Re: ISO Cybersecurity Umbrella Policy

[Sol Bermann <solb () UMICH EDU>]

University of Michigan materials here

Policy
https://spg.umich.edu/policy/601.27

Standards (we fairly recently evolved past guidelines)
https://safecomputing.umich.edu/information-security-requirements

Sol Bermann
Chief Information Security Officer
Executive Director of Information Assurance
University of Michigan

734/615-9661
solb () umich edu
https://www.safecomputing.umich.edu/
https://safecomputing.umich.edu/six-words-about-privacy




On Wed, Mar 4, 2020 at 1:58 AM Robert Smith <Robert.Smith () ucop edu> wrote:

> Hello,
>
> The University of California has one overarching policy and is
> supplemented by 9 supporting standards. It's all on-line here:
>
> https://security.ucop.edu/policies/
>
> I am happy to talk to you about our program.
>
> Have a topnotch day,
> Robert Smith, CISSP, PMP
> University of California Office of the President
> (510) 587-6244 (o)
> robert.smith () ucop edu
>
> -----Original Message-----
> From: The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Laura Raderman
> Sent: Tuesday, March 3, 2020 7:16 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] ISO Cybersecurity Umbrella Policy
>
> CMU’s overarching policy is simple:
> https://www.cmu.edu/policies/information-technology/information-security-policy.html
>
> We just published updated guidelines that cover the expected controls at
> each level of our data classification at:
> https://www.cmu.edu/iso/governance/guidelines/data-protection/index.html
>
> The Guidelines are intentionally rather vague to allow for different ways
> to implement them.  We’re working closely with our various system teams to
> create standards that give more concrete examples of how the guidelines
> should be met, but we’re not there yet.
>
> Laura
>
>
> Laura Raderman
> ISO Policy & Compliance Coordinator
> Carnegie Mellon University
> lraderman () cmu edu
>
> > On Mar 3, 2020, at 9:07 AM, Schwartz, John <jschwartz () WPI EDU> wrote:
> >
> > Hello All,
> > We are currently in the process of refreshing our Security Policies, and
> based on feedback from our Trustees, we are looking to create "overarching"
> Cybersecurity Umbrella Policy that covers a range of IT security controls
> from hardware, software and access control to network security.
> > Does anyone have a similar policy that you would be willing to share?
> > Thank you.
> >
> > John Schwartz – CRISC, CISA, CIA
> > Chief Information Security Officer (CISO)
> >
> > <image001.png>
> > Worcester Polytechnic Institute
> > 100 Institute Road
> > Worcester, MA. 01609-2280 USA
> > e-mail: jschwartz () wpi edu
> > p: 508-831-6868
> >
> > **********
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> >
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community