Educause Security Discussion mailing list archives
Re: PCI Responsability
From: Josh Callahan <josh.callahan () HUMBOLDT EDU>
Date: Fri, 6 Apr 2018 09:30:43 -0700
Another smaller school here, I share the PCI responsibility with the manager of Student Financial Services. The VP of Admin Affairs signs the set of SAQs that we put together each year. -Josh On Fri, Apr 6, 2018 at 9:24 AM, Ben Marsden <bmarsden () smith edu> wrote:
Perhaps a Small School approach... It is a definite partnership here as well, but the Controller's Office officially "owns" PCI compliance, primarily because they own the relationships with the various card processing entities (whoever has been allocated a merchant ID), are more familiar with the business processes being used (or changes therein), and also own the relationship with our financial provider (BoA). -- Ben On Fri, Apr 6, 2018 at 12:09 PM, Nevin, Dave <Dave.Nevin () oregonstate edu> wrote:Same here at Oregon State University—it is a partnership between our Business Affairs team and the InfoSec Office. Dave *Dave Nevin *|* Chief Information Security Officer *| *Information Services—Office of Information Security *|* Oregon State* *University * *From: *The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Sunil Singh < spsfirst () HOTMAIL COM> *Reply-To: *The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *Date: *Friday, April 6, 2018 at 9:04 AM *To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> *Subject: *Re: [SECURITY] PCI Responsability Iowa State University has similar arrangement- Treasures office and IT Security. Sunil Singh Director IT Security ISU On Apr 6, 2018, at 10:53 AM, Pardonek, Jim <jpardonek () LUC EDU> wrote: Ron, We have a bifurcated approach to PCI compliance. It is a partnership between IT and the finance office. Assessment of technology is the responsibility of IT and procedural assessments are done by finance. PM me if you need any clarification. Jim *James Pardonek, MS, CISSP, CEH, GSNA* *Information Security Officer* * Loyola University Chicago 1032 W. Sheridan Road | Chicago, IL <https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660+%0D%0A+%0D%0A(+:+(773&entry=gmail&source=g> <https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+%C2%A0%C2%A0+60660+%0D%0A+%0D%0A(+:+(773&entry=gmail&source=g>60660 <https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660+%0D%0A+%0D%0A(+:+(773&entry=gmail&source=g> * * (**: (773 <https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660+%0D%0A+%0D%0A(+:+(773&entry=gmail&source=g>) 508-6086* *Loyola University Chicago will never ask your for your username or password.* *For the lastest information security news at Loyola, please follow us online,* *Twitter: @LUCUISO* *Facebook: *https://www.facebook.com/lucuiso/ *Our Blog **http://blogs.luc.edu/uiso/* <http://blogs.luc.edu/uiso/> *From:* The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Ronald King *Sent:* Friday, April 6, 2018 10:18 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] PCI Responsability Good morning colleagues, I wanted to reach out to you to ask what division or department in your institution is ultimately accountable for PCI compliance. Is it your IT, Finance or another department/division? Why? Do you have a dedicated employee, contractor or team overseeing compliance to PCI? As always, feel free to reach me directly. Thank you and have a great weekend! Ron *Ronald A. King, CISSP* Chief Information Security Officer Morgan State University Office: (443) 885-3372 1700 E. Cold Spring Ln <https://maps.google.com/?q=1700+E.+Cold+Spring+Ln&entry=gmail&source=g>. Email: ronald.king () morgan edu Baltimore, MD 21251 URL: http://www.morgan.edu *Growing the future ... Leading the world* <http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>-- [}--> BEWARE of links and attachments in email! * Stop, Think before you click * ============================================ Ben Marsden : Information Security Director, CISSP ITS, 201 Stoddard Hall, Smith College, Northampton, MA 01063 --------------------------------------------------------------------- =--> Any request to reveal your Smith password via email is fraudulent!
-- ------------------------------------------------- Josh Callahan Information Security Officer and CTO ITS :: Humboldt State University 1 Harpst St. Arcata CA 95521 707.826.3815
Current thread:
- PCI Responsability Ronald King (Apr 06)
- Re: PCI Responsability Charles Curtis (Apr 06)
- Re: PCI Responsability Ronald King (Apr 06)
- Re: PCI Responsability Pardonek, Jim (Apr 06)
- Re: PCI Responsability Sunil Singh (Apr 06)
- Re: PCI Responsability Nevin, Dave (Apr 06)
- Re: PCI Responsability Jason Edelstein (Apr 06)
- Re: PCI Responsability Ben Marsden (Apr 06)
- Re: PCI Responsability Josh Callahan (Apr 06)
- Re: PCI Responsability Sunil Singh (Apr 06)
- Re: PCI Responsability Charles Curtis (Apr 06)
- Re: PCI Responsability Lazarus, Carolann (Apr 06)
- Security Onion - IDS build Sunil Singh (Apr 07)
- Re: PCI Responsability Dennis Bolton (Apr 09)
- Re: PCI Responsability Ronald King (Apr 13)
- <Possible follow-ups>
- Re: PCI Responsability Carlos S Lobato (Apr 06)
- Re: PCI Responsability Ronald King (Apr 06)