Educause Security Discussion mailing list archives
Re: security management techniques
From: Doug Markiewicz <doug () CMU EDU>
Date: Mon, 18 Jun 2012 20:31:33 +0000
At Carnegie Mellon we leverage ISO, NIST, COBIT and others at different times for different reasons. More recently we have been looking at the Resiliency Management Model, which is a model for operational process improvement that brings together information security, business continuity and IT operations to help organizations achieve operational resilience. It's not a security management framework, but it's worth a look. http://www.cert.org/resilience/rmm.html
I thought I'd correct my previous statement about the Resiliency Management Model being used as a security management framework. What I should have said is that it's not a prescriptive code of practice like ISO 27002 and NIST 800-53, but it could certainly be used as a security management framework. There is a crosswalk to ISO 27002, COBIT, PCI DSS and other standards available as well. Didn't want to misrepresent things.
Current thread:
- Re: security management techniques, (continued)
- Re: security management techniques Dan Sarazen (Jun 14)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Carlos Lobato (Jun 14)
- Re: security management techniques Shawn Kohrman (Jun 14)
- Re: security management techniques Tammy Lynn Clark (Jun 14)
- Re: security management techniques David Pirolo (Jun 14)
- Re: security management techniques Carson, Larry (Jun 14)
- Re: security management techniques Louis Arminio (Jun 15)
- Re: security management techniques Kalal, Robert (Bob) (Jun 15)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques David Pirolo (Jun 18)