Re: ISO 17799/IEC 27001

[Jim Dillon <Jim.Dillon () CUSYS EDU>]

The new Administrative Policy Statements on Security that are headed out
for signature any day now were based on a comprehensive 17799 platform.
They were reduced to reflect policy vs. procedure (procedural guidance
to follow at a later date) and to more clearly define responsibility,
but are supposed to still maintain/support the basic 17799 structure.
As far as I am aware there are no current plans to certify our programs
as compliant, nor do I think that is immediately reasonable across the
broad expanse of our several campuses.  

 

The current policy design is meant to enable and direct compliance to
17799 standards, but as the final documents aren't yet released I have
to hedge my response.  The completed process will include procedural
guidelines that cover the spectrum according to announced plans.  An
end-date to this is not yet published, but the process will certainly
not be complete for some time.  The stated goal of the approach is to
allow sufficient procedural autonomy at the various campuses to support
their varied missions while providing clear guidance on responsibility
to all constituents conforming in general to the standard.  

 

Best regards,

 

Jim

 

*****************************************

Jim Dillon, CISA, CISSP

IT Audit Manager, CU Internal Audit

jim.dillon () cusys edu

303-492-9734

*****************************************

 

 

________________________________

From: George Farah [mailto:george.farah () QUEENSU CA] 
Sent: Monday, December 04, 2006 8:51 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ISO 17799/IEC 27001

 

Good Day,

 

Is anyone aware of any university who used or adopted ISO/IEC
17799/27001 in implementing a security program?

 

Thanks and have a great day

 

George Farah, GIAC/GSEC Gold
Information Systems Security Manager
IT Services
Queen's University
Kingston, Ontario, Canada k7l 3n6
Tel 613 533-2638
Fax 613 533-2168
george.farah () queensu ca <mailto:george.farah () queensu ca>