Re: Visa CISP --- Docs attached

[Herbert Baines III <herbert.baines () OIT GATECH EDU>]

Steve, et al.

After talking with the Director, eCommerce Risk Visa USA I have permission
to share this information with individuals working information security
issues at colleges and universities affiliated with Educause.  I have also
included our draft credit card policy and procedures that should be in
place within the next two weeks.  Any comments for policy/procedure
improvement will be gladly accepted.  Hope this helps.

Best regards,

-Herb
Herbert Baines III, CISA, CISSP
Director, OIT Information Security
Office of Information Technology
Georgia Institute of Technology
258 4th Street
Atlanta, GA 30332
http://www.security.gatech.edu/architecture
http://www.security.gatech.edu/policy/usage.html
herbert.baines () oit gatech edu



At 02:17 PM 6/30/2003, Herbert Baines III wrote:
> Mark, et al.
>
> We have a complete copy of the VISA CISP, I am checking with the
> appropriate parties to get concurrence for dissemination to non-Tech
> entities.  I can tell you that it contains over 200 specific audit points
> within a 50 page document.  I requested permission to release it to this
> list, will update you when I get an answer.
>
> Best regards,
>
> Herbert Baines III, CISA, CISSP
> Director, OIT Information Security
> Office of Information Technology
> Georgia Institute of Technology
> 258 4th Street
> Atlanta, GA 30332
> http://www.security.gatech.edu/architecture
> http://www.security.gatech.edu/policy/usage.html
> herbert.baines () oit gatech edu
>
>
> At 12:48 PM 6/30/2003, you wrote:
> > Don't know if anyone from Ga. Tech is on this list, but they may be able
> > to provide some information related to CISP.
> > M.
> >
> > --
> > Mark S. Bruhn, CISSP
> >
> > Chief IT Security and Policy Officer
> > Interim Director, Research and Educational Networking Information
> > Sharing and Analysis Center (ren-isac () iu edu)
> >
> > Office of the Vice President for Information Technology and CIO
> > Indiana University
> > 812-855-0326
> >
> > Incidents involving IU IT resources: it-incident () iu edu
> > Complaints/kudos about OVPIT/UITS services: itombuds () iu edu
> >
> >
> >
> >
> > -----Original Message-----
> > From: Steven R. Smith [mailto:Steven.R.Smith () HOFSTRA EDU]
> > Sent: Monday, June 30, 2003 9:38 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] Visa CISP
> >
> >
> > Hello all.
> >
> > Our credit card processor contacted us regarding compliance, as a
> > merchant, with Visa's Cardholder Information Security Program.  What
> > information does anyone have on this program?  How have you approached
> > this issue?  Any information would be much appreciated.
> >
> > Here is Visa's site:
> > http://usa.visa.com/business/merchants/cisp_index.html
> >
> > Steve.
> >
> > Steven R. Smith
> > IS Security Specialist
> > Hofstra University
> > 516.463.3944
> >
> > **********
> > Participation and subscription information for this EDUCAUSE Discussion
> > Group discussion list can be found at
> > http://www.educause.edu/memdir/cg/.
> >
> > **********
> > Participation and subscription information for this EDUCAUSE Discussion
> > Group discussion list can be found at http://www.educause.edu/memdir/cg/.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Attachment: VISA Security Audit Procedures and Reporting.doc
Description:

Attachment: Credit Card Processing Policy - draft v31.doc
Description:

Attachment: Credit Card Processing Guidelines and Procedures - draft v12.doc
Description: