Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Security Program: NIST, ISO, other?
From: mccalluq <mccalluq () LCC EDU>
Date: Thu, 17 Jan 2013 09:54:17 -0500

We were using ISO27001/2 and are/will be using NIST 800-53.

 

Thanks,

Quentin L. McCallum, CISSP, ITIL-F

Information Security Analyst

Lansing Community College

517-267-5014

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Shamblin, Quinn
Sent: Thursday, January 17, 2013 9:45 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Program: NIST, ISO, other?

 

We do a combination of the various security best practices and standards.  We evaluate our systems using NIST 800-53, 
etc. mainly because we do a lot of research for the government and they require data security and management plans 
based on those standards.  But we run the larger program with inputs from ISO27001/2, NIST, COBIT, and even inputs from 
ITIL (or ISO 20000 if you prefer).  We map our various policies to the standards/regulations that require that policy.  
I have a matrix (partially complete) that shows that mapping if you are interested.

 

Quinn R Shamblin
------------------------------------------------------------------------------------------------
Executive Director of Information Security, Boston University
CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 617-999-7523

Contact me securely: https://securecontact.me/qrs () bu edu <https://securecontact.me/qrs () bu edu> 

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wright, 
A J (A. J.)
Sent: Thursday, January 17, 2013 9:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Security Program: NIST, ISO, other?

 

Hello all,

 

At the University of Tennessee, our security program is based on the NIST 800 Series special publications rather than 
ISO 27001.  While we don't claim to implement 100% of it (it wouldn't be appropriate,) we're making heavy use of 
FIPS199, 800-37, 800-53, 800-66, etc.

 

I've had staff calling and emailing around asking this, but I figured I'd ask this list also: what is your school's 
security program based on?

 

Thanks,

ajw

--

A. J. Wright 
Chief Information Security Officer

 

University of Tennessee - System Administration
2309 Kingston Pike, Suite 131C
Knoxville, TN  37996-1717
Phone:  865-974-0637

Email: ajw () tennessee edu <mailto:ajw () tennessee edu> 

 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]