Educause Security Discussion mailing list archives
Re: ISO Cybersecurity Umbrella Policy
From: Sol Bermann <solb () UMICH EDU>
Date: Wed, 4 Mar 2020 09:36:03 -0500
University of Michigan materials here Policy https://spg.umich.edu/policy/601.27 Standards (we fairly recently evolved past guidelines) https://safecomputing.umich.edu/information-security-requirements Sol Bermann Chief Information Security Officer Executive Director of Information Assurance University of Michigan 734/615-9661 solb () umich edu https://www.safecomputing.umich.edu/ https://safecomputing.umich.edu/six-words-about-privacy On Wed, Mar 4, 2020 at 1:58 AM Robert Smith <Robert.Smith () ucop edu> wrote:
Hello, The University of California has one overarching policy and is supplemented by 9 supporting standards. It's all on-line here: https://security.ucop.edu/policies/ I am happy to talk to you about our program. Have a topnotch day, Robert Smith, CISSP, PMP University of California Office of the President (510) 587-6244 (o) robert.smith () ucop edu -----Original Message----- From: The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Laura Raderman Sent: Tuesday, March 3, 2020 7:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] ISO Cybersecurity Umbrella Policy CMU’s overarching policy is simple: https://www.cmu.edu/policies/information-technology/information-security-policy.html We just published updated guidelines that cover the expected controls at each level of our data classification at: https://www.cmu.edu/iso/governance/guidelines/data-protection/index.html The Guidelines are intentionally rather vague to allow for different ways to implement them. We’re working closely with our various system teams to create standards that give more concrete examples of how the guidelines should be met, but we’re not there yet. Laura Laura Raderman ISO Policy & Compliance Coordinator Carnegie Mellon University lraderman () cmu eduOn Mar 3, 2020, at 9:07 AM, Schwartz, John <jschwartz () WPI EDU> wrote: Hello All, We are currently in the process of refreshing our Security Policies, andbased on feedback from our Trustees, we are looking to create "overarching" Cybersecurity Umbrella Policy that covers a range of IT security controls from hardware, software and access control to network security.Does anyone have a similar policy that you would be willing to share? Thank you. John Schwartz – CRISC, CISA, CIA Chief Information Security Officer (CISO) <image001.png> Worcester Polytechnic Institute 100 Institute Road Worcester, MA. 01609-2280 USA e-mail: jschwartz () wpi edu p: 508-831-6868 ********** Replies to EDUCAUSE Community Group emails are sent to the entirecommunity list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- ISO Cybersecurity Umbrella Policy Schwartz, John (Mar 03)
- Re: ISO Cybersecurity Umbrella Policy Rob Milman (Mar 03)
- Re: ISO Cybersecurity Umbrella Policy randy (Mar 03)
- Re: ISO Cybersecurity Umbrella Policy Laura Raderman (Mar 03)
- Re: ISO Cybersecurity Umbrella Policy Robert Smith (Mar 03)
- Re: ISO Cybersecurity Umbrella Policy Sol Bermann (Mar 04)
- Re: ISO Cybersecurity Umbrella Policy Robert Smith (Mar 03)