Educause Security Discussion mailing list archives

Re: Integrating security in IT processes

From: "McCrary, Barbara" <bmccrary () OSRHE EDU>
Date: Tue, 13 Nov 2012 23:25:44 +0000

The  SANs 20 critical controls are concise and a quick way to start moving forward on formalization, all the while  
implementing quick fixes along the way.  The key controls have been incorporated into to FISMA as a centerpiece for 
government and large enterprise security programs but they are very scalable.  The emphasis on automation makes them 
even more effective.

http://www.sans.org/critical-security-controls/

Another source?  NIST, particularly, NIST National Checklist Repository which provides updated installation 
administrative, security and device hardening checklists for a variety of systems. Granted, you may not intend to 
harden to DoD standards, but along with the now built-in security automation goals and how-to guidance, you get some 
nice base checklists to use but it does take a bit more digging and effort.
Barbara McCrary
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+
bmccrary () osrhe edu<mailto:bmccrary () osrhe edu>

Protecting data is a shared responsibility!

INSTALL antivirus and antispyware software.
USE strong passwords.
KNOW who you are dealing with online.
STORE confidential and sensitive data on encrypted devices only.
SHUT DOWN home computers or disconnect from the Internet when not in use.

Oklahoma State Regents for Higher Education
655 Research Parkway
Suite 200
Oklahoma City, OK  73104
405 225.9316 office
405 234.4321 cell
405 234.4588 fax

Note:  This communication and attachments, if any, are intended solely for the use of the addressee hereof.  In 
addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt 
from disclosure under applicable law, including, but not limited to, the Privacy Act of 1974.  If you are not the 
intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, 
disseminating, or otherwise using this information.  If you have received this message in error, please promptly notify 
the sender and immediately, delete this communication from your system.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andy 
Scott
Sent: Tuesday, November 13, 2012 10:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Integrating security in IT processes

Hi,

I am looking at improving the integration of information security in IT processes (project development, maintenance, 
etc.). I am interested on what others have successfully done to improve the integration of security.

Thanks.
_________________
Andy Scott, CISSP
Information Security Officer, IT Services
British Columbia Institute of Technology
3700 Willingdon Ave, Burnaby, BC, V5G 3H2

Tel: 604-432-8683  Mobile: 778-928-2444
Email: andy_scott () bcit ca<mailto:andy_scott () bcit ca>  Web: bcit.ca/its/security

Current thread:

Integrating security in IT processes Andy Scott (Nov 13)
- Re: Integrating security in IT processes McCrary, Barbara (Nov 13)
  - Re: Integrating security in IT processes randy (Nov 13)
    - Re: Integrating security in IT processes Bob Bayn (Nov 14)
- Re: Integrating security in IT processes Brian J Smith-Sweeney (Nov 15)
  - Re: Integrating security in IT processes Manjak, Martin (Nov 15)