Educause Security Discussion mailing list archives

Re: Consultant recommendations for PCI DSS compliance work?

From: "Don M. Blumenthal" <don () DONBLUMENTHAL COM>
Date: Wed, 20 Jan 2010 12:58:23 -0500

In the interest of keeping things relatively local, and adding that my
contacts with  these companies haven't concerned PCI-DSS issues, I can
suggest two excellent outfits on the QSA list.



IOActive in Seattle



SecureWorks in Atlanta.



Don



======================

Don M. Blumenthal

DMB Associates, LLC

Technology, Policy, and Law

(734) 997-0764

(202) 431-0874 (m)

don () donblumenthal com

www.donblumenthal.com





From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
Sent: Wednesday, January 20, 2010 12:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Consultant recommendations for PCI DSS compliance
work?



I'd be interested in hearing this as well.  I inquired about QSA
recommendations a while back and only received a couple of replies, so any
more information is welcome.



If you're interested in developing internal knowledge on PCI DSS standards
and compliance, the PCI council just posted the planned standards training
sessions for the first half of 2010.  There's only one session in the US, in
Phoenix in Feb.
https://www.pcisecuritystandards.org/education/training.shtml   It's
supposed to be very similar to the training received by the official
Qualified Security Assessors for PCI-DSS (although I expect most QSAs learn
a lot from their colleagues and on the job training).



Brad Judy



Emory University



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Francis
Sent: Wednesday, January 20, 2010 12:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Consultant recommendations for PCI DSS compliance work?





Hello,



In evaluating PCI DSS compliance, I've found that there are a number of
different possible solutions as well as conflicting answers on what can be
compliant. While I'm confident that our internal IT staff could build up
sufficient expertise to ultimately address the compliance requirements, I
think we need to look to outside guidance from those that have expertise
with PCI DSS compliance.



Can anyone recommend a vendor that they have worked with to assist them on
PCI DSS compliance? I'm not looking for a general security consultant; I
need the PCI expertise specific to the IT side but with a very strong
knowledge of the entire set of requirements for PCI DSS compliance.



Thanks,

Greg



Greg Francis
Director, Central Computing and Network Support Services
Gonzaga University

francis () gonzaga edu





__________ Information from ESET Smart Security, version of virus signature
database 4790 (20100120) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Current thread:

Consultant recommendations for PCI DSS compliance work? Greg Francis (Jan 20)
- <Possible follow-ups>
- Re: Consultant recommendations for PCI DSS compliance work? Patrick Laughran (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Brad Judy (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Don M. Blumenthal (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? HALL, NATHANIEL D. (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Hudson, Edward (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Michael Sana (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Blake Penn (Jan 25)