What security framework are you using, and why?

[Vince Bonura <vbonura () FORDHAM EDU>]

Hello again!

With the vast list of security frameworks to choose from, ISO/IEC 27000, COBIT 5, NIST SP 800-53, ITIL to name a few,  
I have been tasked to find the best one to use for our institution.  I thought it might be a good idea to see what 
other institutions are using and why.

I would be interested in knowing if you have a case study or a weblink that explains the reasoning for your selection.

We have tried a number over the last 15 years and while we thought NIST 800-53 was the right choice, we find that it 
doesn’t accurately align with our school. Last year a consultant firm we hired for a NIST 800-171 gap assessment, 
recommended NIST CSF.

So, we’re working through the crosswalk exercise and thought we should reach out to our higher education colleagues for 
your feedback.

Don’t be shy!

Thanks in advance!

Vince Bonura

IT Risk Analyst
Fordham University
(718) 817-1875



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community