Re: security management techniques

["Kalal, Robert (Bob)" <kalal.1 () OSU EDU>]

I don't know what the current pricing is but several years ago we worked out a license for several floating seats of 
campus-wide online access to the whole series. Our contact at the time was:

Mark Brown
Director, Sales
American National Standards Institute (ANSI)
25 West 43rd Street
New York, NY 10036
Phone: 212-642-4935
Fax: 212-719-1679
mbrown () ansi org<mailto:mbrown () ansi org>

Bob Kalal
Director (Retired), IT Policy
Office of the CIO
The Ohio State University



On Jun 15, 2012, at 11:14 AM, Louis Arminio wrote:

If you're just looking for a copy of the standards, ansi.org<http://ansi.org> has them for a reasonable price.  I 
picked up a PDF copy of 27002:2005 for $30 a few years ago.  Looks like it is still available in their store, along 
with other 2700x documents.

http://webstore.ansi.org/RecordDetail.aspx?sku=ISO%2fIEC+27000%3a2009
http://webstore.ansi.org/RecordDetail.aspx?sku=INCITS%2fISO%2fIEC+27001-2005
http://webstore.ansi.org/RecordDetail.aspx?sku=INCITS%2fISO%2fIEC+27002-2005

They also have several bundles that I have not looked at.

--
Lou Arminio
Senior Information Security Analyst
Northern Arizona University
Information Technology Services
1300 S Knoles Dr, NAU Box 5100
Flagstaff, Arizona 86011
Lou.Arminio () nau edu
Ph:(928) 523-6462
Fax:(928) 523-7407

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Pirolo
Sent: Thursday, June 14, 2012 10:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: security management techniques

Hi Tammy,
> From what I'm seeing in this conversation, the 27000 series is where people are heading.  I'm interested in finding 
> out how to get the discount.  We aren't exactly a large institution and I'd be hard pressed to get an approval on 
> purchasing content without seeing it first.  I'm also going to look over the educause info you suggested as well.

Thanks,

David Pirolo


On Thu, 2012-06-14 at 17:07 +0000, Tammy Lynn Clark wrote:
We standardized under the ISO 27000 series (they have standards around
building an effective information security management program based on
evaluating risks, best practices for controls integration, how to
develop a standardized approach to risk management, etc.)  They aren’t
free of charge but there are ways to get the costs reduced.  Feel free
to contact me directly if interested.  The ISO 27000 is a
comprehensive approach (people, process and technology) and you can
then layer in other standards such as NIST or COBIT, based on your
needs.



Take a look at the HEISC Information Security Guide doing searches and
looking at the chapters there will lead  you to a multitude of
resources to examine…  www.educause.edu/security/guide



Best regards!



Tammy L. Clark, CISSP, CISM, CISA, HISP, CRISC, PMP

Chief Information Security Officer

Information Security Coordination

tlclark () gsu edu

404-413-4509