Educause Security Discussion mailing list archives

Re: CIS vs NIST

From: Valdis Kletnieks <valdis.kletnieks () VT EDU>
Date: Mon, 30 Apr 2018 12:08:03 -0400

On Mon, 30 Apr 2018 14:30:23 -0000, "Menne, Michael S" said:

Your list should be based on your own risks. Donât worry about quantifying
your risks. A qualitative assessment with some simple numbers would be good
enough.  Start tracking every event and start developing some simple metrics in
order to justify your risk ranking and control priorities.


Also - you *do* have backups of critical systems, they're offsite, and you
*test* those backups, right?

Attachment: _bin
Description:

Current thread:

CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Chad Tracy (Apr 30)
- Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
  - Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
    - Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Adam Menos (Apr 30)
- Re: CIS vs NIST Simanovich, Roman (Apr 30)
  - Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
    - Re: [External Sender] Re: [SECURITY] CIS vs NIST Edgmand, Craig (Apr 30)
- Re: CIS vs NIST Menne, Michael S (Apr 30)
  - Re: CIS vs NIST Valdis Kletnieks (Apr 30)
    - Re: CIS vs NIST Bridges, Robert A. (Apr 30)
    - Re: CIS vs NIST Valdis Kletnieks (Apr 30)
    - Re: CIS vs NIST Bridges, Robert A. (Apr 30)
    - Re: CIS vs NIST Kevin Wilcox (May 02)
    - Re: CIS vs NIST Bridges, Robert A. (May 03)
    - Re: CIS vs NIST Kevin Wilcox (May 03)
- Re: CIS vs NIST randy (Apr 30)
- Re: CIS vs NIST Penn, Blake C (Apr 30)
- <Possible follow-ups>
- Re: CIS vs NIST Mark Corlew (May 21)
  - Re: [External] Re: [SECURITY] CIS vs NIST Bennett, Daniel (May 21)

(Thread continues...)