Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Security Program: NIST, ISO, other?
From: "Stephen C. Gay" <sgay () KENNESAW EDU>
Date: Thu, 17 Jan 2013 12:03:17 -0500

Kennesaw State University utilizes ISO27002 while also incorporating the metric requirements included in CoBIT. We have 
just recently started looking into incorporating the SANS 20 Critical Controls.

Stephen C Gay CISSP CISA
ITS Associate Director - Information Security Office
KSU Information Security Officer
Kennesaw State University
sgay () kennesaw edu

----- Original Message -----
From: "A J Wright (A. J.)" <ajw () TENNESSEE EDU>
Sent: Thursday, January 17, 2013 9:36:30 AM
Subject: [SECURITY] Security Program: NIST, ISO, other?

Hello all,

At the University of Tennessee, our security program is based on the NIST 800 Series special publications rather than 
ISO 27001. While we don’t claim to implement 100% of it (it wouldn’t be appropriate,) we’re making heavy use of 
FIPS199, 800-37, 800-53, 800-66, etc.

I’ve had staff calling and emailing around asking this, but I figured I’d ask this list also: what is your school’s 
security program based on?




A. J. Wright
Chief Information Security Officer

University of Tennessee – System Administration
2309 Kingston Pike, Suite 131C
Knoxville, TN 37996-1717
Phone: 865-974-0637

Email: ajw () tennessee edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]