Re: Administration of PCD DSS Program

["Mitcham, Zachery S." <mitchamz () UNCW EDU>]

http://textfiles.vistech.net/hacking/hackfaq.txt


Zachery S. Mitcham, MSA | Information Technology Security Officer| Information Technology Systems (ITS)|
910 962 3047|mitchamz () uncw edu | http://www.uncw.edu/itsd/about/ITS.html |UNC Wilmington | 
601 South College Road | Wilmington, NC  28403-5616
"Security is Everyone's Business"
  AskTAC for self-service solutions and immediate assistance! (https://asktac.uncw.edu/)

NOTICE: Emails sent and received in the course of university business are subject to the North Carolina Public Records 
Act (N.C.G.S. §132-1 et seq.) and may be released to the public unless an exception applies.




-----Original Message-----
From: Harry Hoffman [mailto:hhoffman () ip-solutions net] 
Sent: Wednesday, March 13, 2013 8:09 AM
To: The EDUCAUSE Security Constituent Group Listserv
Cc: Mitcham, Zachery S.
Subject: Re: [SECURITY] Administration of PCD DSS Program

I don't, regularly, see things posted here that I'd consider mission critical information (famous last words).

I certainly wouldn't post configs to any public (and archived) list.

If you're looking for a community that specifically targets those that are responsible for the security of your 
educational organization you should look to join REN-ISAC [1].

It's a private/vetted community that might be worthwhile to join.

Cheers,
Harry

[1] http://www.ren-isac.net/


On 03/13/2013 07:25 AM, Mitcham, Zachery S. wrote:
> I didn't know that everything posted on this listserv is made public on the Internet.  It's like we're giving our 
> enemy all of the information that they need to circumvent the systems that are discussed here.  Not a good idea.
>
>
>
> Zachery S. Mitcham, MSA
>
>
> On Mar 12, 2013, at 22:05, "Cathy Hubbs" <hubbs () AMERICAN EDU<mailto:hubbs () AMERICAN EDU>> wrote:
>
> Ditto for American University.
>
> Happy to discuss offline as you move forward with your program.
>
> Cathy Hubbs
>
>
> On Mar 12, 2013, at 8:58 PM, "Dan Sarazen" <dsarazen () BRANDEIS EDU<mailto:dsarazen () BRANDEIS EDU>> wrote:
>
>
> Same here. It's based on the banking relationship, so the Treasurer's office, but the ISO does the "hand-holding" for 
> the technical controls an risk assessment.
>
> Good luck,
>
> Dan
>
> On Mar 12, 2013 7:49 PM, "Harry Hoffman" <hhoffman () ip-solutions net<mailto:hhoffman () ip-solutions net>> wrote:
> Treasure's office, both this job and the last.
>
> Cheers,
> Harry
>
> On 03/12/2013 06:11 PM, Carlos Lobato wrote:
> > Hello Colleagues,
> >
> >
> >
> > At your University, what department or function is responsible for the overall administration of the PCI DSS program 
> > i.e. administrator of policy(PCI requirement 12), etc.?
> >
> >
> >
> > I would really appreciate your responses.
> >
> >
> >
> > Carlos
> >
> >
> >
> > Carlos S. Lobato, CISA, CIA
> >
> > IT Compliance Officer
> >
> >
> >
> > New Mexico State University
> >
> > Information and Communication Technologies
> >
> > MSC 3AT PO Box 30001
> >
> > Las Cruces, NM  88003
> >
> >
> >
> > Phone (575) 646-5902<tel:%28575%29%20646-5902>
> >
> > Fax (575) 646-5278<tel:%28575%29%20646-5278>