Re: PCI DSS Training

[Doug Markiewicz <doug () CMU EDU>]

Thanks all for the suggestions. To answer Don's question, just looking at options to satisfy section 12 requirements. 
We have a general security awareness course that touches on cardholder data as part of a broader list of "restricted" 
data but our consultant seems to think it's not sufficient. I think I agree though I do contend that I'm satisfying the 
letter of the standard.


> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Marcum, Chad A
> Sent: Friday, March 30, 2012 5:17 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] PCI DSS Training
>
> IU uses Trustwave's Security Awareness Education as well.
>
> --chad
>
> Chad Marcum
> Payment System Security Analyst
> Office of the Treasurer
> Indiana University
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel Adinolfi
> Sent: Friday, March 30, 2012 9:41 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] PCI DSS Training
>
> On Mar 30, 2012, at 09:10, Joel Rosenblatt wrote:
>
> > We are using Trustwave
>
> We are also using Trustwave.
>
> -Dan