Educause Security Discussion mailing list archives
Re: Budget for PCI DSS SAQ D for Bookstore Operations
From: Brad Judy <win-hied () BRADJUDY COM>
Date: Fri, 5 Aug 2011 13:22:41 -0400
My first pass was also a spreadsheet, but I quickly moved to a database with 9 tables and plenty of relationships. Unfortunately, that database is currently only manifested in an MS Access file and I haven't pursued making it something more. I think this would be an excellent open source web app idea for someone to pursue, but that isn't my skillset. Many of the ASV/QSA companies have an online SAQ offering that has some of the features, but it seems most are built for SAQ tracking and not more general-purpose compliance tracking. A GRC tool can be set up to track PCI compliance, but the initial set up would take a decent amount of work and wouldn't be cheap if PCI is the only use you'd get out of it. Brad Judy Emory University -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John Ladwig Sent: Friday, August 05, 2011 8:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Budget for PCI DSS SAQ D for Bookstore Operations A 340 row Lovecraftian spreadsheet which causes those who stare into its depths to gibber in unholy madness. We call it The Beast. The 40+ columns track a lot of things, none of which are on any SAQ; vendors, manufacturers, contracts language status, versions, validation types, concessionnaires, CDE segmentation status, SAQ completion dates... About row 200 I realized this was a database problem, but our development staff is limited. -jml -----Original Message----- From: Doug Markiewicz - EDUCAUSE Sent: 2011-08-05 06:48:02 To: Doug Markiewicz - EDUCAUSE;The EDUCAUSE Security Constituent Group Listserv Cc: Subject: Re: [SECURITY] Budget for PCI DSS SAQ D for Bookstore Operations
We are working with Trustwave to provide an online portal to track all
information, scans, provide and
track training, do external scans, fill out SAQs, etc.
I'm curious how others are organizing all their PCI compliance data, tracking training, etc. Manually? Through a software package or service provider?
Current thread:
- Re: Budget for PCI DSS SAQ D for Bookstore Operations, (continued)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Joel Rosenblatt (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Nick Lewis (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Henninger, Craig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Self, Dennis (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Joel Rosenblatt (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Doug Markiewicz - EDUCAUSE (Aug 05)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Henninger, Craig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Brad Judy (Aug 05)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Blake Penn (Aug 09)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 09)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Carson, Larry (Aug 09)