning: email transmission cannot be guaranteed to be secure or error free. The sender does not accept any liability for any errors or omissions in the contents of this notice that arise as a result of email transmission. If you require verification of this email or any attachment sent with it, please request a hard copy version.
Viruses: in keeping with good computing practice we take reasonable measures to scan emails and attachments prior to their transmission. However, it is your responsibility to take precautions to check for and to protect against viruses. We accept no liability for loss or damage caused by any virus transmitted by this email. You should carry out your own virus check before opening this email and any attachment(s) sent with it.
This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
[ reply ]
Copyright 2010, SecurityFocus