Educause Security Discussion mailing list archives

Re: PCI Responsability

From: Josh Callahan <josh.callahan () HUMBOLDT EDU>
Date: Fri, 6 Apr 2018 09:30:43 -0700

Another smaller school here, I share the PCI responsibility with the
manager of Student Financial Services.  The VP of Admin Affairs signs the
set of SAQs that we put together each year.

-Josh

On Fri, Apr 6, 2018 at 9:24 AM, Ben Marsden <bmarsden () smith edu> wrote:

Perhaps a Small School approach...  It is a definite partnership here as
well, but the Controller's Office officially "owns" PCI compliance,
primarily because they own the relationships with the various card
processing entities (whoever has been allocated a merchant ID),  are more
familiar with the business processes being used (or changes therein), and
also own the relationship with our financial provider (BoA).

-- Ben

On Fri, Apr 6, 2018 at 12:09 PM, Nevin, Dave <Dave.Nevin () oregonstate edu>
wrote:

Same here at Oregon State University—it is a partnership between our
Business Affairs team and the InfoSec Office.



Dave





*Dave Nevin *|* Chief Information Security Officer *| *Information
Services—Office of Information Security *|* Oregon State* *University *







*From: *The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Sunil Singh <
spsfirst () HOTMAIL COM>
*Reply-To: *The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU>
*Date: *Friday, April 6, 2018 at 9:04 AM
*To: *"SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
*Subject: *Re: [SECURITY] PCI Responsability



Iowa State University has similar arrangement- Treasures office and IT
Security.

Sunil Singh

Director IT Security

ISU


On Apr 6, 2018, at 10:53 AM, Pardonek, Jim <jpardonek () LUC EDU> wrote:

Ron,



We have a bifurcated approach to PCI compliance.  It is a partnership
between IT and the finance office.  Assessment of technology is the
responsibility of IT and procedural assessments are done by finance.  PM me
if you need any clarification.



Jim





*James Pardonek, MS, CISSP, CEH, GSNA*

*Information Security Officer*


* Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL
<https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660+%0D%0A+%0D%0A(+:+(773&entry=gmail&source=g>
<https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+%C2%A0%C2%A0+60660+%0D%0A+%0D%0A(+:+(773&entry=gmail&source=g>60660
<https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660+%0D%0A+%0D%0A(+:+(773&entry=gmail&source=g>
*
* (**: (773
<https://maps.google.com/?q=1032+W.+Sheridan+Road+%7C+Chicago,+IL+60660+%0D%0A+%0D%0A(+:+(773&entry=gmail&source=g>)
508-6086*



*Loyola University Chicago will never ask your for your username or
password.*

*For the lastest information security news at Loyola, please follow us
online,*

*Twitter: @LUCUISO*

*Facebook: *https://www.facebook.com/lucuiso/

*Our Blog **http://blogs.luc.edu/uiso/* <http://blogs.luc.edu/uiso/>



*From:* The EDUCAUSE Security Constituent Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Ronald King
*Sent:* Friday, April 6, 2018 10:18 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] PCI Responsability



Good morning colleagues,



I wanted to reach out to you to ask what division or department in your
institution is ultimately accountable for PCI compliance. Is it your IT,
Finance or another department/division? Why?



Do you have a dedicated employee, contractor or team overseeing
compliance to PCI?



As always, feel free to reach me directly.



Thank you and have a great weekend!

Ron

*Ronald A. King, CISSP*

Chief Information Security Officer

Morgan State University
                                Office: (443) 885-3372

1700 E. Cold Spring Ln
<https://maps.google.com/?q=1700+E.+Cold+Spring+Ln&entry=gmail&source=g>.

                                  Email:  ronald.king () morgan edu

Baltimore, MD 21251
                                                        URL:
http://www.morgan.edu



                                                *Growing the future ...
Leading the world*
<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>



--
[}--> BEWARE of links and attachments in email!   *  Stop, Think before
you click *
============================================
Ben Marsden : Information Security Director, CISSP
ITS, 201 Stoddard Hall, Smith College, Northampton, MA 01063
---------------------------------------------------------------------
=--> Any request to reveal your Smith password via email is fraudulent!




-- 
-------------------------------------------------
Josh Callahan
Information Security Officer and CTO
ITS :: Humboldt State University
1 Harpst St. Arcata CA 95521  707.826.3815

Current thread:

PCI Responsability Ronald King (Apr 06)
- Re: PCI Responsability Charles Curtis (Apr 06)
  - Re: PCI Responsability Ronald King (Apr 06)
- Re: PCI Responsability Pardonek, Jim (Apr 06)
  - Re: PCI Responsability Sunil Singh (Apr 06)
    - Re: PCI Responsability Nevin, Dave (Apr 06)
    - Re: PCI Responsability Jason Edelstein (Apr 06)
    - Re: PCI Responsability Ben Marsden (Apr 06)
    - Re: PCI Responsability Josh Callahan (Apr 06)
- Re: PCI Responsability Ken Connelly (Apr 06)
  - Re: PCI Responsability Lazarus, Carolann (Apr 06)
    - Security Onion - IDS build Sunil Singh (Apr 07)
- Re: PCI Responsability Laura Raderman (Apr 06)
- Re: PCI Responsability Rob Milman (Apr 06)
- Re: PCI Responsability Penn, Blake C (Apr 09)
  - Re: PCI Responsability Dennis Bolton (Apr 09)
    - Re: PCI Responsability Ronald King (Apr 13)
- <Possible follow-ups>
- Re: PCI Responsability Carlos S Lobato (Apr 06)
  - Re: PCI Responsability Ronald King (Apr 06)