Educause Security Discussion mailing list archives
Re: CIS vs NIST
From: Valdis Kletnieks <valdis.kletnieks () VT EDU>
Date: Mon, 30 Apr 2018 12:08:03 -0400
On Mon, 30 Apr 2018 14:30:23 -0000, "Menne, Michael S" said:
Your list should be based on your own risks. Donât worry about quantifying your risks. A qualitative assessment with some simple numbers would be good enough. Start tracking every event and start developing some simple metrics in order to justify your risk ranking and control priorities.
Also - you *do* have backups of critical systems, they're offsite, and you *test* those backups, right?
Attachment:
_bin
Description:
Current thread:
- CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Chad Tracy (Apr 30)
- Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
- Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
- Re: CIS vs NIST Adam Menos (Apr 30)
- Re: CIS vs NIST Simanovich, Roman (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Edgmand, Craig (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Menne, Michael S (Apr 30)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: CIS vs NIST Bridges, Robert A. (Apr 30)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: CIS vs NIST Bridges, Robert A. (Apr 30)
- Re: CIS vs NIST Kevin Wilcox (May 02)
- Re: CIS vs NIST Bridges, Robert A. (May 03)
- Re: CIS vs NIST Kevin Wilcox (May 03)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- <Possible follow-ups>
- Re: CIS vs NIST Mark Corlew (May 21)
- Re: [External] Re: [SECURITY] CIS vs NIST Bennett, Daniel (May 21)