Educause Security Discussion mailing list archives

Re: PCI 3.0 compliance

From: Chris Green <CGreen () UTTYLER EDU>
Date: Mon, 9 Feb 2015 18:02:33 +0000

Has anyone looked into or implemented a PCI compliant cloud infrastructure as a solution? I have a call tomorrow with 
someone from FireHost to get more information on their service. Given the extreme cost and man hours it will take to 
get us up from SAQ B to SAQ C, I’m hoping they can provide a much more cost effective solution that will be infinitely 
easier for us to implement.

Thanks,

-C.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben 
Marsden
Sent: Friday, February 06, 2015 1:54 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PCI 3.0 compliance

Alex,  We're (slowly) starting a project as well, so I'd welcome any insights you might glean from your query.

We're (only) a level 3 merchant institutionally, picking the right SAQ(s) is befuddling...

Under v.2.x we'd point everyone at TouchNet and kind of ostriched any business process details.  I got buy-in from the 
Controller's office to use v.3 as a reason to take a better look at some of our on-campus merchants, at least to get 
and keep them aware of risks and best practices.  (The Controller's office are the "we" in this project -- small school 
tribulations.)

-- Ben

On Thu, Feb 5, 2015 at 3:01 PM, Alex Jalso <ACJalso () mail wvu edu<mailto:ACJalso () mail wvu edu>> wrote:
Hello Everyone,

Has anyone started or completed a project regarding PCI 3.0 compliance?  If so, would you be willing to answer a few 
questions and / or have a conversation about it?  Thanks.

Alex

Alex Jalso, PMP, CISM
Director Information Security Services
West Virginia University
p: 304-293-4457<tel:304-293-4457>




--
============================================
Ben Marsden : Information Security Director, CISSP/GISP
ITS, Stoddard Hall, Smith College, Northampton, MA 01063
bmarsden [at] smith [.] edu     413 [.] 585 [.] 4479
---------------------------------------------------------------------
=--> Any request to reveal your Smith password via email is fraudulent!

Current thread:

PCI 3.0 compliance Alex Jalso (Feb 05)
- Re: PCI 3.0 compliance David James Anderson (Feb 05)
  - Re: PCI 3.0 compliance David James Anderson (Feb 05)
- Re: PCI 3.0 compliance Shamblin, Quinn (Feb 06)
  - Re: PCI 3.0 compliance Chris Green (Feb 06)
    - Re: PCI 3.0 compliance Kevin Reedy (Feb 25)
    - Re: PCI 3.0 compliance Ben Parker (Feb 25)
    - Re: PCI 3.0 compliance Kevin Halgren (Feb 25)
    - Re: PCI 3.0 compliance Kevin Reedy (Feb 25)
- Re: PCI 3.0 compliance Ben Marsden (Feb 06)
  - Re: PCI 3.0 compliance Chris Green (Feb 09)