Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: ISO 27000
From: "Payne, Shirley (scp8b)" <scp8b () VIRGINIA EDU>
Date: Fri, 15 Jan 2010 10:40:24 -0500

Leilani,
The University of Virginia's information security program is based primarily upon the ISO 27002 standard and we are 
audited against the standard. The policy that authorizes alignment with ISO 27002 is posted at 
https://policy.itc.virginia.edu/policy/policydisplay?id=IRM-011.
-Shirley
Shirley C. Payne, CISSP
Assistant Vice President for Information Security, Policy, and Records
University of Virginia
P.O. Box 400898
2400 Old Ivy Road, Room 166
Charlottesville, Virginia 22904-4898
(434) 924-4165
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Leilani 
Lauger
Sent: Thursday, January 14, 2010 3:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] ISO 27000

We are trying to gather information about how our peers are using the ISO 27000 standards.  Is anyone using standards 
to formally evaluate a security program or as a framework for building a new program?  Are they being used as a 
complete body of work or to inform individual aspects of a security program?

We appreciate any feedback.

Thank you,

Leilani Lauger
Information Security Officer
Loyola University Chicago
773.508.6086
llauger () luc edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]