Educause Security Discussion mailing list archives
Re: Security Frameworks
From: "Snook, Allen" <asnook () MESSIAH EDU>
Date: Tue, 21 Nov 2017 13:59:00 +0000
Thanks so much this is great information. Regards, Allen A. Snook ITS Security Analyst [cid:image002.png@01D30B7E.0621A750] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy Sent: Monday, November 20, 2017 6:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security Frameworks We use ISO 27000 as our high level security strategy. We're using the 20 Critical Security Controls (https://www.cisecurity.org/controls/) as the operational plan for achieving the ISO control areas. I've attached a spreadsheet that maps the 20 controls to ISO 27000, NIST 800-53, and a whole bunch of other national and international standards. That spreadsheet and 2 others on the Critical Controls are at http://www.auditscripts.com/free-resources/critical-security-controls/. Hope this helps. -Randy Marchany VA Tech IT Security Office and Lab On Mon, Nov 20, 2017 at 4:09 PM, Snook, Allen <asnook () messiah edu<mailto:asnook () messiah edu>> wrote: Fellow security minded colleagues, With the vast list of security frameworks to choose from, ISO/IEC 27000, COBIT 5, NIST SP 800-53, ITIL to name a few, I have been tasked to find the best one to use for our institution. I thought it might be a good idea to see what other institutions are using and why. I leaning toward ISO/IEC 27000 series because of federal grants, and PCI requirements. Thoughts? Regards, Allen A. Snook ITS Security Analyst [cid:image002.png@01D30B7E.0621A750] One College Avenue Suite 3055 Mechanicsburg PA 17055 Tel: (717) 796-5300 x6790<tel:(717)%20796-5300> Fax: (717) 796-5246<tel:(717)%20796-5246> Cell: (717) 439-0025<tel:(717)%20439-0025>
Current thread:
- Security Frameworks Snook, Allen (Nov 20)
- Re: Security Frameworks randy (Nov 20)
- Re: Security Frameworks Snook, Allen (Nov 21)
- Re: *EXT* Re: [SECURITY] Security Frameworks Velislav K Pavlov (Nov 21)
- Re: Security Frameworks Snook, Allen (Nov 21)
- Re: Security Frameworks Shannon Roddy (Nov 21)
- Re: Security Frameworks randy (Nov 20)