Educause Security Discussion mailing list archives
Re: ISO 17799/IEC 27001
From: Jim Dillon <Jim.Dillon () CUSYS EDU>
Date: Mon, 4 Dec 2006 19:16:15 -0700
The new Administrative Policy Statements on Security that are headed out for signature any day now were based on a comprehensive 17799 platform. They were reduced to reflect policy vs. procedure (procedural guidance to follow at a later date) and to more clearly define responsibility, but are supposed to still maintain/support the basic 17799 structure. As far as I am aware there are no current plans to certify our programs as compliant, nor do I think that is immediately reasonable across the broad expanse of our several campuses. The current policy design is meant to enable and direct compliance to 17799 standards, but as the final documents aren't yet released I have to hedge my response. The completed process will include procedural guidelines that cover the spectrum according to announced plans. An end-date to this is not yet published, but the process will certainly not be complete for some time. The stated goal of the approach is to allow sufficient procedural autonomy at the various campuses to support their varied missions while providing clear guidance on responsibility to all constituents conforming in general to the standard. Best regards, Jim ***************************************** Jim Dillon, CISA, CISSP IT Audit Manager, CU Internal Audit jim.dillon () cusys edu 303-492-9734 ***************************************** ________________________________ From: George Farah [mailto:george.farah () QUEENSU CA] Sent: Monday, December 04, 2006 8:51 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] ISO 17799/IEC 27001 Good Day, Is anyone aware of any university who used or adopted ISO/IEC 17799/27001 in implementing a security program? Thanks and have a great day George Farah, GIAC/GSEC Gold Information Systems Security Manager IT Services Queen's University Kingston, Ontario, Canada k7l 3n6 Tel 613 533-2638 Fax 613 533-2168 george.farah () queensu ca <mailto:george.farah () queensu ca>
Current thread:
- Re: ISO 17799/IEC 27001, (continued)
- Re: ISO 17799/IEC 27001 Shirley Payne (Dec 04)
- Re: ISO 17799/IEC 27001 Mclaughlin, Kevin L (mclaugkl) (Dec 04)
- Re: ISO 17799/IEC 27001 St Clair, Jim (Dec 04)
- Re: ISO 17799/IEC 27001 Crawford, Charles D (Dec 04)
- Re: ISO 17799/IEC 27001 Wilson Dillaway (Dec 04)
- Re: ISO 17799/IEC 27001 George Farah (Dec 04)
- Re: ISO 17799/IEC 27001 Crawford, Charles D (Dec 04)
- Re: ISO 17799/IEC 27001 Tim Lane (Dec 04)
- Re: ISO 17799/IEC 27001 Gary Dobbins (Dec 04)
- Re: ISO 17799/IEC 27001 Tammy Clark (Dec 04)
- Re: ISO 17799/IEC 27001 Jim Dillon (Dec 04)