Educause Security Discussion mailing list archives
Re: Using Nessus and other tools for compliance checks
From: Karen Stopford <stopfordk () CT EDU>
Date: Mon, 11 May 2009 13:20:32 -0400
Would love to hear how the Vericept solution is/isn't working for you. Budgets here are constrained and it would probably be too pricey for us, but the details of how it does or doesn't meet your objectives would be good information to have for any type of evaluation. Thanks, Karen Risk comes from not knowing what you're doing. -Warren Buffet C. Karen Stopford, CISSP Associate Executive Officer for I.T. Security CT State University System 39 Woodland Street Hartford, CT 06105 (860) 493-0116 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Clark, Sean Sent: Monday, May 11, 2009 1:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Using Nessus and other tools for compliance checks We are using Nessus for vulnerability assessment and also for basic data discovery. We use Web Inspect and manual penn testing to perform security assessments of Internet-facing apps that handle or contain private data. Tomorrow is our kick-off for using Vericept as a data loss prevention system, checking/alerting when private data (eg PHI/SSN/PCI) is leaving the campus network via insecure (unencrypted) protocols. Sean Clark Manager, IT Security/Email/UNIX Systems UCDenver IT Services Sean.Clark () UCDenver edu 303-724-0486 ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Charles Seitz Sent: Monday, May 11, 2009 10:48 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Using Nessus and other tools for compliance checks We currently use Nessus for network vulnerability testing and are looking to see how else we can use it, or other similar tools, to check on compliance with standards like PCI-DSS, FERPA, and HIPPA. Which tools do you all use to self check for compliance with these regulations and how do you apply them to perform these compliance checks? Thanks, Charlie ________________________________ Charles A. Seitz Senior Security Analyst University of Tennessee Information Security Office Martin Campus cseitz () tennessee edu (731) 881-7966
Current thread:
- Using Nessus and other tools for compliance checks Charles Seitz (May 11)
- <Possible follow-ups>
- Re: Using Nessus and other tools for compliance checks Clark, Sean (May 11)
- Re: Using Nessus and other tools for compliance checks Karen Stopford (May 11)
- Re: Using Nessus and other tools for compliance checks Clark, Sean (May 11)