Educause Security Discussion mailing list archives
Re: Using ISO 27002 as your Official Policy?
From: Stewart James <Stewart.James () VU EDU AU>
Date: Tue, 18 Jan 2011 22:08:33 +0000
Hi Daniel, If memory serves correctly policies can be layered. So in theory you can have a high level policy, then a faculty/department policy and then even a system specific policy. This requires that some central authority take responsibility for managing and even auditing in a decentralised environment. Cheers, Stewart From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sarazen, Daniel Sent: Wednesday, 19 January 2011 4:37 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Using ISO 27002 as your Official Policy? Hi All. Have any of you started to use ISO 27002 as official policy over IT controls? If so, how did you handle the controls regarding Internal Organization (6.1) ? As decentralized as we are, we're finding complications and I'd be appreciative if anyone who's solved this problem already could share their approach/solution. Thanks, [Description: http://media.umassp.edu/pix/mail/umass.gif] :: Daniel Sarazen, CISSP, CISA :: Senior Information Technology Auditor :: University Internal Audit :: University of Massachusetts President's Office :: 774-455-7558 :: 781-724-3377 Cell :: 774-455-7550 Fax :: Dsarazen () umassp edu<mailto:Dsarazen () umassp edu> University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA 01545 : www.massachusetts.edu<http://www.massachusetts.edu/> This email, including any attachment, is intended solely for the use of the intended recipient. It is confidential and may contain personal information or be subject to legal professional privilege. If you are not the intended recipient any use, disclosure, reproduction or storage of it is unauthorised. If you have received this email in error, please advise the sender via return email and delete it from your system immediately. Victoria University does not warrant that this email is free from viruses or defects and accepts no liability for any damage caused by such viruses or defects.
Current thread:
- Using ISO 27002 as your Official Policy? Sarazen, Daniel (Jan 18)
- Re: Using ISO 27002 as your Official Policy? Stewart James (Jan 18)
- Re: Using ISO 27002 as your Official Policy? Greg Schaffer (Jan 18)
- Re: Using ISO 27002 as your Official Policy? Stewart James (Jan 18)