Educause Security Discussion mailing list archives
Building a Standards-Based Information Security Program
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Fri, 6 Jun 2008 11:35:02 -0600
The Security Task Force is considering the organization of our efforts (e.g., effective practices guide, conference program tracks, working groups, etc.) around some categories that easily map to existing information security standards or related frameworks (ISO 27002/17799, NIST, COBIT, ITIL, ISC2 Common Body of Knowledge, etc.) We would like to hear from any institutions who have built their information security program around such a standard or framework. We are especially interested to learn if you have already gone to the effort to create a matrix of the different standards or frameworks - perhaps coming up with your own generalized categories. For an example of similar mappings, see: Appendix G of NIST Special Publication 800-53, Security Control Mappings: Relationship of Security Controls to Other Standards and Control Sets: http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2-fin al.pdf Virginia Alliance for Secure Computing And Networking (VA SCAN): http://www.vascan.org/resources/index.html Therefore, I would like to request that you reply to the list (if you have something to share that everyone would benefit from learning more about) or contact me directly if you have built a standards-based information security program and are willing to share you story, including any relevant documentation or links. Thanks, -Rodney -------------------------------------------------- Rodney J. Petersen, J.D. Government Relations Officer & Security Task Force Coordinator EDUCAUSE 1150 18th Street, N.W., Suite 1010 Washington, D.C. 20036 (202) 331-5368 / (202) 872-4200 (202) 872-4318 (FAX) EDUCAUSE/Internet2 Security Task Force www.educause.edu/security --------------------------------------------------
Current thread:
- Building a Standards-Based Information Security Program Rodney Petersen (Jun 06)