Educause Security Discussion mailing list archives
Re: Budget for PCI DSS SAQ D for Bookstore Operations
From: "Carson, Larry" <larry.carson () UBC CA>
Date: Fri, 5 Aug 2011 07:51:47 -0700
I would recommend descoping to SAQ C, if at all possible. This may mean updating data stores in a DB, sanitising (possibly even destroying) backups and logs, Santising email stores, etc. Just keep a record of all items sanitised, as it is a good record of your descoping exercise. WRT tracking compliance: spreadsheets, lots of them but we're considering a GRC solution to keep our sanity. Larry --- Larry Carson Associate Director, Information Security Management Information Technology | Engage. Envision. Enable. The University of British Columbia Tel: 604.822.0773 | Twitter: @L4rryC4rson ----- Original Message ----- From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Fri Aug 05 05:18:21 2011 Subject: Re: [SECURITY] Budget for PCI DSS SAQ D for Bookstore Operations A 340 row Lovecraftian spreadsheet which causes those who stare into its depths to gibber in unholy madness. We call it The Beast. The 40+ columns track a lot of things, none of which are on any SAQ; vendors, manufacturers, contracts language status, versions, validation types, concessionnaires, CDE segmentation status, SAQ completion dates... About row 200 I realized this was a database problem, but our development staff is limited. -jml -----Original Message----- From: Doug Markiewicz - EDUCAUSE Sent: 2011-08-05 06:48:02 To: Doug Markiewicz - EDUCAUSE;The EDUCAUSE Security Constituent Group Listserv Cc: Subject: Re: [SECURITY] Budget for PCI DSS SAQ D for Bookstore Operations
We are working with Trustwave to provide an online portal to track all information, scans, provide and track training, do external scans, fill out SAQs, etc.
I'm curious how others are organizing all their PCI compliance data, tracking training, etc. Manually? Through a software package or service provider?
Current thread:
- Re: Budget for PCI DSS SAQ D for Bookstore Operations, (continued)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Nick Lewis (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 02)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Henninger, Craig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Self, Dennis (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Joel Rosenblatt (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Doug Markiewicz - EDUCAUSE (Aug 05)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Henninger, Craig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 03)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Brad Judy (Aug 05)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Blake Penn (Aug 09)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations John Ladwig (Aug 09)
- Re: Budget for PCI DSS SAQ D for Bookstore Operations Carson, Larry (Aug 09)