Educause Security Discussion mailing list archives
Re: Annual Security Report
From: "Sturgis, John (John Sturgis)" <jsturgis () UTK EDU>
Date: Mon, 6 Oct 2014 14:08:03 +0000
While researching this topic for a presentation, I found the linked materials helpful.
* Overview of the value/purpose of metrics
* Educause article, Cybersecurity: When Will We Know If What We Are Doing Is Working?
[http://www.educause.edu/ero/article/cybersecurity-when-will-we-know-if-what-we-are-doing-working]
* Guide to selecting which metrics
* CIS Quick Start Guide for CIS Consensus Security Metrics v1.0.0,
[http://benchmarks.cisecurity.org/downloads/show-single/?file=metrics_guide.100]
* The NIST approach to measuring security program maturity
* NISTIR 7358, Program Review for Information Security Management Assistance (PRISMA)
[http://www.nist.gov/customcf/get_pdf.cfm?pub_id=50907]
John P. Sturgis
Audit and Consulting Services
The University of Tennessee
On Oct 6, 2014, at 9:33 AM, Dan Sarazen <dsarazen () BRANDEIS EDU<mailto:dsarazen () BRANDEIS EDU>> wrote:
Good Morning All,
I have a school that wants to develop an annual IT Security report for Audit Committee, but isn't sure what they want
in the report. Has anyone out there developed an annual security report and already has chosen their metrics? If anyone
has a template for their report that they are willing to share, it would be appreciated.
Many Thanks,
Dan Sarazen
Sr. IT Auditor
The Boston Consortium for Higher Education
Dsarazen () boston-consortium org<mailto:Dsarazen () boston-consortium org>
781-296-4444
Current thread:
- Annual Security Report Dan Sarazen (Oct 06)
- Re: Annual Security Report Sturgis, John (John Sturgis) (Oct 06)
- Re: Annual Security Report Nick Lewis (Oct 06)
- Re: Annual Security Report Sturgis, John (John Sturgis) (Oct 06)