Educause Security Discussion mailing list archives
Re: ISO 27000
From: "Davis, Thomas R" <tdavis () IU EDU>
Date: Fri, 15 Jan 2010 08:50:34 -0500
Our Information Security and Privacy Program[1] is based on the ISO standards. It's a work in progress (i.e., some domains are lacking information), but it shows the direction we're heading. [1] http://informationsecurity.iu.edu/program/ -- Tom Davis, CISSP, CISM Chief Information Security Officer Information and Infrastructure Assurance Office of the VP for Information Technology and CIO Indiana University https://informationsecurity.iu.edu/Tom_Davis On Jan 14, 2010, at 3:42 PM, Leilani Lauger wrote:
We are trying to gather information about how our peers are using the ISO 27000 standards. Is anyone using standards to formally evaluate a security program or as a framework for building a new program? Are they being used as a complete body of work or to inform individual aspects of a security program? We appreciate any feedback. Thank you, Leilani Lauger Information Security Officer Loyola University Chicago 773.508.6086 llauger () luc edu
Current thread:
- ISO 27000 Leilani Lauger (Jan 14)
- <Possible follow-ups>
- Re: ISO 27000 Lorenz, Eva (Jan 14)
- Re: ISO 27000 Scott Sweren (Jan 15)
- Re: ISO 27000 Davis, Thomas R (Jan 15)
- Re: ISO 27000 Payne, Shirley (scp8b) (Jan 15)
- Re: ISO 27000 Drews, Jane E (Jan 15)
- Re: ISO 27000 Chris Bennett (Jan 15)
- Re: ISO 27000 Heidi Wachs (Jan 15)
- Re: ISO 27000 Alex Brown (Jan 15)
- Re: ISO 27000 Hugh Burley (Jan 18)
- Re: ISO 27000 Lorenz, Eva (Jan 19)