Educause Security Discussion mailing list archives

Re: Using Nessus and other tools for compliance checks

From: Karen Stopford <stopfordk () CT EDU>
Date: Mon, 11 May 2009 13:20:32 -0400

Would love to hear how the Vericept solution is/isn't working for you.  Budgets here are constrained and it would 
probably be too pricey for us, but the details of how it does or doesn't meet your objectives would be good information 
to have for any type of evaluation.
Thanks,
Karen
Risk comes from not knowing what you're doing. -Warren Buffet


C. Karen Stopford, CISSP
Associate Executive Officer for I.T. Security
CT State University System
39 Woodland Street
Hartford, CT  06105
(860) 493-0116

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Clark, 
Sean
Sent: Monday, May 11, 2009 1:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Using Nessus and other tools for compliance checks

We are using Nessus for vulnerability assessment and also for basic data discovery.  We use Web Inspect and manual penn 
testing to perform security assessments of Internet-facing apps that handle or contain private data.  Tomorrow is our 
kick-off for using Vericept as a data loss prevention system, checking/alerting when private data (eg PHI/SSN/PCI) is 
leaving the campus network via insecure (unencrypted) protocols.


Sean Clark
Manager, IT Security/Email/UNIX Systems
UCDenver IT Services
Sean.Clark () UCDenver edu
303-724-0486

________________________________
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Charles 
Seitz
Sent: Monday, May 11, 2009 10:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Using Nessus and other tools for compliance checks
We currently use Nessus for network vulnerability testing and are looking to see how else we can use it, or other 
similar tools, to check on compliance with standards like PCI-DSS, FERPA, and HIPPA. Which tools do you all use to self 
check for compliance with these regulations and how do you apply them to perform these compliance checks?

Thanks,

Charlie
________________________________
Charles A. Seitz
Senior Security Analyst
University of Tennessee Information Security Office
Martin Campus
cseitz () tennessee edu
(731) 881-7966

Current thread:

Using Nessus and other tools for compliance checks Charles Seitz (May 11)
- <Possible follow-ups>
- Re: Using Nessus and other tools for compliance checks Clark, Sean (May 11)
- Re: Using Nessus and other tools for compliance checks Karen Stopford (May 11)
- Re: Using Nessus and other tools for compliance checks Clark, Sean (May 11)