Educause Security Discussion mailing list archives

Re: security management techniques

From: Doug Markiewicz <doug () CMU EDU>
Date: Mon, 18 Jun 2012 20:31:33 +0000

At Carnegie Mellon we leverage ISO, NIST, COBIT and others at different
times for different reasons. More recently we have been looking at the
Resiliency Management Model, which is a model for operational process
improvement that brings together information security, business continuity
and IT operations to help organizations achieve operational resilience.
It's not a security management framework, but it's worth a look.

http://www.cert.org/resilience/rmm.html


I thought I'd correct my previous statement about the Resiliency Management Model being used as a security management 
framework. What I should have said is that it's not a prescriptive code of practice like ISO 27002 and NIST 800-53, but 
it could certainly be used as a security management framework. There is a crosswalk to ISO 27002, COBIT, PCI DSS and 
other standards available as well. Didn't want to misrepresent things.

Current thread:

Re: security management techniques, (continued)
- - - Re: security management techniques Dan Sarazen (Jun 14)
    - Re: security management techniques Wright, A J (A. J.) (Jun 14)
    - Re: security management techniques Carlos Lobato (Jun 14)
    - Re: security management techniques Shawn Kohrman (Jun 14)
    - Re: security management techniques Tammy Lynn Clark (Jun 14)
    - Re: security management techniques David Pirolo (Jun 14)
    - Re: security management techniques Carson, Larry (Jun 14)
    - Re: security management techniques Louis Arminio (Jun 15)
    - Re: security management techniques Kalal, Robert (Bob) (Jun 15)
    - Re: security management techniques Doug Markiewicz (Jun 18)
    - Re: security management techniques Doug Markiewicz (Jun 18)
    - Re: security management techniques David Pirolo (Jun 18)