Educause Security Discussion mailing list archives
Re: *EXT* Re: [SECURITY] Security Frameworks
From: Velislav K Pavlov <VelislavPavlov () FERRIS EDU>
Date: Tue, 21 Nov 2017 16:34:11 +0000
+1 for the ISO27001/27002 and CIS CSC Top 20. ISO has a mapping/cross walk to any known security standard and regulation. With PCI DSS, HIPAA, GLBA, GDPR, NIST 800-171, FISMA, LEIN, you name it, our IT ops feel in constant remediation and adding to the risk register. ISO provides a common denominator that helps to focus on strategic objectives not just putting out fires. Vel Pavlov | Coordinator, IT Security M.Sc. ISM, CISSP, C|HFI, C|EH, C)PTE, Security+, CNA, MPCS, ITILv3F, A+ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Snook, Allen Sent: Tuesday, November 21, 2017 8:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: *EXT* Re: [SECURITY] Security Frameworks Thanks so much this is great information. Regards, Allen A. Snook ITS Security Analyst [cid:image002.png@01D30B7E.0621A750] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy Sent: Monday, November 20, 2017 6:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Security Frameworks We use ISO 27000 as our high level security strategy. We're using the 20 Critical Security Controls (https://www.cisecurity.org/controls/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisecurity.org%2Fcontrols%2F&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Ca6529a1deb6c4c3bf10108d530e8085a%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C0%7C636468695502484993&sdata=fiJoy7jxjSdI5pdcCQ8AHlF26%2FtAuKrH9PmQfB3WfmM%3D&reserved=0>) as the operational plan for achieving the ISO control areas. I've attached a spreadsheet that maps the 20 controls to ISO 27000, NIST 800-53, and a whole bunch of other national and international standards. That spreadsheet and 2 others on the Critical Controls are at http://www.auditscripts.com/free-resources/critical-security-controls/<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.auditscripts.com%2Ffree-resources%2Fcritical-security-controls%2F&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Ca6529a1deb6c4c3bf10108d530e8085a%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C0%7C636468695502484993&sdata=Qd71awz56bPxLxZsO8LEnXDl2bASNh58Y39dqfUuaIg%3D&reserved=0>. Hope this helps. -Randy Marchany VA Tech IT Security Office and Lab On Mon, Nov 20, 2017 at 4:09 PM, Snook, Allen <asnook () messiah edu<mailto:asnook () messiah edu>> wrote: Fellow security minded colleagues, With the vast list of security frameworks to choose from, ISO/IEC 27000, COBIT 5, NIST SP 800-53, ITIL to name a few, I have been tasked to find the best one to use for our institution. I thought it might be a good idea to see what other institutions are using and why. I leaning toward ISO/IEC 27000 series because of federal grants, and PCI requirements. Thoughts? Regards, Allen A. Snook ITS Security Analyst [cid:image002.png@01D30B7E.0621A750] One College Avenue Suite 3055 Mechanicsburg PA 17055 Tel: (717) 796-5300 x6790<tel:(717)%20796-5300> Fax: (717) 796-5246<tel:(717)%20796-5246> Cell: (717) 439-0025<tel:(717)%20439-0025> **Notice** This message is from a sender outside of the Ferris Office 365 mail system. Use caution when clicking links or opening attachments. For assistance determining if this email is safe, please contact TAC. ________________________________
Current thread:
- Security Frameworks Snook, Allen (Nov 20)
- Re: Security Frameworks randy (Nov 20)
- Re: Security Frameworks Snook, Allen (Nov 21)
- Re: *EXT* Re: [SECURITY] Security Frameworks Velislav K Pavlov (Nov 21)
- Re: Security Frameworks Snook, Allen (Nov 21)
- Re: Security Frameworks Shannon Roddy (Nov 21)
- Re: Security Frameworks randy (Nov 20)