Ján Lieskovský

👥 1 conference
🎤 1 talk
📅 Years active: 2016 to 2016

Biography

Ján Lieskovský is a Software Engineer at Red Hat. He has worked at Red Hat since 2005, focusing on computer security. After being a member of the Security Response Team at Red Hat, he switched to Security Technologies to participate on development of open-source security compliance and vulnerability assessment solutions.

He is the upstream contributor to the SCAP Security Guide project, and many other tools from the OpenSCAP ecosystem.

— biography from FOSDEM 2016
https://archive.fosdem.org/2016/schedule/speaker/jan_lieskovsky/

Conferences

1 known conferences

👥 FOSDEM 2016 📅 30 Jan 2016

🎤 Automated Implementation of PCI-DSS compliant solution using open-source tools
30 Jan 2016 show details

In the talk we will present a method how to confine your IT infrastructure (at any scale) against the requirements of Payment Card Industry (PCI) Data Security Standard (DSS).

The topics covered within the talk include: * PCI DSS introduction, * language specifications used for automated assessment of security compliance, * details of PCI DSS benchmark implementation in the SCAP Security Guide, * demonstration of manual assessment of single computer using open-source tools from the OpenSCAP ecosystem, * performing corrective operations (remedial action), * presentation of open-source solution to install PCI DSS compliant system from the scratch, * large scale open-source solutions combining systems management with security compliance

In the talk we will present a method how to confine your IT infrastructure (at any scale) against the requirements of Payment Card Industry (PCI) Data Security Standard (DSS).

Starting with brief PCI DSS introduction, we will proceed to consult commonly used language specifications (XCCDF, OVAL) used for automated assessment of security compliance of a computer infrastructure. Having the basic blocks defined, we will present the details of implementation of PCI-DSS security benchmark in the SCAP Security Guide project. Subsequently we will use this benchmark definition in order to demonstrate a manual assessment of a single computer using the open-source tools from the OpenSCAP ecosystem. Being familiar with the basic toolset we will depict how these tools can be used to perform corrective operations (remedial action) in order the system to reach the PCI-DSS requirements / compliance. Later we will present motivation behind ability to install PCI-DSS compliant system right from the scratch, and also introduce a tool to help us with this effort.

Finally we will conclude with detailing how the presented approach for computer system(s)'s assessment can be used at large(r) scale introducing open-source solutions, combining systems management with security compliance. We will illustrate their application to establish a PCI-DSS compliant infrastructure, and also briefly document steps to be taken, when compliance against different security guidance / baseline would be desired. At the end we will sketch where the development in the area of security compliance might be heading in the future.