Educause Security Discussion mailing list archives

Re: What security framework are you using, and why?

From: Uday Kiran <ukiran () HCT AC AE>
Date: Sun, 19 Sep 2021 04:25:03 +0000

Although a few emails I observed mentioning NIST 800-171, I would also recommend to go through CIS 18 
controls<https://www.auditscripts.com/free-resources/critical-security-controls/> they are based 
CMMC<https://www.acq.osd.mil/cmmc/>, Collective Control Catalog<https://www.auditscripts.com/?attachment_id=4609> and 
CSF<https://www.nist.gov/cyberframework> which brings more confidence amongst Senior Management.

I have pasted useful link in the respective place holders.

Regards,

Uday Kiran
Snr Spl – Information Security
Office of Dir. Digital Technologies

اوداي كيران

أخصائي أول - أمن المعلومات

تكنولوجيا المعلومات



[Main logo]

Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates



www.hct.ac.ae<http://www.hct.ac.ae>

[Facebook]<https://www.facebook.com/hctuae>

[Twitter]<https://twitter.com/HCT_UAE>

[Instagram]<https://www.instagram.com/HCT_UAE/>

[YouTube]<https://www.youtube.com/user/hctuae>




[https://cdn.hct.ac.ae/signature_logo/June2019.jpg]

[Enviromental] Please consider the environment before printing this email

This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.




Uday Kiran
Senior Specialist - Information Security
Office of Dir. Digital Technologies
اوداي كيران
أخصائي أول - أمن المعلومات
تكنولوجيا المعلومات


[Main logo]     Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026, Abu Dhabi, United Arab Emirates

        www.hct.ac.ae<http://www.hct.ac.ae>
[Facebook]<https://www.facebook.com/hctuae>     [Twitter] <https://twitter.com/HCT_UAE>         [Instagram] 
<https://www.instagram.com/HCT_UAE/>        [YouTube] <https://www.youtube.com/user/hctuae>


[https://cdn.hct.ac.ae/signature_logo/email_signature-healthy-hct.jpg]
[Enviromental]  Please consider the environment before printing this email
This Email and any attachments may contain HCT confidential and privileged information.If you are not the intended 
recipient, please notify the sender immediately by return email, delete this email and destroy any copies. Any 
dissemination or use of this information by a person other than the intended recipient is unauthorized and may be 
illegal. Unless otherwise stated, opinions expressed in this email are those of the author and are not endorsed by the 
author's employer.


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Vince Bonura
Sent: Friday, September 17, 2021 10:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] What security framework are you using, and why?

"External Email: This email is from 'external source'. If you see this as suspicious then please forward the email to 
infosec () hct ac ae and do not respond to this email"
________________________________
Hello again!

With the vast list of security frameworks to choose from, ISO/IEC 27000, COBIT 5, NIST SP 800-53, ITIL to name a few,  
I have been tasked to find the best one to use for our institution.  I thought it might be a good idea to see what 
other institutions are using and why.

I would be interested in knowing if you have a case study or a weblink that explains the reasoning for your selection.

We have tried a number over the last 15 years and while we thought NIST 800-53 was the right choice, we find that it 
doesn’t accurately align with our school. Last year a consultant firm we hired for a NIST 800-171 gap assessment, 
recommended NIST CSF.

So, we’re working through the crosswalk exercise and thought we should reach out to our higher education colleagues for 
your feedback.

Don’t be shy!

Thanks in advance!

Vince Bonura

IT Risk Analyst
Fordham University
(718) 817-1875



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.educause.edu%2Fcommunity__%3B!!Ejk_Ow!5bm5NuNi2Kp5e0fUADUgTpLEPgz7F1ynlgfNKva6Tri6vZbQeEdnvTGTHlOq8zk%24&data=04%7C01%7Cukiran%40HCT.AC.AE%7C6c24c6c0fc824b198c8d08d97a0a8c87%7C55488759d4c94a95ae92ada1488c4053%7C0%7C0%7C637675007997405730%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=CyQTDD7gOuQ1mnRz9g6u5WTiNExdvbC99%2BIXq8DS40Q%3D&reserved=0>

________________________________

The information in this email and any attachments are confidential and solely for the use of the individual or entity 
to whom it is addressed to and authorized to receive it. If you are not the intended recipient, be advised that you 
have received this email in error and that any use, disclosure, copying, distribution or taking any action in reliance 
on the content of this information is strictly prohibited and may be unlawful. If you have received this email in 
error, please delete along with any attachments and inform the Higher Colleges of Technology immediately at disclaimer 
() hct ac ae. We do not guarantee the integrity of any emails or attachments and are not responsible for any changes 
made to them by any other person.

تعتبر المعلومات الواردة في هذا البريد الإلكتروني وأياً من مرفقاته سرية وتخص المستلم المعني أو الاشخاص المصرح لهم 
باستلامه، فإذا لم تكن المستلم المقصود، فيرجى العلم بأنك قد استلمت هذا البريد الإلكتروني عن طريق الخطأ ويمنع منعاً باتاً 
الاستفادة منه أو افشاء محتواه أو توزيعه. وفي حال استلام بريد إلكتروني عن طريق الخطأ، يرجى حذفه مع مرفقاته وإخطار كليات 
التقنية العليا فوراً على البريد الإلكتروني التالي: disclaimer () hct ac ae. كما أننا لا نضمن سلامة أي بريد إلكتروني أو 
مرفقاته، ولسنا مسؤولين عن أية تعديلات عليها من قبل أي شخص آخر.

________________________________

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

What security framework are you using, and why? Vince Bonura (Sep 17)
- Re: What security framework are you using, and why? Barton, Robert W. (Sep 17)
  - Re: What security framework are you using, and why? Jay Gallman (Sep 17)
- Re: What security framework are you using, and why? John Virden (Sep 17)
- Re: What security framework are you using, and why? Christian Schreiber (Sep 17)
  - Re: What security framework are you using, and why? Blake Penn (Sep 17)
- Re: What security framework are you using, and why? Foss, Henry L. (Sep 17)
- Re: What security framework are you using, and why? Uday Kiran (Sep 18)