Educause Security Discussion mailing list archives
Re: PCI DSS compliance challenges
From: Scott Weyandt <scott.weyandt () MORANTECHNOLOGY COM>
Date: Wed, 10 Jun 2009 10:25:49 -0700
One of my colleagues is a PCI Auditor (QSA and PA-QSA certified). He continually states that you cannot over stress the importance of segregating systems that transfer or store card holder data from the rest of your network. If you do so, you greatly limit the scope of a PCI audit to that network segment and its systems. If you do not, your entire network is potentially in scope for a PCI audit. The card holder network segmentation can be accomplished with VLANs and appropriate firewall/ACLs. Scott ***************************************************************** Scott Weyandt, Ph.D. Director, Security and Infrastructure Planning Moran Technology Consulting 877-214-2980 (Voice & Fax) Website: www.MoranTechnology.com ***************************************************************** -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, Brian Sent: Wednesday, June 10, 2009 8:35 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PCI DSS compliance challenges Hi Everyone, Our Finance department has been considering a new model of handling credit cards on our campuses that would involve cashiering stations that track credit card data through a desktop PC and send it over the internet. The interesting challenge for this model is complying with the PCI DSS. Our perception is that these kinds of deployments are becoming fairly common in higher-ed, so it would be interesting to hear the experiences of some other institutions with DSS. Are you segregating card holder data networks? What IT cost was incurred to setup a compliant environment for deployments your institution has done? I welcome any responses on or off list. Thanks! :) ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College Office: 520-206-4873
Current thread:
- PCI DSS compliance challenges Basgen, Brian (Jun 10)
- <Possible follow-ups>
- Re: PCI DSS compliance challenges Gary Flynn (Jun 10)
- Re: PCI DSS compliance challenges Scott Weyandt (Jun 10)
- Re: PCI DSS compliance challenges Gary Flynn (Jun 10)
- Re: PCI DSS compliance challenges Brad Judy (Jun 10)
- Re: PCI DSS compliance challenges Greene, Chip (Jun 10)
- Re: PCI DSS compliance challenges Ellen Smout (Jun 10)
- Re: PCI DSS compliance challenges Basgen, Brian (Jun 10)
- Re: PCI DSS compliance challenges Gary Flynn (Jun 10)
- Re: PCI DSS compliance challenges Gary Flynn (Jun 10)
- Re: PCI DSS compliance challenges John Ladwig (Jun 10)
- Re: PCI DSS compliance challenges Ellen Smout (Jun 10)
- Re: PCI DSS compliance challenges Michael Johnson (Jun 10)
(Thread continues...)