Educause Security Discussion mailing list archives
Re: Using Nessus and other tools for compliance checks
From: "Clark, Sean" <Sean.Clark () UCDENVER EDU>
Date: Mon, 11 May 2009 11:14:25 -0600
We are using Nessus for vulnerability assessment and also for basic data discovery. We use Web Inspect and manual penn testing to perform security assessments of Internet-facing apps that handle or contain private data. Tomorrow is our kick-off for using Vericept as a data loss prevention system, checking/alerting when private data (eg PHI/SSN/PCI) is leaving the campus network via insecure (unencrypted) protocols. Sean Clark Manager, IT Security/Email/UNIX Systems UCDenver IT Services Sean.Clark () UCDenver edu 303-724-0486 ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Charles Seitz Sent: Monday, May 11, 2009 10:48 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Using Nessus and other tools for compliance checks We currently use Nessus for network vulnerability testing and are looking to see how else we can use it, or other similar tools, to check on compliance with standards like PCI-DSS, FERPA, and HIPPA. Which tools do you all use to self check for compliance with these regulations and how do you apply them to perform these compliance checks? Thanks, Charlie ________________________________ Charles A. Seitz Senior Security Analyst University of Tennessee Information Security Office Martin Campus cseitz () tennessee edu (731) 881-7966
Current thread:
- Using Nessus and other tools for compliance checks Charles Seitz (May 11)
- <Possible follow-ups>
- Re: Using Nessus and other tools for compliance checks Clark, Sean (May 11)
- Re: Using Nessus and other tools for compliance checks Karen Stopford (May 11)
- Re: Using Nessus and other tools for compliance checks Clark, Sean (May 11)