Re: Consultant recommendations for PCI DSS compliance work?

[Brad Judy <win-hied () BRADJUDY COM>]

I'd be interested in hearing this as well.  I inquired about QSA
recommendations a while back and only received a couple of replies, so any
more information is welcome.



If you're interested in developing internal knowledge on PCI DSS standards
and compliance, the PCI council just posted the planned standards training
sessions for the first half of 2010.  There's only one session in the US, in
Phoenix in Feb.
https://www.pcisecuritystandards.org/education/training.shtml   It's
supposed to be very similar to the training received by the official
Qualified Security Assessors for PCI-DSS (although I expect most QSAs learn
a lot from their colleagues and on the job training).



Brad Judy



Emory University



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Francis
Sent: Wednesday, January 20, 2010 12:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Consultant recommendations for PCI DSS compliance work?





Hello,



In evaluating PCI DSS compliance, I've found that there are a number of
different possible solutions as well as conflicting answers on what can be
compliant. While I'm confident that our internal IT staff could build up
sufficient expertise to ultimately address the compliance requirements, I
think we need to look to outside guidance from those that have expertise
with PCI DSS compliance.



Can anyone recommend a vendor that they have worked with to assist them on
PCI DSS compliance? I'm not looking for a general security consultant; I
need the PCI expertise specific to the IT side but with a very strong
knowledge of the entire set of requirements for PCI DSS compliance.



Thanks,

Greg



Greg Francis
Director, Central Computing and Network Support Services
Gonzaga University

francis () gonzaga edu