Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Tracking PCI compliance
From: rgula at tenablesecurity.com (Ron Gula)
Date: Thu, 11 Jun 2009 10:55:48 -0400

On 6/11/2009 9:49 AM, Chris Teodorski wrote:
Hey all,

I'm wondering if anyone has come up with a creative way to track PCI
compliance across multiple applications in an organization.  I'm
currently using a spreadsheet but it's getting rather cumbersome.

Just wondering if someone smarter than me had come up with a cool
tracking mechanism.  Ideally, I'd like to come up with something web
based, so our management can jump on and look at something with pretty
colors.

  
It depends on what you are tracking and how often you want it updated.
PCI compliance
means many things and there are many ways to audit and monitor these
requirements. If
you want to see a video on how we do this for vulns, configs and logs,
check out this
link:

http://cgi.tenablesecurity.com/demos/pci2/pci2.htm

When you design reports for managers, you need to keep in mind what you
are showing
them and what their reaction will be when things "turn red".

Ron Gula
Tenable Network Security



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]