Systems with Sensitive Data

by Josef Weiss
October 29, 2013

Nessus can perform a variety of content checks to look for credit card, financial, personal, copy-written and other types of sensitive data. This dashboard summarizes a variety of different types of sensitive data audits.

  • October 28, 2013 , SecurityCenter 4.7.0
  • Requirements - Nessus 5.2.1

Nessus can be used to perform a variety of credentialed, uncredentialed and file inspection checks that look for a variety of different types of data in different file formats. This dashboard is made up of 5 components.

Potential Sensitive Information (Active Scanning): An indicator-based component triggers when certain elements are found by an active Nessus scan.

Systems with Sensitive Data: Lists systems with files that contain sensitive data. A filter selected the repository containing the audit results and a severity of high was used to select those with matching data.

Sensitive Data Types: Summarizes file types that contain sensitive data.

Asset Sensitive Data Audit and Results: Displays an indicator that displays a trigger if any assets hold sensitive data, have vulnerabilities that are exploitable, and if the assets were scanned for sensitive content in the last thirty days.

Sensitive Data – Last 25 Days: Displays a trend of the last 25 days of compliance type data vulnerabilities.

  • Payment Card Industry - 3.2
  • SANS Consensus Audit Guidelines - 15 Data Loss Prevention
  • FISMA - AC-4, MP-2 (2), MP-4 (1), SC-7 (6, 10), SC-9, SC-13, SC-28 (1), SI-4 (4, 11), PM-7