Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Integrating security in IT processes
From: randy <marchany () VT EDU>
Date: Tue, 13 Nov 2012 20:22:46 -0500

We're using the 20 critical controls as our blueprint for our security
architecture here at VA Tech.

-Randy Marchany
VA Tech IT Security Office

On Tue, Nov 13, 2012 at 6:25 PM, McCrary, Barbara <bmccrary () osrhe edu>wrote:

 The  SANs 20 critical controls are concise and a quick way to start
moving forward on formalization, all the while  implementing quick fixes
along the way.  The key controls have been incorporated into to FISMA as a
centerpiece for government and large enterprise security programs but they
are very scalable.  The emphasis on automation makes them even more
effective.****

** **

http://www.sans.org/critical-security-controls/****

** **

Another source?  NIST, particularly, NIST National Checklist Repository
which provides updated installation administrative, security and device
hardening checklists for a variety of systems. Granted, you may not intend
to harden to DoD standards, but along with the now built-in security
automation goals and how-to guidance, you get some nice base checklists to
use but it does take a bit more digging and effort.  ****

*Barbara McCrary**
*Chief Information Security Officer
*MCSE, MCSE:Security, +Messaging*,* CompTia:Security+* ****

*bmccrary () osrhe edu* <bmccrary () osrhe edu>****

** **

Protecting data is a shared responsibility!****

** **

INSTALL antivirus and antispyware software.****

USE strong passwords.****

KNOW who you are dealing with online.****

STORE confidential and sensitive data on encrypted devices only.****

SHUT DOWN home computers or disconnect from the Internet when not in use.*
***

** **

Oklahoma State Regents for Higher Education
655 Research Parkway****

Suite 200****

Oklahoma City, OK  73104
405 225.9316 office
405 234.4321 cell
405 234.4588 fax ****

** **

Note:  This communication and attachments, if any, are intended solely for
the use of the addressee hereof.  In addition, this information and
attachments, if any, may contain information that is confidential,
privileged and exempt from disclosure under applicable law, including,
but not limited to, the Privacy Act of 1974.  If you are not the intended
recipient of this information, you are prohibited from reading, disclosing,
reproducing, distributing, disseminating, or otherwise using this
information.  If you have received this message in error, please promptly
notify the sender and immediately, delete this communication from your
system.****

** **

*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Andy Scott
*Sent:* Tuesday, November 13, 2012 10:57 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Integrating security in IT processes****

** **

Hi,****

** **

I am looking at improving the integration of information security in IT
processes (project development, maintenance, etc.). I am interested on what
others have successfully done to improve the integration of security.****

** **

Thanks.****

_________________****

Andy Scott, CISSP****

Information Security Officer, IT Services****

British Columbia Institute of Technology****

3700 Willingdon Ave, Burnaby, BC, V5G 3H2****

** **

Tel: 604-432-8683  Mobile: 778-928-2444****

Email: andy_scott () bcit ca  Web: bcit.ca/its/security****

** **


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]