Educause Security Discussion mailing list archives

Re: ISO 27000

From: "Payne, Shirley (scp8b)" <scp8b () VIRGINIA EDU>
Date: Fri, 15 Jan 2010 10:40:24 -0500

Leilani,
The University of Virginia's information security program is based primarily upon the ISO 27002 standard and we are 
audited against the standard. The policy that authorizes alignment with ISO 27002 is posted at 
https://policy.itc.virginia.edu/policy/policydisplay?id=IRM-011.
-Shirley
Shirley C. Payne, CISSP
Assistant Vice President for Information Security, Policy, and Records
University of Virginia
P.O. Box 400898
2400 Old Ivy Road, Room 166
Charlottesville, Virginia 22904-4898
(434) 924-4165
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leilani 
Lauger
Sent: Thursday, January 14, 2010 3:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ISO 27000

We are trying to gather information about how our peers are using the ISO 27000 standards.  Is anyone using standards 
to formally evaluate a security program or as a framework for building a new program?  Are they being used as a 
complete body of work or to inform individual aspects of a security program?

We appreciate any feedback.

Thank you,

Leilani Lauger
Information Security Officer
Loyola University Chicago
773.508.6086
llauger () luc edu

Current thread:

ISO 27000 Leilani Lauger (Jan 14)
- <Possible follow-ups>
- Re: ISO 27000 Lorenz, Eva (Jan 14)
- Re: ISO 27000 Scott Sweren (Jan 15)
- Re: ISO 27000 Davis, Thomas R (Jan 15)
- Re: ISO 27000 Payne, Shirley (scp8b) (Jan 15)
- Re: ISO 27000 Drews, Jane E (Jan 15)
- Re: ISO 27000 Chris Bennett (Jan 15)
- Re: ISO 27000 Heidi Wachs (Jan 15)
- Re: ISO 27000 Alex Brown (Jan 15)
- Re: ISO 27000 Hugh Burley (Jan 18)
- Re: ISO 27000 Lorenz, Eva (Jan 19)