Educause Security Discussion mailing list archives
Re: Security Frameworks
From: randy <marchany () VT EDU>
Date: Mon, 20 Nov 2017 18:21:15 -0500
We use ISO 27000 as our high level security strategy. We're using the 20 Critical Security Controls (https://www.cisecurity.org/controls/) as the operational plan for achieving the ISO control areas. I've attached a spreadsheet that maps the 20 controls to ISO 27000, NIST 800-53, and a whole bunch of other national and international standards. That spreadsheet and 2 others on the Critical Controls are at http://www.auditscripts.com/ free-resources/critical-security-controls/. Hope this helps. -Randy Marchany VA Tech IT Security Office and Lab On Mon, Nov 20, 2017 at 4:09 PM, Snook, Allen <asnook () messiah edu> wrote:
Fellow security minded colleagues, With the vast list of security frameworks to choose from, ISO/IEC 27000, COBIT 5, NIST SP 800-53, ITIL to name a few, I have been tasked to find the best one to use for our institution. I thought it might be a good idea to see what other institutions are using and why. I leaning toward ISO/IEC 27000 series because of federal grants, and PCI requirements. Thoughts? Regards, *Allen A. Snook* ITS Security Analyst [image: cid:image002.png@01D30B7E.0621A750] One College Avenue Suite 3055 Mechanicsburg PA 17055 Tel: (717) 796-5300 x6790 <(717)%20796-5300> Fax: (717) 796-5246 Cell: (717) 439-0025
Attachment:
AuditScripts-Critical-Security-Control-Master-Mappings-v6.1g.xlsx
Description:
Current thread:
- Security Frameworks Snook, Allen (Nov 20)
- Re: Security Frameworks randy (Nov 20)
- Re: Security Frameworks Snook, Allen (Nov 21)
- Re: *EXT* Re: [SECURITY] Security Frameworks Velislav K Pavlov (Nov 21)
- Re: Security Frameworks Snook, Allen (Nov 21)
- Re: Security Frameworks Shannon Roddy (Nov 21)
- Re: Security Frameworks randy (Nov 20)