Educause Security Discussion mailing list archives

Re: security management techniques

From: Tammy Lynn Clark <tlclark () GSU EDU>
Date: Thu, 14 Jun 2012 17:07:50 +0000

We standardized under the ISO 27000 series (they have standards around building an effective information security 
management program based on evaluating risks, best practices for controls integration, how to develop a standardized 
approach to risk management, etc.)  They aren't free of charge but there are ways to get the costs reduced.  Feel free 
to contact me directly if interested.  The ISO 27000 is a comprehensive approach (people, process and technology) and 
you can then layer in other standards such as NIST or COBIT, based on your needs.

Take a look at the HEISC Information Security Guide doing searches and looking at the chapters there will lead  you to 
a multitude of resources to examine...  www.educause.edu/security/guide

Best regards!

Tammy L. Clark, CISSP, CISM, CISA, HISP, CRISC, PMP
Chief Information Security Officer
Information Security Coordination
tlclark () gsu edu<mailto:tlclark () gsu edu>
404-413-4509

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn 
Kohrman
Sent: Thursday, June 14, 2012 12:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] security management techniques

Since we are starting to build our program here, we are looking at COBIT, ISO 27001, and NIST for possible 
implementation.

In reviewing them, I think we're most likely to move towards the ISO 27001 series.  However, we're still investigating.

Shawn
-----
Shawn A. Kohrman, Security Architect
Azusa Pacific University
Information & Media Technology
901 E. Alosta Ave., PO Box 7000
Azusa, CA 91702-7000

P:  626.815.2054 | F:  626.815.2061 | http://www.apu.edu/
-----


On Wed, Jun 13, 2012 at 9:09 PM, David Pirolo <webmaster () warnerpacific edu<mailto:webmaster () warnerpacific edu>> 
wrote:
Just wondering if any other schools have standardized on any of these
security management techniques.
ISO 17799 / 27001, COBIT, NIST, ENISA, OASIS, OWASP, etc.

If so, I'd be interested in your feedback of such.  Unless I'm grossly
missing something, it seems like one has to pay to get the ISO standards
from ISO.org/ANSI.  That doesn't make sense...

-David

Current thread:

Nginx vs. Apache2 for web service Aaron Hockett (Jun 12)
- Re: Nginx vs. Apache2 for web service John Ladwig (Jun 12)
  - security management techniques David Pirolo (Jun 14)
    - Re: security management techniques Stephen C. Gay (Jun 14)
    - Re: security management techniques Dan Sarazen (Jun 14)
    - Re: security management techniques Wright, A J (A. J.) (Jun 14)
    - Re: security management techniques Dan Sarazen (Jun 14)
    - Re: security management techniques Wright, A J (A. J.) (Jun 14)
    - Re: security management techniques Carlos Lobato (Jun 14)
    - Re: security management techniques Shawn Kohrman (Jun 14)
    - Re: security management techniques Tammy Lynn Clark (Jun 14)
    - Re: security management techniques David Pirolo (Jun 14)
    - Re: security management techniques Carson, Larry (Jun 14)
    - Re: security management techniques Louis Arminio (Jun 15)
    - Re: security management techniques Kalal, Robert (Bob) (Jun 15)
    - Re: security management techniques Doug Markiewicz (Jun 18)
    - Re: security management techniques Doug Markiewicz (Jun 18)
    - Re: security management techniques David Pirolo (Jun 18)