Policy, Standards, Regulations & Compliance
Re: Compliance Product Recomendation Jul 27 2007 02:47PM
doug simpson bz (1 replies)
RE: Compliance Product Recomendation Jul 27 2007 04:45PM
Mark Curphey (mark curphey com) (1 replies)
Doug

Which parts of a standards or regulation (or maybe rephrased what percentage) do you think automated tools analyze? Maybe PCI as an example?

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of doug (at) simpson (dot) bz [email concealed]
Sent: Friday, July 27, 2007 4:48 PM
To: aversetoriskman (at) hushmail (dot) com [email concealed]; psrc (at) securityfocus (dot) com [email concealed]
Subject: Re: Compliance Product Recomendation

I can give you a few but I must couch it with the following. I am a Sales Engineer. I work for Altiris/Symantec and I worked for Ecora.

Security Expressions (from Altiris) - looks at your systems (OS agnostic) from a policy stand point. You can choose a PCI policy or a CIS polciy or a HIPAA policy and then run these policies against your systems to find out if they are out of whack per that policy. It can remediate.

Auditor from Ecora Software - many different modules. It comes at things a bit different then SE. It will collect almost every config and then you decide what report/policy to run against the info collected. There are PCI, SOX, etc reports.

TripWire has a come out with a solution but I do not know it well enough to tell you about it.

ConfigureSoft which is more along the lines of configuration management has reports per compliancies.

Qualys - I just found out that they are coming out with polcies per compliance. Qualys usually is lumped in with Scanners like Nessus. The cool thing about Qualys is that you can do it over the internet. You do not have to purchase their appliance.

This is a small list but it gives you a good place to start your research. I hope it helps.

Regards,
Doug

-----Original Message-----
From: aversetoriskman (at) hushmail (dot) com [email concealed] [mailto:aversetoriskman (at) hushmail (dot) com [email concealed]]
Sent: Friday, July 27, 2007 08:46 AM
To: psrc (at) securityfocus (dot) com [email concealed]
Subject: Compliance Product Recomendation

I work for a large financial services company in the mid-west and
am new to compliance and risk management. I have been tasked with
identifying a range of products I should budget for next year to
solve the security compliance needs in my company. I think these
include PCI, HIPAA and GLBA as well as SOX.

Can anyone recomend any products and or approaches to evaluating
tools? Its seems there are lots on the market, many of which seem
to magically help me assess compliance so I am a little sceptical.

Thanks in advance.

--
Click for military loan, fast & no lender fee, approval today
http://tagline.hushmail.com/fc/Ioyw6h4d9CvgJL1Y4Wv9D7E1u2nBdSZdR7Nrj7BPD
rH5hkfIv8urmP/

[ reply ]
RE: Compliance Product Recomendation Jul 27 2007 05:36PM
ljknews (ljknews mac com)


 

Privacy Statement
Copyright 2010, SecurityFocus