Educause Security Discussion mailing list archives
Using ISO 27002 as your Official Policy?
From: "Sarazen, Daniel" <dsarazen () UMASSP EDU>
Date: Tue, 18 Jan 2011 12:37:21 -0500
Hi All. Have any of you started to use ISO 27002 as official policy over IT controls? If so, how did you handle the controls regarding Internal Organization (6.1) ? As decentralized as we are, we're finding complications and I'd be appreciative if anyone who's solved this problem already could share their approach/solution. Thanks, [cid:image001.gif@01CBB70C.6BBEFB80] :: Daniel Sarazen, CISSP, CISA :: Senior Information Technology Auditor :: University Internal Audit :: University of Massachusetts President's Office :: 774-455-7558 :: 781-724-3377 Cell :: 774-455-7550 Fax :: Dsarazen () umassp edu<mailto:Dsarazen () umassp edu> University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA 01545 : www.massachusetts.edu<http://www.massachusetts.edu/>
Current thread:
- Using ISO 27002 as your Official Policy? Sarazen, Daniel (Jan 18)
- Re: Using ISO 27002 as your Official Policy? Stewart James (Jan 18)
- Re: Using ISO 27002 as your Official Policy? Greg Schaffer (Jan 18)
- Re: Using ISO 27002 as your Official Policy? Stewart James (Jan 18)