Educause Security Discussion mailing list archives
Re: Security Program: NIST, ISO, other?
From: "Shamblin, Quinn" <qrs () BU EDU>
Date: Thu, 17 Jan 2013 14:44:46 +0000
We do a combination of the various security best practices and standards. We evaluate our systems using NIST 800-53, etc. mainly because we do a lot of research for the government and they require data security and management plans based on those standards. But we run the larger program with inputs from ISO27001/2, NIST, COBIT, and even inputs from ITIL (or ISO 20000 if you prefer). We map our various policies to the standards/regulations that require that policy. I have a matrix (partially complete) that shows that mapping if you are interested. Quinn R Shamblin ------------------------------------------------------------------------------------------------ Executive Director of Information Security, Boston University CISM, CISSP, GCFA, PMP - O 617-358-6310 M 617-999-7523 Contact me securely: https://securecontact.me/qrs () bu edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wright, A J (A. J.) Sent: Thursday, January 17, 2013 9:37 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Security Program: NIST, ISO, other? Hello all, At the University of Tennessee, our security program is based on the NIST 800 Series special publications rather than ISO 27001. While we don't claim to implement 100% of it (it wouldn't be appropriate,) we're making heavy use of FIPS199, 800-37, 800-53, 800-66, etc. I've had staff calling and emailing around asking this, but I figured I'd ask this list also: what is your school's security program based on? Thanks, ajw -- A. J. Wright Chief Information Security Officer University of Tennessee - System Administration 2309 Kingston Pike, Suite 131C Knoxville, TN 37996-1717 Phone: 865-974-0637 Email: ajw () tennessee edu<mailto:ajw () tennessee edu>
Current thread:
- Security Program: NIST, ISO, other? Wright, A J (A. J.) (Jan 17)
- Re: Security Program: NIST, ISO, other? Shamblin, Quinn (Jan 17)
- Re: Security Program: NIST, ISO, other? mccalluq (Jan 17)
- Re: Security Program: NIST, ISO, other? McLaughlin, Bryan S. (Jan 17)
- Re: Security Program: NIST, ISO, other? Edgmand, Craig (Jan 17)
- Re: Security Program: NIST, ISO, other? Dan Sarazen (Jan 17)
- Re: Security Program: NIST, ISO, other? David Curry (Jan 17)
- Re: Security Program: NIST, ISO, other? Wright, A J (A. J.) (Jan 17)
- Re: Security Program: NIST, ISO, other? Valdis Kletnieks (Jan 18)
- Re: Security Program: NIST, ISO, other? Shamblin, Quinn (Jan 17)
- Re: Security Program: NIST, ISO, other? Shamblin, Quinn (Jan 17)