Re: ISO 27000

[Scott Sweren <ssweren () UDEL EDU>]

We are doing the same but are not as far in the process.  I am in the middle of performing the analysis at this point 
in time to determine what the gaps are.

Scott

Scott Sweren
Information Security Officer
University of Delaware
ssweren () udel edu 




On Jan 14, 2010, at 4:20 PM, Lorenz, Eva wrote:

> We performed an initial gap analysis to determine weaknesses in our existing controls, covered both by laws, policies 
> as well as procedures.
>
> As a starting point, 27001/2 are helpful to prioritize areas that need improvement and focus investments when budget 
> is too tight to address every aspect (and budget is always too tight).
>
> Please contact me off list, if you need additional information.
>
>  
>
> -       Eva
>  
>
>  
>
> Eva Lorenz
> ITS Security
> 2800 ITS Manning
> 211 Manning Dr
> CB3420
> Chapel Hill NC 27599
>  
>
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
> Leilani Lauger
> Sent: Thursday, January 14, 2010 3:42 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] ISO 27000
>  
>
> We are trying to gather information about how our peers are using the ISO 27000 standards.  Is anyone using standards 
> to formally evaluate a security program or as a framework for building a new program?  Are they being used as a 
> complete body of work or to inform individual aspects of a security program?
>  
> We appreciate any feedback.
>  
> Thank you,
>  
> Leilani Lauger
> Information Security Officer
> Loyola University Chicago
> 773.508.6086
> llauger () luc edu