Educause Security Discussion mailing list archives
Re: security management techniques
From: "Stephen C. Gay" <sgay () KENNESAW EDU>
Date: Thu, 14 Jun 2012 12:52:41 -0400
David, When founded in 2006, we designed our program at Kennesaw State University around NIST's 800-53 classes (technical, operational, and managerial). All projects were mapped into these categories and it was easy to communicate to a technical / InfoSec audience. Even so, we found the classes did not lend themselves to mapping into the mission of the organization nor proactive safeguards. We transitioned our program over to the ISO 27001 framework in 2011 and it has provided for a more complete picture of our information security program. We did pay for the documents (cost is fairly reasonable) but you may want to start with the numerous Educause presentations regarding the framework. They will give you the general idea and touch on advantages / disadvantages. Stephen C Gay CISSP CISA ITS Associate Director - Information Security Office KSU Information Security Officer Kennesaw State University sgay () kennesaw edu ----- Original Message ----- From: "David Pirolo" <webmaster () WARNERPACIFIC EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Thursday, June 14, 2012 12:09:57 AM Subject: [SECURITY] security management techniques Just wondering if any other schools have standardized on any of these security management techniques. ISO 17799 / 27001, COBIT, NIST, ENISA, OASIS, OWASP, etc. If so, I'd be interested in your feedback of such. Unless I'm grossly missing something, it seems like one has to pay to get the ISO standards from ISO.org/ANSI. That doesn't make sense... -David
Current thread:
- Nginx vs. Apache2 for web service Aaron Hockett (Jun 12)
- Re: Nginx vs. Apache2 for web service John Ladwig (Jun 12)
- security management techniques David Pirolo (Jun 14)
- Re: security management techniques Stephen C. Gay (Jun 14)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Carlos Lobato (Jun 14)
- security management techniques David Pirolo (Jun 14)
- Re: Nginx vs. Apache2 for web service John Ladwig (Jun 12)
- Re: security management techniques Shawn Kohrman (Jun 14)
- Re: security management techniques Tammy Lynn Clark (Jun 14)
- Re: security management techniques David Pirolo (Jun 14)
- Re: security management techniques Carson, Larry (Jun 14)
- Re: security management techniques Louis Arminio (Jun 15)