Educause Security Discussion mailing list archives

Re: CIS vs NIST

From: Adam Menos <amenos () ARTIC EDU>
Date: Mon, 30 Apr 2018 14:01:18 +0000

CIS top 5 would be a good start.

https://learn.cisecurity.org/first-five-controls-download


On Mon, Apr 30, 2018 at 8:49 AM Davis, Chris <CDavis () lourdes edu> wrote:

We are a very small school and are just getting started with infosec.  We
are evaluating frameworks and seem to be wavering between CIS and NIST
800-171.



My thoughts are that CIS will be easier for us to implement and manage
long-term given our limited resources.  But we have compliance issues to
consider just like everyone else – HIPAA, PCI, FEPRA, GLBA, etc.



Given those parameters, which do you think would be more successful for us
– CIS or 800-171?



Thanks!



Chris



*Christopher Davis, Ph.D.*

Chief Information Officer

Lourdes University

6832 Convent Blvd
<https://maps.google.com/?q=6832+Convent+Blvd&entry=gmail&source=g> | REH
003P | Sylvania, OH 43560

cdavis () lourdes edu



*CyberAware – Be aware. Stay Secure.*

Lourdes University will never ask you to send sensitive information
through unsecure channels. Report any message that asks you to provide or
confirm personal information such as credit card and/or bank
account numbers, Social Security numbers, passwords, etc. or any other
suspicious activity to infosec () lourdes edu. For more information please
visit lourdes.edu/cyberaware.



CONFIDENTIALITY NOTICE: The contents of this email message and any
attachments are intended solely for the addressee(s) and may
contain confidential and/or privileged information and may be
legally protected from disclosure. If you are not the intended recipient of
this message or their agent, or if this message has been addressed to
you in error, please immediately alert the sender by reply email and then
delete this message and any attachments. If you are not the intended
recipient, you are hereby notified that any use, dissemination, copying, or
storage of this message or its attachments is strictly prohibited.

-- 

Adam Menos
Director of Information Security

116 S Michigan Ave | Chicago, IL 60603
*Office:* 312.499.4031
*amenos () artic edu* <amenos () artic edu>
<http://www.artic.edu/> <http://www.saic.edu/>
<http://www.saic.edu/>   <http://www.artic.edu>

Current thread:

CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Chad Tracy (Apr 30)
- Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
  - Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
    - Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Adam Menos (Apr 30)
- Re: CIS vs NIST Simanovich, Roman (Apr 30)
  - Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
    - Re: [External Sender] Re: [SECURITY] CIS vs NIST Edgmand, Craig (Apr 30)
- Re: CIS vs NIST Menne, Michael S (Apr 30)
  - Re: CIS vs NIST Valdis Kletnieks (Apr 30)
    - Re: CIS vs NIST Bridges, Robert A. (Apr 30)
    - Re: CIS vs NIST Valdis Kletnieks (Apr 30)
    - Re: CIS vs NIST Bridges, Robert A. (Apr 30)
    - Re: CIS vs NIST Kevin Wilcox (May 02)
    - Re: CIS vs NIST Bridges, Robert A. (May 03)

(Thread continues...)