Educause Security Discussion mailing list archives
Re: ISO27002 vs ISO27006
From: Leon DuPree <duprleo () GMAIL COM>
Date: Wed, 15 Oct 2014 15:43:30 -0400
Question does anyone use Qradar Dashboards Reporting for Complaince to HIPAA & Sox? It looks like those together would provide me with a Baseline to satify CMS and IRS Compliance for capturing log events Leon DuPree On Mon, Sep 15, 2014 at 7:23 AM, Dan Sarazen <dsarazen () brandeis edu> wrote:
Good Morning, I have a school (Not Brandeis) that is using ISO27006 as the foundation for their Information Security Policy. I'm used to seeing IS policies based on ISO27002 or even the NIST 800 series. My understanding of ISO27006 is that it outlines the audit processes organizations should use to audit and certify their process, versus ISO27002 which is an actual suite of controls that should be considered. Does anyone have any feedback on this? Thanks Dan
-- Leon DuPree 2 Timothy 2:15 Study to shew thyself approved unto God, a workman that needeth not to be ashamed, rightly dividing the word of truth.
Current thread:
- Re: ISO27002 vs ISO27006 Leon DuPree (Oct 15)