Educause Security Discussion mailing list archives

Re: Budget for PCI DSS SAQ D for Bookstore Operations

From: Brad Judy <win-hied () BRADJUDY COM>
Date: Fri, 5 Aug 2011 13:22:41 -0400

My first pass was also a spreadsheet, but I quickly moved to a database with
9 tables and plenty of relationships.  Unfortunately, that database is
currently only manifested in an MS Access file and I haven't pursued making
it something more.  I think this would be an excellent open source web app
idea for someone to pursue, but that isn't my skillset.  

Many of the ASV/QSA companies have an online SAQ offering that has some of
the features, but it seems most are built for SAQ tracking and not more
general-purpose compliance tracking.  A GRC tool can be set up to track PCI
compliance, but the initial set up would take a decent amount of work and
wouldn't be cheap if PCI is the only use you'd get out of it.  

Brad Judy

Emory University

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John Ladwig
Sent: Friday, August 05, 2011 8:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Budget for PCI DSS SAQ D for Bookstore Operations

A 340 row Lovecraftian spreadsheet which causes those who stare into its
depths to gibber in unholy madness.  We call it The  Beast.

The 40+ columns track a lot of things, none of which are on any SAQ;
vendors, manufacturers, contracts language status, versions, validation
types, concessionnaires, CDE segmentation status, SAQ completion dates...
About row 200 I realized this was a database problem, but our development
staff is limited.

    -jml


-----Original Message-----
From: Doug Markiewicz - EDUCAUSE
Sent: 2011-08-05 06:48:02
To: Doug Markiewicz - EDUCAUSE;The EDUCAUSE Security Constituent Group
Listserv
Cc: 
Subject: Re: [SECURITY] Budget for PCI DSS SAQ D for Bookstore Operations

We are working with Trustwave to provide an online portal to track all

information, scans, provide and

track training, do external scans, fill out SAQs, etc.


I'm curious how others are organizing all their PCI compliance data,
tracking training, etc. Manually?  Through a software package or service
provider?

Current thread:

Re: Budget for PCI DSS SAQ D for Bookstore Operations, (continued)
- - - Re: Budget for PCI DSS SAQ D for Bookstore Operations Joel Rosenblatt (Aug 02)
    - Re: Budget for PCI DSS SAQ D for Bookstore Operations Nick Lewis (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 02)
  - Re: Budget for PCI DSS SAQ D for Bookstore Operations Henninger, Craig (Aug 03)
    - Re: Budget for PCI DSS SAQ D for Bookstore Operations Self, Dennis (Aug 03)
    - Re: Budget for PCI DSS SAQ D for Bookstore Operations Joel Rosenblatt (Aug 03)
    - Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 03)
    - Re: Budget for PCI DSS SAQ D for Bookstore Operations Doug Markiewicz - EDUCAUSE (Aug 05)
    - Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 05)
  - Re: Budget for PCI DSS SAQ D for Bookstore Operations Brad Judy (Aug 05)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Carson, Larry (Aug 05)
  - Re: Budget for PCI DSS SAQ D for Bookstore Operations Blake Penn (Aug 09)
    - Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 09)
    - Re: Budget for PCI DSS SAQ D for Bookstore Operations Carson, Larry (Aug 09)