Educause Security Discussion mailing list archives
Re: Vulnerability and Data Loss Protection Scanning
From: Kevin Reedy <KReedy () EXCELSIOR EDU>
Date: Wed, 16 Mar 2016 15:44:18 -0400
Hi Scott, We have been using Leidos and are happy with the service they provide. For better or worse they usually don't tell me anything I don't know, but it gives me a list of documented findings that has become a useful tool in remediation. In a way being the middle man makes me less of the bad guy, and I like that. There are a million way to skin this cat from a technology perspective, for the most part budget and manpower being the biggest obstacles. It might be fun for you to run Nessus or Spin up a Kali Linux box to see what it tells you beforehand. If you have a patching issues with workstations for example and can fix that easily before they come on site it may let them focus on other things, instead of producing 100 pages of machines all missing the same patches. You also will want to have a clear idea of why you are doing this. FERPA? PCI? Maybe HIPAA? Maybe you use the CoCS 20 internally already and want to benchmark against that? Of course the vendor will walk you through all this and many other items, but it's nice to be prepared for the conversation a little bit. A good vendor should ask you what you want from them, and if you can't really tell them they will help you get there by asking the right questions. Based on the question and your title I am guessing that you don't have a huge security team at your disposal, so this could become a very useful annual process. This is one of the areas that every organization handles differently based on size, need, etc, I'm looking forward to seeing the other responses from a process perspective and other governance angles as well. -Kevin From: Scott Voelker <svoelker () LBCC EDU> To: SECURITY () LISTSERV EDUCAUSE EDU, Date: 03/16/2016 12:14 PM Subject: [SECURITY] Vulnerability and Data Loss Protection Scanning Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> All, I am fairly new to this listserv, and apologize if the following question has already been answered. We at Long Beach City College are looking for a company that can provide a security assessment of our internal network and public facing servers. We will be looking for both vulnerability and data loss protection scanning. What vendors have you used, and were you happy with them? If you would do anything differently, what would that be? Do you have any further suggestions for us as we move forward? With regard to public facing servers, I am aware that the CCC Security Center provides a Vulnerability Assessment Scan service. Has anyone used this service, and if so, would you suggest we look into it? Thank you very much for your time, Scott Voelker User Support & Web Development, Deputy Director Long Beach City College 4901 E. Carson Street Long Beach, CA 90808 562.938.4007 svoelker () lbcc edu This message and any attachments contain confidential Excelsior College information intended for the specific individual and purpose. If you are not the intended recipient, you should notify the College and delete this message. Any disclosure, copying, distribution or inappropriate use of this message is strictly prohibited.
Current thread:
- Vulnerability and Data Loss Protection Scanning Scott Voelker (Mar 16)
- Re: Vulnerability and Data Loss Protection Scanning Kevin Reedy (Mar 16)