Educause Security Discussion mailing list archives
PCI Compliance vendors WAS: RE: PCI compliance
From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Wed, 26 Mar 2008 22:44:01 -0500
I have to say that I have not been overly excited about using Security Metrics. To me it seems that their scans are very basic and do not really test anything. I have even had a scan say "The remote web server is running Microsoft IIS." In the end, they were trying to say that it was patched lower than the current service pack, even though it was fully updated with service packs and all. That is not the only problem I have had, but they do all seem to be regarding their tests. -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System Administrator OTC Computer Networking (417) 447-7535 ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hatala, Jeffrey Sent: Wednesday, March 26, 2008 8:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI compliance Hello Lee, Depending on how you are capturing your CC#s you may see different parts eliminated from the compliancy list. We use http://www.securitymetrics.com/ The fee is $699.00, however since we are an M&T Bank customer and they have a fee break with Security Metrics, our costs is $139.00 per year. This gives us 4 automatic scan audits on our web server, (one way we capture). We can also log in to their website and run scans any time. There is the PCI self questionnaire on their website that needs to be filled out. These are the questions you need to ask your Department and IT staff. All the info resides on Security Metrics and THEY now act as our liaison to the PCI group that our college reports to. Hope this helps. Make it a great day! Jeff Hatala CISSP - "want to be" ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Lee Weers Sent: Wednesday, March 26, 2008 9:01 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PCI compliance We discovered a department on campus that is still processing credit cards, and I am looking for a contact who would be willing to discuss the steps we need to perform to become PCI compliant. I am looking the questions we need to ask from the department, and then the initial basic steps we need to perform now, until we get all of the documentation found and filled out. Thank you, Lee Weers Assistant Director for Network Services Central College IT Services (641) 628-7675
Current thread:
- PCI Compliance vendors WAS: RE: PCI compliance HALL, NATHANIEL D. (Mar 26)
- <Possible follow-ups>
- Re: PCI Compliance vendors WAS: RE: PCI compliance curtw () siu edu (Mar 26)
- Re: PCI Compliance vendors WAS: RE: PCI compliance HALL, NATHANIEL D. (Mar 26)