Educause Security Discussion mailing list archives
Re: PCI Compliance End-User Training
From: Eric Case <eric () ERICCASE COM>
Date: Mon, 26 Jul 2010 19:22:29 -0700
Dave, I agree Don went a little far with his plug, but I would have to agree with him that, "Most schools have created their own Security Awareness course which is delivered to faculty and staff." Do you have any numbers that show most schools did not create they own security awareness course? If they did not build it themselves, where did they get their security awareness course? In any case, I saved his post because it is good to know what my options are. -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase (520) 344-CISO (2476)
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dave Koontz Sent: Monday, July 26, 2010 4:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI Compliance End-User Training Most schools have done this? Really? Can you prove this? I tend to think most schools rely upon their campus policy and bank requirements to ensure that users are aware of their policy and have users sign off on them. Sorry, but I don't think schools need to hear a sales pitch from you or your company to think they are compliant. (nor fear if they haven't bought your product). I still think the most "cost effective" thing for most of us is not allowing vendors into the EduCause lists. Valied help is almost always a sales pitch when you get right down to it. This is a perfect case in point. On 7/26/2010 7:14 PM, Don Cochran wrote:Most schools have created their own Security Awareness course whichisdelivered to faculty and staff. And I would assume most feel theawarenesscourse is sufficient for the required training under section 12 ofthePCI-DSS. SCIPP International has taken it a bit further and hasdevelopedindustry specific modules which augment their foundation course which addresses the uniqueness's of the differing sectors and theirrequirements.SCIPP has an Education module which addresses FERPA, a healthcaremodule forHIPAA Security and a HIPAA Privacy, a retail module for PCI, etc.etc...We have also developed an on-line course which covers the principlesofsecure coding and satisfies the training requirement found in section6 ofthe PCI-DSS which calls for the evidence of training on the OWASPTop-10(Cross-site scripting, data injection, and the like). Our cost effective courses are the only ANSI accredited certificatecoursesoffered for security awareness training - more info can be found onourwebsite or by contacting us at info () scippinternational org Warm regards, Don Cochran Director, Business Development SCIPP International 1964 Gallows Road, Suite 320 Vienna, Virginia 22182 United States of America +1 703.637.4422 (Direct) +1 703.599-0666 (Cell) +1 703. 637-4371 (Fax) www.SCIPPinternational.org SCIPP International "The Security Awareness Certification Company" -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Aaron Sigmon Sent: Monday, July 26, 2010 6:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PCI Compliance End-User Training Hey guys, What are you using for PCI Compliance End-User Training? Are you bringing in trainers, using a web-application/software, or just doing it in-house? If you are using trainers and/or webapps/software, are there any you can recommend? Thanks, Aaron Sigmon Information Systems Analyst III ITS - Information Technology Services Central Piedmont Community College Office: 704-330-6141 Mobile: 704-363-7577
Attachment:
smime.p7s
Description:
Current thread:
- PCI Compliance End-User Training Aaron Sigmon (Jul 26)
- Re: PCI Compliance End-User Training Don Cochran (Jul 26)
- Re: PCI Compliance End-User Training Dave Koontz (Jul 26)
- Re: PCI Compliance End-User Training Eric Case (Jul 26)
- Re: PCI Compliance End-User Training Dave Koontz (Jul 26)
- Re: PCI Compliance End-User Training Marcum, Chad A (Jul 26)
- Re: PCI Compliance End-User Training Don Cochran (Jul 26)