Educause Security Discussion mailing list archives

Re: PCI Responsability

From: "Nevin, Dave" <Dave.Nevin () OREGONSTATE EDU>
Date: Fri, 6 Apr 2018 16:09:52 +0000

Same here at Oregon State University—it is a partnership between our Business Affairs team and the InfoSec Office.

Dave


Dave Nevin | Chief Information Security Officer | Information Services—Office of Information Security | Oregon State 
University



From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Sunil Singh 
<spsfirst () HOTMAIL COM>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Friday, April 6, 2018 at 9:04 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] PCI Responsability

Iowa State University has similar arrangement- Treasures office and IT Security.
Sunil Singh
Director IT Security
ISU

On Apr 6, 2018, at 10:53 AM, Pardonek, Jim <jpardonek () LUC EDU<mailto:jpardonek () LUC EDU>> wrote:
Ron,

We have a bifurcated approach to PCI compliance.  It is a partnership between IT and the finance office.  Assessment of 
technology is the responsibility of IT and procedural assessments are done by finance.  PM me if you need any 
clarification.

Jim


James Pardonek, MS, CISSP, CEH, GSNA
Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL  60660

•: (773) 508-6086

Loyola University Chicago will never ask your for your username or password.
For the lastest information security news at Loyola, please follow us online,
Twitter: @LUCUISO
Facebook: https://www.facebook.com/lucuiso/
Our Blog http://blogs.luc.edu/uiso/

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Ronald King
Sent: Friday, April 6, 2018 10:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] PCI Responsability

Good morning colleagues,

I wanted to reach out to you to ask what division or department in your institution is ultimately accountable for PCI 
compliance. Is it your IT, Finance or another department/division? Why?

Do you have a dedicated employee, contractor or team overseeing compliance to PCI?

As always, feel free to reach me directly.

Thank you and have a great weekend!
Ron
Ronald A. King, CISSP
Chief Information Security Officer
Morgan State University                                                                                           
Office: (443) 885-3372
1700 E. Cold Spring Ln.                                                                                           
Email:  ronald.king () morgan edu<mailto:ronald.king () morgan edu>
Baltimore, MD 21251                                                                                 URL:    
http://www.morgan.edu

                                                Growing the future ... Leading the 
world<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>

Current thread:

PCI Responsability Ronald King (Apr 06)
- Re: PCI Responsability Charles Curtis (Apr 06)
  - Re: PCI Responsability Ronald King (Apr 06)
- Re: PCI Responsability Pardonek, Jim (Apr 06)
  - Re: PCI Responsability Sunil Singh (Apr 06)
    - Re: PCI Responsability Nevin, Dave (Apr 06)
    - Re: PCI Responsability Jason Edelstein (Apr 06)
    - Re: PCI Responsability Ben Marsden (Apr 06)
    - Re: PCI Responsability Josh Callahan (Apr 06)
- Re: PCI Responsability Ken Connelly (Apr 06)
  - Re: PCI Responsability Lazarus, Carolann (Apr 06)
    - Security Onion - IDS build Sunil Singh (Apr 07)
- Re: PCI Responsability Laura Raderman (Apr 06)
- Re: PCI Responsability Rob Milman (Apr 06)
- Re: PCI Responsability Penn, Blake C (Apr 09)
  - Re: PCI Responsability Dennis Bolton (Apr 09)

(Thread continues...)