Educause Security Discussion mailing list archives
Re: Visa CISP --- Docs attached
From: Herbert Baines III <herbert.baines () OIT GATECH EDU>
Date: Mon, 30 Jun 2003 14:49:09 -0400
Steve, et al. After talking with the Director, eCommerce Risk Visa USA I have permission to share this information with individuals working information security issues at colleges and universities affiliated with Educause. I have also included our draft credit card policy and procedures that should be in place within the next two weeks. Any comments for policy/procedure improvement will be gladly accepted. Hope this helps. Best regards, -Herb Herbert Baines III, CISA, CISSP Director, OIT Information Security Office of Information Technology Georgia Institute of Technology 258 4th Street Atlanta, GA 30332 http://www.security.gatech.edu/architecture http://www.security.gatech.edu/policy/usage.html herbert.baines () oit gatech edu At 02:17 PM 6/30/2003, Herbert Baines III wrote:
Mark, et al. We have a complete copy of the VISA CISP, I am checking with the appropriate parties to get concurrence for dissemination to non-Tech entities. I can tell you that it contains over 200 specific audit points within a 50 page document. I requested permission to release it to this list, will update you when I get an answer. Best regards, Herbert Baines III, CISA, CISSP Director, OIT Information Security Office of Information Technology Georgia Institute of Technology 258 4th Street Atlanta, GA 30332 http://www.security.gatech.edu/architecture http://www.security.gatech.edu/policy/usage.html herbert.baines () oit gatech edu At 12:48 PM 6/30/2003, you wrote:Don't know if anyone from Ga. Tech is on this list, but they may be able to provide some information related to CISP. M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Steven R. Smith [mailto:Steven.R.Smith () HOFSTRA EDU] Sent: Monday, June 30, 2003 9:38 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Visa CISP Hello all. Our credit card processor contacted us regarding compliance, as a merchant, with Visa's Cardholder Information Security Program. What information does anyone have on this program? How have you approached this issue? Any information would be much appreciated. Here is Visa's site: http://usa.visa.com/business/merchants/cisp_index.html Steve. Steven R. Smith IS Security Specialist Hofstra University 516.463.3944 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Attachment:
VISA Security Audit Procedures and Reporting.doc
Description:
Attachment:
Credit Card Processing Policy - draft v31.doc
Description:
Attachment:
Credit Card Processing Guidelines and Procedures - draft v12.doc
Description:
Current thread:
- Re: Visa CISP --- Docs attached Herbert Baines III (Jun 30)