Comments on: Recent Readings (and listenings) http://edbellis.com/2007/08/06/recent-readings-and-listening/ converting black signals to red Tue, 11 May 2010 20:09:28 +0000 hourly 1 http://wordpress.com/ By: Andrew Law http://edbellis.com/2007/08/06/recent-readings-and-listening/#comment-534 Andrew Law Wed, 19 Sep 2007 18:40:10 +0000 http://cleartext.wordpress.com/2007/08/06/recent-readings-and-listening/#comment-534 Hi, At Microsoft, we use a tool called SPIDER, to scan systems and map business compliance requirements to control objectives and different types of 'evidence' on a box. This evidence can range from patches, to certain revs of software or services running on a box. Here is a reference to the tool http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004738 however, it hasn't been "productized". It is used in some of our consulting engagements for other customers. The article doesn't do the tool justice, as it looks just like some kind of host scanner. The magic of the tool is that it lets you define any compliance metrics you like (SOX, HIPPA, PCI, etc) in the tool. Every company is different here, so you can define your own complaince metrics as you like. When the scan is complete, you get a report showing the results, and how many systems meet the compliance requirements you defined. We currently license this tool through our ACE Security Services division. BTW - I don't represent Microsoft in this post (and I'm not a SalesGuy!) Hi,
At Microsoft, we use a tool called SPIDER, to scan systems and map business compliance requirements to control objectives and different types of ‘evidence’ on a box. This evidence can range from patches, to certain revs of software or services running on a box.
Here is a reference to the tool
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004738

however, it hasn’t been “productized”. It is used in some of our consulting engagements for other customers.

The article doesn’t do the tool justice, as it looks just like some kind of host scanner.

The magic of the tool is that it lets you define any compliance metrics you like (SOX, HIPPA, PCI, etc) in the tool.
Every company is different here, so you can define your own complaince metrics as you like.

When the scan is complete, you get a report showing the results, and how many systems meet the compliance requirements you defined.
We currently license this tool through our ACE Security Services division.

BTW – I don’t represent Microsoft in this post (and I’m not a SalesGuy!)

]]>