Re: Consultant recommendations for PCI DSS compliance work?

[Michael Sana <msana () HPU EDU>]

The people over at Digital Resources Group listed below (DRGSF.com) have been an excellent resource for PCI consulting. 
 They have offices throughout the US and in Latin America.  Jim Cowing would be the best person to contact over there 
if you are interested.  He can be reached at 650-638-3350.

mike.sana.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Patrick 
Laughran
Sent: Wednesday, January 20, 2010 7:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Consultant recommendations for PCI DSS compliance work?

Hi Greg, all public state and community colleges here in Massachusetts were obligated to use one of the following (see 
below).  I have cut and paste the information from the memo with the contact information.  We used Lighthouse here at 
Framingham State.  We can talk offline about our experience if you like.

The PCI Standards Council also has a great website.  Here is a link to the list of "Qualified Security Assessors" and 
"Approved Scanning Vendors"...  https://www.pcisecuritystandards.org/qsa_asv/find_one.shtml

The Commonwealth of Massachusetts Comptroller's Office conducted a Multiple Department Procurement/Multiple Department 
User Request for Response (RFR) with ITD and other departments that accept credit card payments to select PCI 
Compliance contractors certified by the national PCI Council as Qualified Security Assessors (QSAs) and Approved 
Scanning Vendors (ASVs).  Both Contractors are qualified to provide the consulting, validation, and network scanning 
services for Commonwealth entities.

DIGITAL RESOURCES GROUP, LLC (DRG)


LIGHTHOUSE COMPUTER SERVICES, INC. (LCS)


VC0000390523
PO Box 55071, Boston, MA 02205
Contact:  David Fosdick
Telephone: 978-496-1503
Email Address: pci () drgsf com<mailto:pci () drgsf com>
Fax: 775-855-5042
Web: www.drgsf.com<http://www.drgsf.com/>

VC0000389868
6 Blackstone Valley Place, Suite 205 Lincoln RI 02865
Contact: Timothy Bernard
Telephone: (508) 254-2804
Email Address: tbernard () lighthousecs com<mailto:tbernard () lighthousecs com>
Fax: (401) 334-0719
Web: www.lighthouseCS.com<http://www.lighthousecs.com/>

Authorized Signatories:
James Cowing (Managing Director)
David Fosdick (Vice President)

Authorized Signatories:
Anthony N. Fiore, Jr. (CFO)
Ernie Yenke (Chief Operating Officer)
Thomas Mrva (President)

Prompt Payment Discount:
1% if paid within 15 days

Prompt Payment Discount:
1% paid in 10 days






From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Francis
Sent: Wednesday, January 20, 2010 12:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Consultant recommendations for PCI DSS compliance work?


Hello,

In evaluating PCI DSS compliance, I've found that there are a number of different possible solutions as well as 
conflicting answers on what can be compliant. While I'm confident that our internal IT staff could build up sufficient 
expertise to ultimately address the compliance requirements, I think we need to look to outside guidance from those 
that have expertise with PCI DSS compliance.

Can anyone recommend a vendor that they have worked with to assist them on PCI DSS compliance? I'm not looking for a 
general security consultant; I need the PCI expertise specific to the IT side but with a very strong knowledge of the 
entire set of requirements for PCI DSS compliance.

Thanks,
Greg

Greg Francis
Director, Central Computing and Network Support Services
Gonzaga University
francis () gonzaga edu<mailto:francis () gonzaga edu>