Educause Security Discussion mailing list archives

Re: ISO 27000

From: "Drews, Jane E" <jane-drews () UIOWA EDU>
Date: Fri, 15 Jan 2010 09:50:50 -0600

Leilani,
Last year we revised and reorganized the description of our Information Security Program around the ISO 27002 standards 
and framework.  You can view what we've published at http://cio.uiowa.edu/itsecurity/resources/Infosec-Plan.shtml   It 
uses the top level organization, but it's a work in progress.   The EDUCAUSE Information Security Guide is also being 
updated and reorganized around the ISO standard.
Jane Drews, CISSP
Information Technology Security Officer
CIO Office, The University of Iowa
2800 University Capitol Centre
jane-drews () uiowa edu<mailto:jane-drews () uiowa edu> / 319-335-5537


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leilani 
Lauger
Sent: Thursday, January 14, 2010 2:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ISO 27000

We are trying to gather information about how our peers are using the ISO 27000 standards.  Is anyone using standards 
to formally evaluate a security program or as a framework for building a new program?  Are they being used as a 
complete body of work or to inform individual aspects of a security program?

We appreciate any feedback.

Thank you,

Leilani Lauger
Information Security Officer
Loyola University Chicago
773.508.6086
llauger () luc edu

Current thread:

ISO 27000 Leilani Lauger (Jan 14)
- <Possible follow-ups>
- Re: ISO 27000 Lorenz, Eva (Jan 14)
- Re: ISO 27000 Scott Sweren (Jan 15)
- Re: ISO 27000 Davis, Thomas R (Jan 15)
- Re: ISO 27000 Payne, Shirley (scp8b) (Jan 15)
- Re: ISO 27000 Drews, Jane E (Jan 15)
- Re: ISO 27000 Chris Bennett (Jan 15)
- Re: ISO 27000 Heidi Wachs (Jan 15)
- Re: ISO 27000 Alex Brown (Jan 15)
- Re: ISO 27000 Hugh Burley (Jan 18)
- Re: ISO 27000 Lorenz, Eva (Jan 19)