Educause Security Discussion mailing list archives
Re: Annual Security Report
From: "Sturgis, John (John Sturgis)" <jsturgis () UTK EDU>
Date: Mon, 6 Oct 2014 14:08:03 +0000
While researching this topic for a presentation, I found the linked materials helpful. * Overview of the value/purpose of metrics * Educause article, Cybersecurity: When Will We Know If What We Are Doing Is Working? [http://www.educause.edu/ero/article/cybersecurity-when-will-we-know-if-what-we-are-doing-working] * Guide to selecting which metrics * CIS Quick Start Guide for CIS Consensus Security Metrics v1.0.0, [http://benchmarks.cisecurity.org/downloads/show-single/?file=metrics_guide.100] * The NIST approach to measuring security program maturity * NISTIR 7358, Program Review for Information Security Management Assistance (PRISMA) [http://www.nist.gov/customcf/get_pdf.cfm?pub_id=50907] John P. Sturgis Audit and Consulting Services The University of Tennessee On Oct 6, 2014, at 9:33 AM, Dan Sarazen <dsarazen () BRANDEIS EDU<mailto:dsarazen () BRANDEIS EDU>> wrote: Good Morning All, I have a school that wants to develop an annual IT Security report for Audit Committee, but isn't sure what they want in the report. Has anyone out there developed an annual security report and already has chosen their metrics? If anyone has a template for their report that they are willing to share, it would be appreciated. Many Thanks, Dan Sarazen Sr. IT Auditor The Boston Consortium for Higher Education Dsarazen () boston-consortium org<mailto:Dsarazen () boston-consortium org> 781-296-4444
Current thread:
- Annual Security Report Dan Sarazen (Oct 06)
- Re: Annual Security Report Sturgis, John (John Sturgis) (Oct 06)
- Re: Annual Security Report Nick Lewis (Oct 06)
- Re: Annual Security Report Sturgis, John (John Sturgis) (Oct 06)