Educause Security Discussion mailing list archives

Re: ISO 27000

From: "Davis, Thomas R" <tdavis () IU EDU>
Date: Fri, 15 Jan 2010 08:50:34 -0500

Our Information Security and Privacy Program[1] is based on the ISO standards.  It's a work in progress (i.e., some 
domains are lacking information), but it shows the direction we're heading.

 [1] http://informationsecurity.iu.edu/program/ 
 
--
Tom Davis, CISSP, CISM
Chief Information Security Officer
Information and Infrastructure Assurance
Office of the VP for Information Technology and CIO
Indiana University
https://informationsecurity.iu.edu/Tom_Davis

On Jan 14, 2010, at 3:42 PM, Leilani Lauger wrote:

We are trying to gather information about how our peers are using the ISO 27000 standards.  Is anyone using standards 
to formally evaluate a security program or as a framework for building a new program?  Are they being used as a 
complete body of work or to inform individual aspects of a security program?
 
We appreciate any feedback.
 
Thank you,
 
Leilani Lauger
Information Security Officer
Loyola University Chicago
773.508.6086
llauger () luc edu

Current thread:

ISO 27000 Leilani Lauger (Jan 14)
- <Possible follow-ups>
- Re: ISO 27000 Lorenz, Eva (Jan 14)
- Re: ISO 27000 Scott Sweren (Jan 15)
- Re: ISO 27000 Davis, Thomas R (Jan 15)
- Re: ISO 27000 Payne, Shirley (scp8b) (Jan 15)
- Re: ISO 27000 Drews, Jane E (Jan 15)
- Re: ISO 27000 Chris Bennett (Jan 15)
- Re: ISO 27000 Heidi Wachs (Jan 15)
- Re: ISO 27000 Alex Brown (Jan 15)
- Re: ISO 27000 Hugh Burley (Jan 18)
- Re: ISO 27000 Lorenz, Eva (Jan 19)