This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Industry:Project Review/NIST SP 800-37r1 FPD Chapter 3"
From OWASP
Dan Philpott (talk | contribs) |
Dan Philpott (talk | contribs) |
||
| Line 9: | Line 9: | ||
EXECUTING THE RISK MANAGEMENT FRAMEWORK TASKS | EXECUTING THE RISK MANAGEMENT FRAMEWORK TASKS | ||
| − | As an overall comment I find that the blocks of text making up these tasks are too dense and need to be broken up into shorter, more targetted segments. NIST SP 800-53r3 made excellent use of exploding out lists which had previously been embedded in paragraphs (e.g., (i) ..., (ii) ..., etc.). Reading security documents is often difficult for people who feel overwhelmed trying to the different data elements | + | As an overall comment I find that the blocks of text making up these tasks are too dense and need to be broken up into shorter, more targetted segments. NIST SP 800-53r3 made excellent use of exploding out lists which had previously been embedded in paragraphs (e.g., (i) ..., (ii) ..., etc.). Reading security documents is often difficult for people who feel overwhelmed trying to link the different data elements into a comprehensive picture. Good writing practice and formatting can make reading dense guidance wording easier, much as good writing and formatting can make reading source code easier. [[User:Dan Philpott|Dan Philpott]] 04:10, 8 December 2009 (UTC) |
=== APPLICATION OF THE RISK MANAGEMENT FRAMEWORK === | === APPLICATION OF THE RISK MANAGEMENT FRAMEWORK === | ||
Revision as of 04:25, 8 December 2009
CHAPTER THREE
THE PROCESS
EXECUTING THE RISK MANAGEMENT FRAMEWORK TASKS
As an overall comment I find that the blocks of text making up these tasks are too dense and need to be broken up into shorter, more targetted segments. NIST SP 800-53r3 made excellent use of exploding out lists which had previously been embedded in paragraphs (e.g., (i) ..., (ii) ..., etc.). Reading security documents is often difficult for people who feel overwhelmed trying to link the different data elements into a comprehensive picture. Good writing practice and formatting can make reading dense guidance wording easier, much as good writing and formatting can make reading source code easier. Dan Philpott 04:10, 8 December 2009 (UTC)
