Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Program: NIST, ISO, other?

From: "Stephen C. Gay" <sgay () KENNESAW EDU>
Date: Thu, 17 Jan 2013 12:03:17 -0500
Kennesaw State University utilizes ISO27002 while also incorporating the metric requirements included in CoBIT. We have 
just recently started looking into incorporating the SANS 20 Critical Controls.

Stephen C Gay CISSP CISA
ITS Associate Director - Information Security Office
KSU Information Security Officer
Kennesaw State University
sgay () kennesaw edu

----- Original Message -----
From: "A J Wright (A. J.)" <ajw () TENNESSEE EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Thursday, January 17, 2013 9:36:30 AM
Subject: [SECURITY] Security Program: NIST, ISO, other?




Hello all,



At the University of Tennessee, our security program is based on the NIST 800 Series special publications rather than 
ISO 27001. While we don’t claim to implement 100% of it (it wouldn’t be appropriate,) we’re making heavy use of 
FIPS199, 800-37, 800-53, 800-66, etc.



I’ve had staff calling and emailing around asking this, but I figured I’d ask this list also: what is your school’s 
security program based on?



Thanks,

ajw

--

A. J. Wright
Chief Information Security Officer



University of Tennessee – System Administration
2309 Kingston Pike, Suite 131C
Knoxville, TN 37996-1717
Phone: 865-974-0637

Email: ajw () tennessee edu
Previous By Date Next
Previous By Thread Next

Current thread: