tag:blogger.com,1999:blog-5704248368030212351.comments2023-07-06T08:03:57.025-04:00PCI DSS News and Information for Higher EducationGenehttp://www.blogger.com/profile/13307650260688914470noreply@blogger.comBlogger84125tag:blogger.com,1999:blog-5704248368030212351.post-43908210670074817222016-05-19T07:44:16.805-04:002016-05-19T07:44:16.805-04:00Thank you for this article. Very insightful.Thank you for this article. Very insightful.Jayhttps://www.blogger.com/profile/02519623881076224856noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-69267155900846479882015-04-03T13:33:12.082-04:002015-04-03T13:33:12.082-04:00Yes, it will PCI DSS v3.x is the theme of the work...Yes, it will PCI DSS v3.x is the theme of the workshop this year.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-40840925585085553372015-04-03T12:11:23.161-04:002015-04-03T12:11:23.161-04:00We upgraded all of our systems that were running ...We upgraded all of our systems that were running SSL to TLS v1.2 last year. It was a pain but we got it done.Tommy Thttp://www.moreprocess.com/pci-dss/pci-dss-version-3-1-release-announced-for-april-2015noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-75132660282454000742015-04-03T12:07:32.635-04:002015-04-03T12:07:32.635-04:00Hi Gene. Will the workshop cover the revised DSS 3...Hi Gene. Will the workshop cover the revised DSS 3.0 changes?Tommy Thttp://www.moreprocess.com/pci-dss/pci-dss-version-3-1-release-announced-for-april-2015noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-8356744504091376922015-03-28T19:28:52.249-04:002015-03-28T19:28:52.249-04:00You're welcome Jane. You can find a link to th...You're welcome Jane. You can find a link to the Partners and Supporters page on the Workshop main page: http://www.treasuryinstitute.org/pci-dss-workshop-2015/<br /><br />Partners and Supporters direct link: http://www.treasuryinstitute.org/pci-partners-supporters/<br /><br />GeneAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-18431123839388857022015-03-28T11:49:34.652-04:002015-03-28T11:49:34.652-04:00Hi Gene,
Thanks so much for posting the agenda, l...Hi Gene,<br /><br />Thanks so much for posting the agenda, looking forward to the workshop! <br /><br />Can you possibly post a list of the vendors that will be present as well? <br /><br />403labs, Coalfire, Tenable...<br /><br />Best regardsAnonymoushttps://www.blogger.com/profile/08666833161820521248noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-9798641139528963692015-03-18T15:29:41.600-04:002015-03-18T15:29:41.600-04:00Looking forward to it!Looking forward to it!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-45942225374304837242015-02-17T09:22:47.567-05:002015-02-17T09:22:47.567-05:00Joe Tinucci responds:
There are two levels of res...Joe Tinucci responds:<br /><br />There are two levels of response. Hopefully, the first level is the IT help desk or local system administrator who has the background / training to recognize whether something is a real incident or not. That is why I say "Call for Help".<br /><br />Once it is determined that there really is a problem in a system that holds sensitive / critical data, the next level response team would be convened. At a minimum that team would include someone from Treasury because of the bank relationship, the CISO or Chief Risk Officer, someone from legal, someone from the Administration (top management), and someone from Public Relations. Other responders should be included as appropriate, including the fiscal principal for the merchant department (it should be their neck on the line for the consequences of the breach). I hope the organization already has a team in place to respond to other serious breaches, such as systems containing student / private data, research data, and so forth. If not, start with the core team members above and add as necessary -- keeping in mind that the larger the team the more difficult it will be to schedule emergency meetings.<br /><br />-- Joe<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-39485776207190135852015-02-12T19:27:06.095-05:002015-02-12T19:27:06.095-05:00Hi Joe, Great article. In your opinion who should ...Hi Joe, Great article. In your opinion who should be included in the first response triage call? CIO?Controller? Communications? Risk Manager?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-35169307694243111002014-11-16T07:47:03.849-05:002014-11-16T07:47:03.849-05:00This comment has been removed by a blog administrator.albina N murohttps://www.blogger.com/profile/08139646674252673476noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-74941219283036126152014-11-11T07:05:33.119-05:002014-11-11T07:05:33.119-05:00This comment has been removed by a blog administrator.Albert Barkleyhttps://www.blogger.com/profile/18386408699889723892noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-52166793918745920312014-11-10T06:19:14.104-05:002014-11-10T06:19:14.104-05:00This comment has been removed by a blog administrator.Krsitconsultinghttps://www.blogger.com/profile/11587778972859515222noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-62754000668144695572014-11-08T06:29:43.998-05:002014-11-08T06:29:43.998-05:00This comment has been removed by a blog administrator.Anna Schaferhttps://www.blogger.com/profile/09633259957714692411noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-29243117612364783042014-08-08T15:49:29.410-04:002014-08-08T15:49:29.410-04:00We know that many PCI auditors are not really skil...We know that many PCI auditors are not really skilled to perform a quality PCI audit. The auditors are also selected by each merchant. The insurance premium could reflect the quality level of the compliance and security auditing performed at the merchant. <br />Some of the auditors are also selling their own security solutions and may not be totally unbiased in the audit they perform. <br />High quality audits could have helped Target and many other breached retailers to use adequate protection and at minimum follow basic best practices in the IT security area.<br />I read about retailers that are using best practices in an interesting report from the Aberdeen Group. The report revealed that “data tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users”. <br />I think that the Aberdeen approach can quickly address some of the urgent issues, while we start working to fix the other problems. The name of the study, released a few months ago, is “Tokenization Gets Traction”.<br /><br />Ulf Mattsson, CTO Protegrity<br />Ulf Mattssonhttps://www.blogger.com/profile/13713402046831907274noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-82045031098425671672014-07-17T14:51:39.850-04:002014-07-17T14:51:39.850-04:00"as it is very possible to take a hit to your..."as it is very possible to take a hit to your reputation even if a third party is the merchant of record but processing transactions for your customers"<br /><br />Excellent point. Even if you aren't legally or fiscally responsible, the court of public opinion is a totally other matter. Jessica Dodsonhttp://www.sonatype.com/spotlight/pci-compliancenoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-4157553979962099502014-07-10T06:31:23.998-04:002014-07-10T06:31:23.998-04:00Nice work Man! The online survey for higher educa...Nice work Man! The online survey for higher education. It seems good. It can helpful for making plans for higher education.<br /><a href="http://www.latestnewsarticle.com/" rel="nofollow">Get Latest News For Education</a>Anonymoushttps://www.blogger.com/profile/04930281505024284612noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-28675349512968577082014-05-02T18:41:04.877-04:002014-05-02T18:41:04.877-04:00Me too Andrea. It got me charged up!
Good to see ...Me too Andrea. It got me charged up!<br /><br />Good to see you this year, and very sorry I had to miss dinner with you and the crew Sunday night. 2015 will be easier for me.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-18705514051821484592014-05-02T18:37:49.985-04:002014-05-02T18:37:49.985-04:00The survey is now online with the rest of the 2014...The survey is now online with the rest of the 2014 Workshop downloads. The slides from Baylor's presentation on Paciolan thin clients was also added today.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-35600575000137185792014-05-02T08:57:54.409-04:002014-05-02T08:57:54.409-04:00Do you know if the survey has become available for...Do you know if the survey has become available for downloading? Thanks!Unknownhttps://www.blogger.com/profile/00210280677206291146noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-19351042386099494052014-05-01T14:25:38.606-04:002014-05-01T14:25:38.606-04:00I fully agree Gene! Great workshop. Ready for ne...I fully agree Gene! Great workshop. Ready for next year already! :)Andrea Hendricksnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-51337828951652627762014-04-19T01:25:28.904-04:002014-04-19T01:25:28.904-04:00It's really an informative and well described ...It's really an informative and well described post. I appreciate your topic for blogging. Thanks for sharing such a useful post.Salland Storagehttp://www.sallandstorage.nlnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-81286917366981291912014-04-03T13:02:07.338-04:002014-04-03T13:02:07.338-04:00Lauren, thank you so much for your comment. I will...Lauren, thank you so much for your comment. I will read this more closely. The PCI Council puts a lot of information into its publications, and a careful reading is critical.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-88923684775965618682014-03-28T13:35:13.660-04:002014-03-28T13:35:13.660-04:00I was very pleased to find this site and wanted to...I was very pleased to find this site and wanted to thank you for this great read!!Super visa insurance canadahttp://supervisainsuranceforcanada.com/noreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-9253037188150695992014-03-24T11:58:29.070-04:002014-03-24T11:58:29.070-04:00Gene, I'd like to point out a couple of featur...Gene, I'd like to point out a couple of features of the new SAQs that you may have missed, and which may help to answer your question. In SAQ A-EP (and in fact, in all the SAQs), the lead-in sentence before the nine eligibility criteria bullets (which you included in this post) says "for this payment channel." Additionally, the following sentence is included in Part 2a of the Attestation of Compliance form for each SAQ: "If your organization has a payment channel or process that is not covered by this SAQ, consult your acquirer or payment brand about validation for the other channels."Lauren Hollowaynoreply@blogger.comtag:blogger.com,1999:blog-5704248368030212351.post-57048485031484718492014-03-05T02:00:21.154-05:002014-03-05T02:00:21.154-05:00Well, There is no doubt It is really nice sharing....Well, There is no doubt It is really nice sharing.Immigrate to Australiahttp://www.exonimmigration.comnoreply@blogger.com