Educause Security Discussion mailing list archives

Re: ISO 27000

From: Chris Bennett <bennetc () LCC EDU>
Date: Fri, 15 Jan 2010 11:15:52 -0500

Lansing Community College has adopted the ISO 27000 standards as a model for organizing the security program.  I use an 
online application (TruArx) then to measure against that standard to prioritize my activities and to justify the 
control requirements.  I also can report on progress made each year by domain.

Chris Bennett, GSNA, GSEC

Director of Information Security

Lansing Community College

517-483-5264 (O)  517-483-1758 (F)

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leilani 
Lauger
Sent: Thursday, January 14, 2010 3:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ISO 27000

 

We are trying to gather information about how our peers are using the ISO 27000 standards.  Is anyone using standards 
to formally evaluate a security program or as a framework for building a new program?  Are they being used as a 
complete body of work or to inform individual aspects of a security program?

 

We appreciate any feedback.

 

Thank you,

 

Leilani Lauger

Information Security Officer

Loyola University Chicago

773.508.6086

llauger () luc edu

Current thread:

ISO 27000 Leilani Lauger (Jan 14)
- <Possible follow-ups>
- Re: ISO 27000 Lorenz, Eva (Jan 14)
- Re: ISO 27000 Scott Sweren (Jan 15)
- Re: ISO 27000 Davis, Thomas R (Jan 15)
- Re: ISO 27000 Payne, Shirley (scp8b) (Jan 15)
- Re: ISO 27000 Drews, Jane E (Jan 15)
- Re: ISO 27000 Chris Bennett (Jan 15)
- Re: ISO 27000 Heidi Wachs (Jan 15)
- Re: ISO 27000 Alex Brown (Jan 15)
- Re: ISO 27000 Hugh Burley (Jan 18)
- Re: ISO 27000 Lorenz, Eva (Jan 19)