Educause Security Discussion mailing list archives
Re: What security framework are you using, and why?
From: "Foss, Henry L." <fossh () SACREDHEART EDU>
Date: Fri, 17 Sep 2021 19:56:06 +0000
Hi Vince, Great question and thanks for putting it out there. We are focusing on the 18 CIS Controls. Here's a link<https://www.cisecurity.org/controls/cis-controls-list/> that gives you the list and access to download workbooks. We decided on CIS because the standards are reviewed regularly, and specifically focuses on IT Security. Plus it's an international organization (vs. NIST which is only U.S.), and it is not restricted to gov't standards (like NIST is). We have a lot of respect for NIST but find CIS to be much more detailed and actionable for our environment. Thank you Hank Foss Manager of Security Infrastructure CISSP, GPEN, CCNA Sacred Heart University West Campus WCW*W3I302 Office: (203) 396-8279 Mobile: (203) 295-1356 [cid:image001.png@01D7ABDB.E59B32A0] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Vince Bonura Sent: Friday, September 17, 2021 2:40 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] What security framework are you using, and why? Hello again! With the vast list of security frameworks to choose from, ISO/IEC 27000, COBIT 5, NIST SP 800-53, ITIL to name a few, I have been tasked to find the best one to use for our institution. I thought it might be a good idea to see what other institutions are using and why. I would be interested in knowing if you have a case study or a weblink that explains the reasoning for your selection. We have tried a number over the last 15 years and while we thought NIST 800-53 was the right choice, we find that it doesn't accurately align with our school. Last year a consultant firm we hired for a NIST 800-171 gap assessment, recommended NIST CSF. So, we're working through the crosswalk exercise and thought we should reach out to our higher education colleagues for your feedback. Don't be shy! Thanks in advance! Vince Bonura IT Risk Analyst Fordham University (718) 817-1875 The sender of this email is external to Sacred Heart University. Do not click any links unless you know and trust the sender. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- What security framework are you using, and why? Vince Bonura (Sep 17)
- Re: What security framework are you using, and why? Barton, Robert W. (Sep 17)
- Re: What security framework are you using, and why? Jay Gallman (Sep 17)
- Re: What security framework are you using, and why? John Virden (Sep 17)
- Re: What security framework are you using, and why? Christian Schreiber (Sep 17)
- Re: What security framework are you using, and why? Blake Penn (Sep 17)
- Re: What security framework are you using, and why? Foss, Henry L. (Sep 17)
- Re: What security framework are you using, and why? Uday Kiran (Sep 18)
- Re: What security framework are you using, and why? Barton, Robert W. (Sep 17)