Re: Security Frameworks

["Snook, Allen" <asnook () MESSIAH EDU>]

Thanks so much this is great information.


Regards,

Allen A. Snook
ITS Security Analyst
[cid:image002.png@01D30B7E.0621A750]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy
Sent: Monday, November 20, 2017 6:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Frameworks


We use ISO 27000 as our high level security strategy. We're using the 20 Critical Security Controls 
(https://www.cisecurity.org/controls/) as the operational plan for achieving the ISO control areas. I've attached a 
spreadsheet that maps the 20 controls to ISO 27000, NIST 800-53, and a whole bunch of other national and international 
standards. That spreadsheet and 2 others on the Critical Controls are at 
http://www.auditscripts.com/free-resources/critical-security-controls/.
Hope this helps.
-Randy Marchany
VA Tech IT Security Office and Lab

On Mon, Nov 20, 2017 at 4:09 PM, Snook, Allen <asnook () messiah edu<mailto:asnook () messiah edu>> wrote:
Fellow security minded colleagues,

With the vast list of security frameworks to choose from, ISO/IEC 27000, COBIT 5, NIST SP 800-53, ITIL to name a few,  
I have been tasked to find the best one to use for our institution.  I thought it might be a good idea to see what 
other institutions are using and why.

I leaning toward ISO/IEC 27000 series because of federal grants, and PCI requirements.  Thoughts?

Regards,

Allen A. Snook
ITS Security Analyst
[cid:image002.png@01D30B7E.0621A750]
One College Avenue Suite 3055
Mechanicsburg PA 17055
Tel: (717) 796-5300 x6790<tel:(717)%20796-5300>
Fax: (717) 796-5246<tel:(717)%20796-5246>
Cell: (717) 439-0025<tel:(717)%20439-0025>