Educause Security Discussion mailing list archives
Re: security management techniques
From: David Pirolo <webmaster () WARNERPACIFIC EDU>
Date: Mon, 18 Jun 2012 13:59:12 -0700
Thank you all for the great feedback. From what I understand about the 27000 series, it tends to emphasize the business continuity and disaster recovery, but is a bit less stringent on encryption and human resources. To be fair, I haven't actually seen the standards to make that judgment myself; it's just what I have read. If you are using the 27000 series for your overarching plan, how are you adjusting for potential discrepancies? -David On Mon, 2012-06-18 at 20:31 +0000, Doug Markiewicz wrote:
At Carnegie Mellon we leverage ISO, NIST, COBIT and others at different times for different reasons. More recently we have been looking at the Resiliency Management Model, which is a model for operational process improvement that brings together information security, business continuity and IT operations to help organizations achieve operational resilience. It's not a security management framework, but it's worth a look. http://www.cert.org/resilience/rmm.htmlI thought I'd correct my previous statement about the Resiliency Management Model being used as a security management framework. What I should have said is that it's not a prescriptive code of practice like ISO 27002 and NIST 800-53, but it could certainly be used as a security management framework. There is a crosswalk to ISO 27002, COBIT, PCI DSS and other standards available as well. Didn't want to misrepresent things.
Current thread:
- Re: security management techniques, (continued)
- Re: security management techniques Wright, A J (A. J.) (Jun 14)
- Re: security management techniques Carlos Lobato (Jun 14)
- Re: security management techniques Shawn Kohrman (Jun 14)
- Re: security management techniques Tammy Lynn Clark (Jun 14)
- Re: security management techniques David Pirolo (Jun 14)
- Re: security management techniques Carson, Larry (Jun 14)
- Re: security management techniques Louis Arminio (Jun 15)
- Re: security management techniques Kalal, Robert (Bob) (Jun 15)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques Doug Markiewicz (Jun 18)
- Re: security management techniques David Pirolo (Jun 18)