Educause Security Discussion mailing list archives

Re: ISO 27000

From: "Lorenz, Eva" <evalorenz () UNC EDU>
Date: Thu, 14 Jan 2010 16:20:05 -0500

We performed an initial gap analysis to determine weaknesses in our existing controls, covered both by laws, policies 
as well as procedures.
As a starting point, 27001/2 are helpful to prioritize areas that need improvement and focus investments when budget is 
too tight to address every aspect (and budget is always too tight).
Please contact me off list, if you need additional information.


-       Eva


Eva Lorenz
ITS Security
2800 ITS Manning
211 Manning Dr
CB3420
Chapel Hill NC 27599

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leilani 
Lauger
Sent: Thursday, January 14, 2010 3:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ISO 27000

We are trying to gather information about how our peers are using the ISO 27000 standards.  Is anyone using standards 
to formally evaluate a security program or as a framework for building a new program?  Are they being used as a 
complete body of work or to inform individual aspects of a security program?

We appreciate any feedback.

Thank you,

Leilani Lauger
Information Security Officer
Loyola University Chicago
773.508.6086
llauger () luc edu

Current thread:

ISO 27000 Leilani Lauger (Jan 14)
- <Possible follow-ups>
- Re: ISO 27000 Lorenz, Eva (Jan 14)
- Re: ISO 27000 Scott Sweren (Jan 15)
- Re: ISO 27000 Davis, Thomas R (Jan 15)
- Re: ISO 27000 Payne, Shirley (scp8b) (Jan 15)
- Re: ISO 27000 Drews, Jane E (Jan 15)
- Re: ISO 27000 Chris Bennett (Jan 15)
- Re: ISO 27000 Heidi Wachs (Jan 15)
- Re: ISO 27000 Alex Brown (Jan 15)
- Re: ISO 27000 Hugh Burley (Jan 18)
- Re: ISO 27000 Lorenz, Eva (Jan 19)