Educause Security Discussion mailing list archives
Re: System Hardening Standards
From: "Shankar, Anurag" <ashankar () IU EDU>
Date: Mon, 14 Nov 2016 20:48:28 +0000
Hello Justin, We use NIST 800-53, but only as a tool that informs the process for hardening our central systems to meet HIPAA standards. We start by documenting the existing 800-53 controls, using it as a catalog of all controls known to man (or woman), so as not to miss any control that might apply. We then do an assessment to determine if each missing (or mis-implemented) control represents risk for the specific environment the system is in and the typical workflows it handles. It’s basically poor man’s system threat modeling. Regards, Anurag --- Anurag Shankar, Ph.D. Email: ashankar [at] iu.edu Phone: +1 (812) 856-6978 Center for Applied Cybersecurity Research, Pervasive Technology Institute, Indiana University 2719 E. 10th Street, Suite 231, Bloomington, IN 47408 On 11/14/16, 12:36 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Justin Harwood" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of Justin.Harwood () CPCC EDU> wrote: Hello, Can someone recommend what you have used in the EDU space for system hardening standards that works well? ________________________________ This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and proprietary information. If you are not the intended recipient, you are hereby notified that any retention, dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.
Attachment:
smime.p7s
Description:
Current thread:
- System Hardening Standards Justin Harwood (Nov 14)
- Re: System Hardening Standards Adam Maynard (Nov 14)
- Re: System Hardening Standards Jessica Odom (Nov 14)
- Re: System Hardening Standards Valdis Kletnieks (Nov 15)
- Re: System Hardening Standards Harry Hoffman (Nov 15)
- Re: System Hardening Standards Eric Lukens (Nov 15)
- Re: System Hardening Standards Jessica Odom (Nov 14)
- Re: System Hardening Standards Taylor Randle (Nov 14)
- Re: System Hardening Standards Adam Maynard (Nov 14)
- <Possible follow-ups>
- Re: System Hardening Standards Shankar, Anurag (Nov 14)