Educause Security Discussion mailing list archives
Re: security management techniques
From: Tammy Lynn Clark <tlclark () GSU EDU>
Date: Thu, 14 Jun 2012 17:07:50 +0000
We standardized under the ISO 27000 series (they have standards around building an effective information security management program based on evaluating risks, best practices for controls integration, how to develop a standardized approach to risk management, etc.) They aren't free of charge but there are ways to get the costs reduced. Feel free to contact me directly if interested. The ISO 27000 is a comprehensive approach (people, process and technology) and you can then layer in other standards such as NIST or COBIT, based on your needs. Take a look at the HEISC Information Security Guide doing searches and looking at the chapters there will lead you to a multitude of resources to examine... www.educause.edu/security/guide Best regards! Tammy L. Clark, CISSP, CISM, CISA, HISP, CRISC, PMP Chief Information Security Officer Information Security Coordination tlclark () gsu edu<mailto:tlclark () gsu edu> 404-413-4509 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn Kohrman Sent: Thursday, June 14, 2012 12:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] security management techniques Since we are starting to build our program here, we are looking at COBIT, ISO 27001, and NIST for possible implementation. In reviewing them, I think we're most likely to move towards the ISO 27001 series. However, we're still investigating. Shawn ----- Shawn A. Kohrman, Security Architect Azusa Pacific University Information & Media Technology 901 E. Alosta Ave., PO Box 7000 Azusa, CA 91702-7000 P: 626.815.2054 | F: 626.815.2061 | http://www.apu.edu/ ----- On Wed, Jun 13, 2012 at 9:09 PM, David Pirolo <webmaster () warnerpacific edu<mailto:webmaster () warnerpacific edu>> wrote: Just wondering if any other schools have standardized on any of these security management techniques. ISO 17799 / 27001, COBIT, NIST, ENISA, OASIS, OWASP, etc. If so, I'd be interested in your feedback of such. Unless I'm grossly missing something, it seems like one has to pay to get the ISO standards from ISO.org/ANSI. That doesn't make sense... -David
Current thread:
- Nginx vs. Apache2 for web service Aaron Hockett (Jun 12)
- Re: Nginx vs. Apache2 for web service John Ladwig (Jun 12)
- security management techniques David Pirolo (Jun 14)
- Re: security management techniques Stephen C. Gay (Jun 14)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Carlos Lobato (Jun 14)
- security management techniques David Pirolo (Jun 14)
- Re: Nginx vs. Apache2 for web service John Ladwig (Jun 12)
- Re: security management techniques Shawn Kohrman (Jun 14)
- Re: security management techniques Tammy Lynn Clark (Jun 14)
- Re: security management techniques David Pirolo (Jun 14)
- Re: security management techniques Carson, Larry (Jun 14)
- Re: security management techniques Louis Arminio (Jun 15)
- Re: security management techniques Kalal, Robert (Bob) (Jun 15)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques David Pirolo (Jun 18)