Educause Security Discussion mailing list archives
Re: Security Program: NIST, ISO, other?
From: "Payne, Shirley (scp8b)" <scp8b () VIRGINIA EDU>
Date: Fri, 18 Jan 2013 17:56:16 +0000
The University of Virginia's security program is aligned with ISO and incorporates regulatory requirements and best practices from other sources as well. The text below is copied from our formal policy concerning this issue: "The University's information technology security program is based upon best practices recommended in the "Code of Practice for Information Security Management" published by the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC 27002), appropriately tailored to the specific circumstances of the University. The program also incorporates security requirements of applicable regulations, such as the Family Educational Rights and Privacy Act, Gramm-Leach-Bliley Act and Health Insurance Portability and Accountability Act. Professional organizations, such as the national EDUCAUSE Association and the Virginia Alliance for Secure Computing and Networking, serve as resources for additional effective security practices." -Shirley Shirley C. Payne, CISSP, CRISC Assistant VP for Information Security, Policy, and Records University of Virginia (434) 924-4165 [cid:FCEA3AF2-5991-44D7-AB6A-8E13A378896E] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wright, A J (A. J.) Sent: Thursday, January 17, 2013 9:37 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Security Program: NIST, ISO, other? Hello all, At the University of Tennessee, our security program is based on the NIST 800 Series special publications rather than ISO 27001. While we don't claim to implement 100% of it (it wouldn't be appropriate,) we're making heavy use of FIPS199, 800-37, 800-53, 800-66, etc. I've had staff calling and emailing around asking this, but I figured I'd ask this list also: what is your school's security program based on? Thanks, ajw -- A. J. Wright Chief Information Security Officer University of Tennessee - System Administration 2309 Kingston Pike, Suite 131C Knoxville, TN 37996-1717 Phone: 865-974-0637 Email: ajw () tennessee edu<mailto:ajw () tennessee edu>
Current thread:
- Re: Security Program: NIST, ISO, other?, (continued)
- Re: Security Program: NIST, ISO, other? Alan (Jan 17)
- Re: Security Program: NIST, ISO, other? Christopher Jones (Jan 17)
- Re: Security Program: NIST, ISO, other? Lorenz, Eva (Jan 17)
- Re: Security Program: NIST, ISO, other? Shamblin, Quinn (Jan 17)
- Re: Security Program: NIST, ISO, other? Valerie Vogel (Jan 17)
- Re: Security Program: NIST, ISO, other? Lorenz, Eva (Jan 17)
- Re: Security Program: NIST, ISO, other? Steven Alexander (Jan 17)
- Re: Security Program: NIST, ISO, other? Dan Sarazen (Jan 17)
- Re: Security Program: NIST, ISO, other? Blake Penn (Jan 18)
- Re: Security Program: NIST, ISO, other? Stephen C. Gay (Jan 17)
- Re: Security Program: NIST, ISO, other? Davis, Thomas R (Jan 18)
- Re: Security Program: NIST, ISO, other? Payne, Shirley (scp8b) (Jan 18)