Educause Security Discussion mailing list archives
Re: PCI DSS Review - 40 Hours?
From: "Marcum, Chad A" <cmarcum () IU EDU>
Date: Tue, 24 Apr 2012 23:22:07 +0000
In 40 hours, I think I would try to figure out how many locations take credit cards. How do they take them (analog terminal, wifi terminal, Ethernet terminal, computer with a web browser, ...). Then find out how many transactions a year your institution does, and are they all under one MID? That should let you know which merchant level you are, and what SAQ you need to fill out. There is still plenty of more work to do though. PCI SSC has a prioritized approach to PCI that is a good read, and reviewing the PCI DSS itself never hurts. I'm happy to chat more off list, if you like. Also as part of my two cents, I'd say don't let the non-edu members of the forum scare you with RoC and AoC talk. Chad Sent from my iPad On Apr 24, 2012, at 12:31 PM, "Dan Sarazen" <dsarazen () BRANDEIS EDU<mailto:dsarazen () BRANDEIS EDU>> wrote: Hi All, I’ve been asked to conduct a PCI DSS review in 40 hours. Anyone think that’s responsibly doable? Also, does anyone have a PCI DSS Audit plan? Many Thanks! Dan Sarazen Senior IT Auditor The Boston Consortium for Higher Education Brandeis University, Mailstop 110 Phone: 781-736-8703 Cell: 781-296-4444 Fax: 781-736-8706
Current thread:
- Re: PCI DSS Review - 40 Hours?, (continued)
- Re: PCI DSS Review - 40 Hours? Drew Perry (Apr 24)
- Re: PCI DSS Review - 40 Hours? Lorenz, Eva (Apr 24)
- Re: PCI DSS Review - 40 Hours? Radford, Jennifer (Apr 24)
- Re: PCI DSS Review - 40 Hours? Lorenz, Eva (Apr 24)
- Re: PCI DSS Review - 40 Hours? Rich Graves (Apr 24)
- Re: PCI DSS Review - 40 Hours? Jon Young (Apr 24)
- Re: PCI DSS Review - 40 Hours? Dan Sarazen (Apr 24)
- Re: PCI DSS Review - 40 Hours? Michael Johnson (Apr 24)
- Re: PCI DSS Review - 40 Hours? Valdis Kletnieks (Apr 24)
- Re: PCI DSS Review - 40 Hours? Jon Young (Apr 25)
- Re: PCI DSS Review - 40 Hours? Dan Sarazen (Apr 24)
- Re: PCI DSS Review - 40 Hours? Brad Judy (Apr 24)
- Re: PCI DSS Review - 40 Hours? Drew Perry (Apr 24)
- Re: PCI DSS Review - 40 Hours? Marcum, Chad A (Apr 24)
- Re: PCI DSS Review - 40 Hours? Hugh Burley (Apr 26)
- Re: PCI DSS Review - 40 Hours? John Hoffoss (Apr 30)