Educause Security Discussion mailing list archives
Re: security management techniques
From: "Kalal, Robert (Bob)" <kalal.1 () OSU EDU>
Date: Fri, 15 Jun 2012 15:48:14 +0000
I don't know what the current pricing is but several years ago we worked out a license for several floating seats of campus-wide online access to the whole series. Our contact at the time was: Mark Brown Director, Sales American National Standards Institute (ANSI) 25 West 43rd Street New York, NY 10036 Phone: 212-642-4935 Fax: 212-719-1679 mbrown () ansi org<mailto:mbrown () ansi org> Bob Kalal Director (Retired), IT Policy Office of the CIO The Ohio State University On Jun 15, 2012, at 11:14 AM, Louis Arminio wrote: If you're just looking for a copy of the standards, ansi.org<http://ansi.org> has them for a reasonable price. I picked up a PDF copy of 27002:2005 for $30 a few years ago. Looks like it is still available in their store, along with other 2700x documents. http://webstore.ansi.org/RecordDetail.aspx?sku=ISO%2fIEC+27000%3a2009 http://webstore.ansi.org/RecordDetail.aspx?sku=INCITS%2fISO%2fIEC+27001-2005 http://webstore.ansi.org/RecordDetail.aspx?sku=INCITS%2fISO%2fIEC+27002-2005 They also have several bundles that I have not looked at. -- Lou Arminio Senior Information Security Analyst Northern Arizona University Information Technology Services 1300 S Knoles Dr, NAU Box 5100 Flagstaff, Arizona 86011 Lou.Arminio () nau edu Ph:(928) 523-6462 Fax:(928) 523-7407 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Pirolo Sent: Thursday, June 14, 2012 10:52 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: security management techniques Hi Tammy,
From what I'm seeing in this conversation, the 27000 series is where people are heading. I'm interested in finding out how to get the discount. We aren't exactly a large institution and I'd be hard pressed to get an approval on purchasing content without seeing it first. I'm also going to look over the educause info you suggested as well.
Thanks, David Pirolo On Thu, 2012-06-14 at 17:07 +0000, Tammy Lynn Clark wrote: We standardized under the ISO 27000 series (they have standards around building an effective information security management program based on evaluating risks, best practices for controls integration, how to develop a standardized approach to risk management, etc.) They aren’t free of charge but there are ways to get the costs reduced. Feel free to contact me directly if interested. The ISO 27000 is a comprehensive approach (people, process and technology) and you can then layer in other standards such as NIST or COBIT, based on your needs. Take a look at the HEISC Information Security Guide doing searches and looking at the chapters there will lead you to a multitude of resources to examine… www.educause.edu/security/guide Best regards! Tammy L. Clark, CISSP, CISM, CISA, HISP, CRISC, PMP Chief Information Security Officer Information Security Coordination tlclark () gsu edu 404-413-4509
Current thread:
- Re: security management techniques, (continued)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Carlos Lobato (Jun 14)
- Re: security management techniques Shawn Kohrman (Jun 14)
- Re: security management techniques Tammy Lynn Clark (Jun 14)
- Re: security management techniques David Pirolo (Jun 14)
- Re: security management techniques Carson, Larry (Jun 14)
- Re: security management techniques Louis Arminio (Jun 15)
- Re: security management techniques Kalal, Robert (Bob) (Jun 15)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques David Pirolo (Jun 18)