PaulDotCom mailing list archives
Tracking PCI compliance
From: rgula at tenablesecurity.com (Ron Gula)
Date: Thu, 11 Jun 2009 10:55:48 -0400
On 6/11/2009 9:49 AM, Chris Teodorski wrote:
Hey all, I'm wondering if anyone has come up with a creative way to track PCI compliance across multiple applications in an organization. I'm currently using a spreadsheet but it's getting rather cumbersome. Just wondering if someone smarter than me had come up with a cool tracking mechanism. Ideally, I'd like to come up with something web based, so our management can jump on and look at something with pretty colors.
It depends on what you are tracking and how often you want it updated. PCI compliance means many things and there are many ways to audit and monitor these requirements. If you want to see a video on how we do this for vulns, configs and logs, check out this link: http://cgi.tenablesecurity.com/demos/pci2/pci2.htm When you design reports for managers, you need to keep in mind what you are showing them and what their reaction will be when things "turn red". Ron Gula Tenable Network Security
Current thread:
- Tracking PCI compliance Chris Teodorski (Jun 11)
- Tracking PCI compliance Ron Gula (Jun 11)