At the end of the day, your organization is going to need to analyze the
standards, develop processes, and utilize the processes to create rules for
auditing.
Tools to create audit rules can include 3rd party software (OpsWare or
whatever their new name with HP is), custom scripts, etc.
Standards compliance is all about understanding the standards and developing
the processes in accordance with the standards. For my entity, we have a
team that is dedicated to handling regulatory compliance. We work alongside
them to create the technical standards.
Most of this is NOT technical in nature. If you are not familiar enough with
compliance issues, you should seek out the necessary folks to help with
compliance. If you don't and you get compromised, your company and/or client
will be in for a long and expensive adventure. While some folks will say
that they have templates for PCI/SOX/Standard XYZ, 99% of these standards
are dependent on the particular implementation that you have chosen, so the
audit templates don't always work (think compensating controls in PCI).
If you have to do it, read the standard front and back, get someone versed
in compliance, and don't pretend that just because you are a bad ass in
networks that you'll understand it all and be able to meet all of the
standards.
Most importantly, have fun and cover your ass. I hate compliance and I
always get stuck with it.
-- William McCall, CCIE #25044 On Sat, Jan 2, 2010 at 1:34 AM, Zeeshan Sanaullah < zeeshansanaullah_at_hotmail.com> wrote: > Hello ! > > How can I check if Cisco Routers, Switches, Firewalls, IPS are in > compliance > with ISO 27001 , ISO 27002 and if they help in acheiving PCI and SOX > standards. > > Any Information will be highly appreciated > > Thanks & Regards > > Zeeshan Sanaullah , CCIE #25196 (R&S) > > _________________________________________________________________ > Windows Live: Friends get your Flickr, Yelp, and Digg updates when they > e-mail > you. > > http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci > al-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010<http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci%0Aal-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010> > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Sat Jan 02 2010 - 19:20:43 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:41 ART