Bill,
I've made a few (OK, a bunch) of suggestions. Use any of them you think are
worthwhile. I added them to Joe's suggestions.
--
Regards,
Brian Smithson
PMP, CSM, CISSP, CISA, ISO 27000 PA
Security Research, Planning
Advanced Customer Technologies
Ricoh Americas Corporation
bsmithson at ricohsv.com
(408)346-4435
On 2/9/2011 1:47 PM, Murdock, Joe wrote:
>> Bill,
>>>> I've made a few suggested update inline:
>>>>ftp://ftp.pwg.org/pub/pwg/general/MPSA/Access_article_110209jbm.doc>>>> Joe
>>>>>> *From:*ids-bounces at pwg.org [mailto:ids-bounces at pwg.org] *On Behalf Of
> *William Wagner
> *Sent:* Wednesday, February 09, 2011 1:11 PM
> *To:* 'Michael Sweet'
> *Cc:* mfd at pwg.org; ids at pwg.org; wims at pwg.org> *Subject:* [IDS] RE: [WIMS] MPSA Security Article
>>>> Many thanks to Michael for his comments...they have been reflected in the
> text. Any more comments, suggestions additions or deletions? I would
> like to send this to Jim by tomorrow afternoon.
>>>> Thanks,
>>>> Bill Wagner
>>>> *From:*Michael Sweet [mailto:msweet at apple.com]
> *Sent:* Tuesday, February 08, 2011 5:46 PM
> *To:* William Wagner
> *Cc:* wims at pwg.org; ids at pwg.org; mfd at pwg.org> *Subject:* Re: [WIMS] MPSA Security Article
>>>> On Feb 6, 2011, at 12:56 AM, William Wagner wrote:
>> An updated version reflecting comments made during the February
> face-to-face is posted at :
>>ftp://ftp.pwg.org/pub/pwg/general/MPSA/Access_article_110205.pdf and
>>ftp://ftp.pwg.org/pub/pwg/general/MPSA/Access_article_110205.doc>>>> This includes a short biblio and a set of survey questions.
>>>> Comments and corrections are solicited. It is our objective to
> finalize this information and send it to MPSA by 10 February so that
> it can be posted next weekend.
>>>> Comments (on the PDF version):
>>>> Page 3: At the end of the first paragraph under "Log Generation and
> Availability", you have "... is often required for security purposes,
> (audit log), sometimes with alerts ..." - I don't think you meant to put
> commas around the parenthetical "audit log"...
>>>> Page 3: Paragraph starting with "Although the most secure approach"
> doesn't finish the thought. I think combining the first two sentences
> makes it clearer, e.g.:
>>>> Although the most secure approach is for devices to continually send
> out log information to an external repository as events occur, this
> is often neither practical nor justifiable.
>>>> Page 7: Question 6 is multiple choice, right?
>>>> Page 8: Question 7 could also be multiple choice for a, b, or c... My
> recommendation would be to break this into two questions: "If you are
> implementing logging, where is it kept?" and "How to you implement
> billing?" with "Logs", "Simple copy count", "other", and "not implementing
> billing".
>>>> Otherwise shaping up very nicely - thanks for working on this, Bill!
>>>> ________________________________________________________________________
>> Michael Sweet, Senior Printing System Engineer, PWG Chair
>>>>>>>>> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
>>> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
>>> _______________________________________________
> ids mailing list
>ids at pwg.org>https://www.pwg.org/mailman/listinfo/ids
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/mfd/attachments/20110209/ae465f8e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Access_article_110209jbm+bjs.doc
Type: application/msword
Size: 84992 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/mfd/attachments/20110209/ae465f8e/attachment.doc>