Educause Security Discussion mailing list archives

Re: ISO 27000

From: Heidi Wachs <hlw9 () GEORGETOWN EDU>
Date: Fri, 15 Jan 2010 12:01:34 -0500

We are in the process of reviewing and updating many of our policies,
including our Security Policy.  We are using ISO 27002 as a guide in
this work and incorporating many of the elements, although not as a
strict framework.

When, eventually, these new policies make it all the way through the
drafting, vetting, and approval process, I'd be happy to share them. :)

Heidi



Leilani Lauger wrote:

We are trying to gather information about how our peers are using the
ISO 27000 standards.  Is anyone using standards to formally evaluate a
security program or as a framework for building a new program?  Are
they being used as a complete body of work or to inform individual
aspects of a security program?

We appreciate any feedback.

Thank you,

Leilani Lauger
Information Security Officer
Loyola University Chicago
773.508.6086
llauger () luc edu


--
Heidi L. Wachs, Esq.
Director of IT Policy and Privacy Officer
Office of Information Services
Georgetown University
Washington, DC
202-687-8571
hlw9 () georgetown edu

Current thread:

ISO 27000 Leilani Lauger (Jan 14)
- <Possible follow-ups>
- Re: ISO 27000 Lorenz, Eva (Jan 14)
- Re: ISO 27000 Scott Sweren (Jan 15)
- Re: ISO 27000 Davis, Thomas R (Jan 15)
- Re: ISO 27000 Payne, Shirley (scp8b) (Jan 15)
- Re: ISO 27000 Drews, Jane E (Jan 15)
- Re: ISO 27000 Chris Bennett (Jan 15)
- Re: ISO 27000 Heidi Wachs (Jan 15)
- Re: ISO 27000 Alex Brown (Jan 15)
- Re: ISO 27000 Hugh Burley (Jan 18)
- Re: ISO 27000 Lorenz, Eva (Jan 19)