Educause Security Discussion mailing list archives
Re: Inbound Email Policy & PCIDSS
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 19 Nov 2009 09:28:17 -0700
Our draft Information Security policy says "USU does not accept liability for PSI that is transmitted through, or stored on, IT Resources by the end user for non-university related purposes." Bob Bayn (435)797-2396 Security Team coordinator Stop by the "Security Bunker" in SER 301 to see our network visualizers showing the continual attacks by outsiders. Office of Information Technology at Utah State University ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Zach Jansen [zjanse20 () CALVIN EDU] Sent: Thursday, November 19, 2009 6:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Inbound Email Policy & PCIDSS It doesn't seem feasible to me to write a policy about inbound CC#'s and really expect that to stop people from sending you CC#'s. I'm not saying you shouldn't do it, but unless you have a technical control in place that refuses CC#'s sent to your email system you're going to have CC#'s in your email system. Very little of it may be orders placed via email, ie sent to your "merchants" on campus. However, you will have students getting CC#'s from their parents, faculty and staff sending CC#'s to their spouses, and variations on that general theme. Are you really responsible for these as a merchant? That doesn't really make sense to me. But I am not a QSA or an ASV or an expert on PCI. Zach -- Zach Jansen Information Security Officer Calvin College
Current thread:
- Inbound Email Policy & PCIDSS Witmer, Robert (Nov 18)
- <Possible follow-ups>
- Re: Inbound Email Policy & PCIDSS Brad Judy (Nov 18)
- Re: Inbound Email Policy & PCIDSS Conor McGrath (Nov 18)
- Re: Inbound Email Policy & PCIDSS Joel Rosenblatt (Nov 18)
- Re: Inbound Email Policy & PCIDSS Witmer, Robert (Nov 18)
- Re: Inbound Email Policy & PCIDSS Zach Jansen (Nov 19)
- Re: Inbound Email Policy & PCIDSS Daniel Adinolfi (Nov 19)
- Re: Inbound Email Policy & PCIDSS Joel Rosenblatt (Nov 19)
- Re: Inbound Email Policy & PCIDSS Basgen, Brian (Nov 19)
- Re: Inbound Email Policy & PCIDSS Bob Bayn (Nov 19)
- Re: Inbound Email Policy & PCIDSS Joel Rosenblatt (Nov 19)
- Re: Inbound Email Policy & PCIDSS John Ladwig (Nov 19)
- Re: Inbound Email Policy & PCIDSS Joel Rosenblatt (Nov 19)