Re: PCI Responsability

[Jason Edelstein <jasone () UCHICAGO EDU>]

And here as well - IT Security and our Bursar handle it together.

Jason Edelstein
IT Risk and Compliance Program Manager
University of Chicago, IT Services
desk: 773 834 3457
security.uchicago.edu / 773 702 CERT

On 4/6/2018 11:09 AM, Nevin, Dave wrote:
> Same here at Oregon State University—it is a partnership between our 
> Business Affairs team and the InfoSec Office.
>
> Dave
>
> *Dave Nevin *|* Chief Information Security Officer *|***Information 
> Services—Office of Information Security *|* Oregon State**University *
>
> *From: *The EDUCAUSE Security Constituent Group Listserv 
> <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Sunil Singh 
> <spsfirst () HOTMAIL COM>
> *Reply-To: *The EDUCAUSE Security Constituent Group Listserv 
> <SECURITY () LISTSERV EDUCAUSE EDU>
> *Date: *Friday, April 6, 2018 at 9:04 AM
> *To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
> *Subject: *Re: [SECURITY] PCI Responsability
>
> Iowa State University has similar arrangement- Treasures office and IT 
> Security.
>
> Sunil Singh
>
> Director IT Security
>
> ISU
>
>
> On Apr 6, 2018, at 10:53 AM, Pardonek, Jim 
> <jpardonek () LUC EDU<mailto:jpardonek () LUC EDU>> wrote:
>
>     Ron,
>
>     We have a bifurcated approach to PCI compliance.  It is a
>     partnership between IT and the finance office. Assessment of
>     technology is the responsibility of IT and procedural assessments
>     are done by finance.  PM me if you need any clarification.
>
>     Jim
>
>     *James Pardonek, MS, CISSP, CEH, GSNA*
>
>     *Information Security Officer**
>     Loyola University Chicago
>     1032 W. Sheridan Road | Chicago, IL  60660
>     **
>     (**: (773) 508-6086*
>
>     *Loyola University Chicago will never ask your for your username
>     or password.*
>
>     *For the lastest information security news at Loyola, please
>     follow us online,*
>
>     *Twitter: @LUCUISO*
>
>     *Facebook: *https://www.facebook.com/lucuiso/
>
>     *Our Blog **http://blogs.luc.edu/uiso/*
>
>     *From:*The EDUCAUSE Security Constituent Group Listserv
>     <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
>     *On Behalf Of *Ronald King
>     *Sent:* Friday, April 6, 2018 10:18 AM
>     *To:*
>     SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
>     *Subject:* [SECURITY] PCI Responsability
>
>     Good morning colleagues,
>
>     I wanted to reach out to you to ask what division or department in
>     your institution is ultimately accountable for PCI compliance. Is
>     it your IT, Finance or another department/division? Why?
>
>     Do you have a dedicated employee, contractor or team overseeing
>     compliance to PCI?
>
>     As always, feel free to reach me directly.
>
>     Thank you and have a great weekend!
>
>     Ron
>
>     *Ronald A. King, CISSP*
>
>     Chief Information Security Officer
>
>     Morgan State UniversityOffice:(443) 885-3372
>
>     1700 E. Cold Spring
>     Ln.Email:ronald.king () morgan edu<mailto:ronald.king () morgan edu>
>
>     Baltimore, MD 21251URL:http://www.morgan.edu
>
>     *Growing the future ... Leading the
>     world*<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>