Educause Security Discussion mailing list archives

Re: Using Nessus and other tools for compliance checks

From: "Clark, Sean" <Sean.Clark () UCDENVER EDU>
Date: Mon, 11 May 2009 11:14:25 -0600

We are using Nessus for vulnerability assessment and also for basic data discovery.  We use Web Inspect and manual penn 
testing to perform security assessments of Internet-facing apps that handle or contain private data.  Tomorrow is our 
kick-off for using Vericept as a data loss prevention system, checking/alerting when private data (eg PHI/SSN/PCI) is 
leaving the campus network via insecure (unencrypted) protocols.


Sean Clark
Manager, IT Security/Email/UNIX Systems
UCDenver IT Services
Sean.Clark () UCDenver edu
303-724-0486

________________________________
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Charles 
Seitz
Sent: Monday, May 11, 2009 10:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Using Nessus and other tools for compliance checks

We currently use Nessus for network vulnerability testing and are looking to see how else we can use it, or other 
similar tools, to check on compliance with standards like PCI-DSS, FERPA, and HIPPA. Which tools do you all use to self 
check for compliance with these regulations and how do you apply them to perform these compliance checks?

Thanks,

Charlie
________________________________
Charles A. Seitz
Senior Security Analyst
University of Tennessee Information Security Office
Martin Campus
cseitz () tennessee edu
(731) 881-7966

Current thread:

Using Nessus and other tools for compliance checks Charles Seitz (May 11)
- <Possible follow-ups>
- Re: Using Nessus and other tools for compliance checks Clark, Sean (May 11)
- Re: Using Nessus and other tools for compliance checks Karen Stopford (May 11)
- Re: Using Nessus and other tools for compliance checks Clark, Sean (May 11)