Educause Security Discussion mailing list archives
Re: CIS vs NIST
From: "Bridges, Robert A." <bridgesra () ORNL GOV>
Date: Mon, 30 Apr 2018 16:12:58 +0000
Michael, Thanks for the reply. Just to be clear, I'm a researcher trying to understand the broad state of practice of operations to inform new technologies. I'm not trying to configure a security operation. So (one of) the questions (that still remains) for anyone willing to chime in, does anyone use audit logs? If so, are they default on, and if not, when do you turn them on? Thanks, Bobby -- Robert A. Bridges, PhD, Research Mathematician, Cyber & Information Science Research Group, Oak Ridge National Laboratory On 4/30/18, 12:08 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Valdis Kletnieks" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of valdis.kletnieks () VT EDU> wrote: On Mon, 30 Apr 2018 14:30:23 -0000, "Menne, Michael S" said: > Your list should be based on your own risks. Donâ•˙t worry about quantifying > your risks. A qualitative assessment with some simple numbers would be good > enough. Start tracking every event and start developing some simple metrics in > order to justify your risk ranking and control priorities. Also - you *do* have backups of critical systems, they're offsite, and you *test* those backups, right?
Current thread:
- Re: CIS vs NIST, (continued)
- Re: CIS vs NIST Chad Tracy (Apr 30)
- Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
- Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Nicklaus Giacobe (Apr 30)
- Re: CIS vs NIST Adam Menos (Apr 30)
- Re: CIS vs NIST Simanovich, Roman (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Edgmand, Craig (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Menne, Michael S (Apr 30)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: CIS vs NIST Bridges, Robert A. (Apr 30)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: CIS vs NIST Bridges, Robert A. (Apr 30)
- Re: CIS vs NIST Kevin Wilcox (May 02)
- Re: CIS vs NIST Bridges, Robert A. (May 03)
- Re: CIS vs NIST Kevin Wilcox (May 03)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: [External] Re: [SECURITY] CIS vs NIST Bennett, Daniel (May 21)
- Re: [External] Re: [SECURITY] CIS vs NIST Larry K. Emmons (May 21)