On 6/11/2009 9:49 AM, Chris Teodorski wrote: > Hey all, > > I'm wondering if anyone has come up with a creative way to track PCI > compliance across multiple applications in an organization. I'm > currently using a spreadsheet but it's getting rather cumbersome. > > Just wondering if someone smarter than me had come up with a cool > tracking mechanism. Ideally, I'd like to come up with something web > based, so our management can jump on and look at something with pretty > colors. > > It depends on what you are tracking and how often you want it updated. PCI compliance means many things and there are many ways to audit and monitor these requirements. If you want to see a video on how we do this for vulns, configs and logs, check out this link:
http://cgi.tenablesecurity.com/demos/pci2/pci2.htm When you design reports for managers, you need to keep in mind what you are showing them and what their reaction will be when things "turn red". Ron Gula Tenable Network Security _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
