Educause Security Discussion mailing list archives
Re: security management techniques
From: "Carson, Larry" <larry.carson () UBC CA>
Date: Thu, 14 Jun 2012 18:23:05 +0000
UBC has standardised under ISO 27000 as well. We're taking a phased approach of slowly adding in specific controls from 27000 over a period of years to gradually move towards a better culture of security. We're doing it on a risk basis by doing regular gap analysis against systemic issues at the university vs. the controls in 27000. We are also leveraging Educause resources as well as other institutions efforts in 27000 for policy. Regards, Larry Carson Associate Director, Information Security Management, UBC -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Pirolo Sent: June-14-12 10:52 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] security management techniques Hi Tammy,
From what I'm seeing in this conversation, the 27000 series is where people are heading. I'm interested in finding out how to get the discount. We aren't exactly a large institution and I'd be hard pressed to get an approval on purchasing content without seeing it first. I'm also going to look over the educause info you suggested as well.
Thanks, David Pirolo On Thu, 2012-06-14 at 17:07 +0000, Tammy Lynn Clark wrote:
We standardized under the ISO 27000 series (they have standards around building an effective information security management program based on evaluating risks, best practices for controls integration, how to develop a standardized approach to risk management, etc.) They aren’t free of charge but there are ways to get the costs reduced. Feel free to contact me directly if interested. The ISO 27000 is a comprehensive approach (people, process and technology) and you can then layer in other standards such as NIST or COBIT, based on your needs. Take a look at the HEISC Information Security Guide doing searches and looking at the chapters there will lead you to a multitude of resources to examine… www.educause.edu/security/guide Best regards! Tammy L. Clark, CISSP, CISM, CISA, HISP, CRISC, PMP Chief Information Security Officer Information Security Coordination tlclark () gsu edu 404-413-4509
Attachment:
smime.p7s
Description:
Current thread:
- security management techniques, (continued)
- security management techniques David Pirolo (Jun 14)
- Re: security management techniques Stephen C. Gay (Jun 14)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Carlos Lobato (Jun 14)
- security management techniques David Pirolo (Jun 14)
- Re: security management techniques Shawn Kohrman (Jun 14)
- Re: security management techniques Tammy Lynn Clark (Jun 14)
- Re: security management techniques David Pirolo (Jun 14)
- Re: security management techniques Carson, Larry (Jun 14)
- Re: security management techniques Louis Arminio (Jun 15)
- Re: security management techniques Kalal, Robert (Bob) (Jun 15)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques David Pirolo (Jun 18)