Educause Security Discussion mailing list archives

PCI Compliance vendors WAS: RE: PCI compliance

From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Wed, 26 Mar 2008 22:44:01 -0500

I have to say that I have not been overly excited about using Security
Metrics.  To me it seems that their scans are very basic and do not
really test anything.  I have even had a scan say "The remote web server
is running Microsoft IIS."  In the end, they were trying to say that it
was patched lower than the current service pack, even though it was
fully updated with service packs and all.  That is not the only problem
I have had, but they do all seem to be regarding their tests.

 

--

Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Network Security System Administrator
OTC Computer Networking

(417) 447-7535

 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hatala, Jeffrey
Sent: Wednesday, March 26, 2008 8:40 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PCI compliance

 

Hello Lee,

 

Depending on how you are capturing your CC#s you may see different parts
eliminated from the compliancy list.  We use
http://www.securitymetrics.com/   The fee is $699.00, however since we
are an M&T Bank customer and they have a fee break with Security
Metrics, our costs is $139.00 per year.  This gives us 4 automatic scan
audits on our web server, (one way we capture).  We can also log in to
their website and run scans any time. There is the PCI self
questionnaire on their website that needs to be filled out.  These are
the questions you need to ask your Department and IT staff.  All the
info resides on Security Metrics and THEY now act as our liaison to the
PCI group that our college reports to.    

 

Hope this helps. 

Make it a great day!
Jeff Hatala

CISSP - "want to be"

 

 

 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Lee Weers
Sent: Wednesday, March 26, 2008 9:01 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] PCI compliance

 

We discovered a department on campus that is still processing credit
cards, and I am looking for a contact who would be willing to discuss
the steps we need to perform to become PCI compliant.  I am looking the
questions we need to ask from the department, and then the initial basic
steps we need to perform now, until we get all of the documentation
found and filled out.

Thank you, 
  
Lee Weers 
Assistant Director for Network Services 
Central College IT Services 
(641) 628-7675

Current thread:

PCI Compliance vendors WAS: RE: PCI compliance HALL, NATHANIEL D. (Mar 26)
- <Possible follow-ups>
- Re: PCI Compliance vendors WAS: RE: PCI compliance curtw () siu edu (Mar 26)
- Re: PCI Compliance vendors WAS: RE: PCI compliance HALL, NATHANIEL D. (Mar 26)