Educause Security Discussion mailing list archives
Re: Budget for PCI DSS SAQ D for Bookstore Operations
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Tue, 2 Aug 2011 14:08:11 -0400
SAQ D does not only mean you are storing credit cards .. it also applies when you have a "complicated network" - even if none of the machines are storing credit cards
A complicated network means that machines are connected together in some way - for example, if you are using a proxy server for the traffic leaving your edge I'm not an ISV, but I've played one on TV :-) Joel --On Tuesday, August 02, 2011 2:01 PM -0400 "Bazeley, Joseph E." <bazeleje () MUOHIO EDU> wrote:
Can you get them to use PCI DSS SAQ C instead? SAQ D means that they're storing credit card numbers, which will make their PCI compliance effort require more resources and increases the likelihood of a breach leading to exposed credit card numbers and the associated notification. If they don't have an extremely good reason to store those credit card numbers (and it needs to provide an associated benefit that outweighs the cost from doing so), they should quit storing them. Regards, Joe Joe Bazeley Information Security Officer Miami University Hoyt Hall 314 513-529-9252 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Self, Dennis Sent: Tuesday, August 02, 2011 1:56 PM To: SECURITY () listserv educause edu Subject: [SECURITY] Budget for PCI DSS SAQ D for Bookstore Operations Security Friends, Have you developed a budget for PCI DSS SAQ D compliance for your bookstore operation in the recent past? For my institution, the bookstore may be the only operation that cannot be reasonably remediated to qualify for SAQ A or B. If you are willing to share your budget, please respond offline. Also please let me know if I may identify you and your institution to our administration. Lastly, if you reverted back in technology to dial terminals as a solution, please let me know. Kind regards, Dennis Self Director, IT Security & Compliance Technology Services Samford University (205) 726-2692
Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
Current thread:
- Budget for PCI DSS SAQ D for Bookstore Operations Self, Dennis (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Bazeley, Joseph E. (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Joel Rosenblatt (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Bazeley, Joseph E. (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Eric C. Lukens (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Joel Rosenblatt (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Nick Lewis (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Joel Rosenblatt (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Bazeley, Joseph E. (Aug 02)
- <Possible follow-ups>
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Henninger, Craig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Self, Dennis (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Joel Rosenblatt (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Henninger, Craig (Aug 03)