Educause Security Discussion mailing list archives
Re: Vulnerability Management tools
From: David D Grisham <DGrisham () SALUD UNM EDU>
Date: Wed, 9 Dec 2015 15:35:47 +0000
We looked at these tools as well as RiskSense. We chose to build our own based on assessment findings. Key components are Nessus scans, which get sent to the designated system owner, if patching is not possible then we have built-in an exception document that is completed by systems and reviewed by ITSecurity then goes through change control for review and approval. All exceptions are dated and reviewed yearly. Now with that said, this system is not in production yet. We just started getting the components in place as this is a large project and needs to be done right. Cheers.-grish David Grisham David Grisham, PhD, CISM, CRISC, CHS III Manager, ITSecurity, UNM Hospitals, UNM Health Science Center 505.272.5657 Dgrisham () salud UNM edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frank Barton Sent: Wednesday, December 09, 2015 7:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Vulnerability Management tools Good morning folks, We are looking at tools for vulnerability management, and have identified both Qualys and Tennable SecurityCenter as possibilities. I was wondering if there was anybody here that could speak to having used either (or others that we should look at), pros, cons, indifferents, etc. Thank You Frank -- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- Vulnerability Management tools Frank Barton (Dec 09)
- Re: Vulnerability Management tools David D Grisham (Dec 09)
- Re: Vulnerability Management tools Edgmand, Craig (Dec 09)
- Re: Vulnerability Management tools DiGrazia, Mick A (Dec 09)
- Re: Vulnerability Management tools Frank Barton (Dec 09)
- Re: Vulnerability Management tools Brad Judy (Dec 09)
- Re: Vulnerability Management tools DiGrazia, Mick A (Dec 09)
- Re: Vulnerability Management tools DiGrazia, Mick A (Dec 09)
- Re: Vulnerability Management tools O'Callaghan, Daniel (Dec 09)