Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What security framework are you using, and why?

From: Jay Gallman <jay.gallman () DUKE EDU>
Date: Fri, 17 Sep 2021 18:53:15 +0000
As Robert mentions the HEISC 800-171 Community Group | 
EDUCAUSE<https://www.educause.edu/community/heisc-800-171-community-group> where I am one of the group leaders, is 
looking at questions like the one raised.  We meet next Tuesday at 10:30, so please feel free to join us.

Regards,
--
Jay Gallman, GCIH
Risk Management IT Analyst | IT Security Office | Duke University
Phone: 919 684-8060
My Availability:  Microsoft 365<https://outlook.office365.com/owa/calendar/d787a256f208403e9711748e356080af () duke 
edu/57d1ee81e6ad40daa985f447ef6881ce17105695644070449399/calendar.html>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Barton, Robert W. 
<bartonrt () LEWISU EDU>
Date: Friday, September 17, 2021 at 2:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] What security framework are you using, and why?
With Student Financial Aid requiring agencies to use NIST 800-171, I would use that.  There are a few working groups 
within Educause examining 800-171 and working on tools.

Robert W. Barton
Executive Director of Information Security & Policy
Lewis University
1 University Parkway
Romeoville, IL  60446-2200
815-836-5663

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Vince Bonura 
<vbonura () FORDHAM EDU>
Sent: Friday, September 17, 2021 1:39 PM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] What security framework are you using, and why?


Hello again!



With the vast list of security frameworks to choose from, ISO/IEC 27000, COBIT 5, NIST SP 800-53, ITIL to name a few,  
I have been tasked to find the best one to use for our institution.  I thought it might be a good idea to see what 
other institutions are using and why.



I would be interested in knowing if you have a case study or a weblink that explains the reasoning for your selection.



We have tried a number over the last 15 years and while we thought NIST 800-53 was the right choice, we find that it 
doesn’t accurately align with our school. Last year a consultant firm we hired for a NIST 800-171 gap assessment, 
recommended NIST CSF.



So, we’re working through the crosswalk exercise and thought we should reach out to our higher education colleagues for 
your feedback.



Don’t be shy!



Thanks in advance!



Vince Bonura



IT Risk Analyst

Fordham University

(718) 817-1875





**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: