Tuesday, February 22, 2011

PCI DSS Webinars

I will be doing a series of four webinars for Heartland Campus Solutions. Here are the dates and times:

  • March 4, 11 am Eastern
    Payment Card Industry Data Security Standard (PCI DSS):
    What it is and why it matters to Higher Ed institutions

    The first session in a 4 part webinar series helping campuses understand PCI DSS and how it impacts their campus.

  • March 17, 11 am Eastern
    Validating your PCI Compliance:
    A Self-Assessment Questionnaire Clinic

    The second session in a 4 part webinar series helping campuses understand PCI DSS and how it impacts their campus.

  • March 24, 11 am Eastern
    Third-Party Service Providers and Outsourcing:
    A fast track to PCI compliance?

    The third session in a 4 part webinar series helping campuses understand PCI DSS and how it impacts their campus.

  • April 7, 11 am Eastern
    Your Campus PCI Survival Guide
    The fourth session in a 4 part webinar series helping campuses understand PCI DSS and how it impacts their campus.
You can learn more and register for one or more of the webinars here (you may need to scroll down a little). And before you ask, no you don't need to be a Heartland customer to listen and participate (lots of questions, please!) in any one webinar or the whole series.

For those of you new to PCI (or with colleagues in that situation), these will hopefully be a solid introduction to the standard, especially if they are attending the Treasury Institute's PCI Workshop in May.

I hope to "see" many of you there.

Tuesday, February 1, 2011

PCI at Educause Security Conference

I am looking forward to presenting at EDUCAUSE's 2011 Security Professionals Conference. The topic is PCI Compliance in Higher Education, and it will be a practical review of PCI DSS together with some best practices for achieving and maintaining compliance in a Higher Ed environment. Here's more on the conference:

The Security Professionals Conference connects information security professionals, security analysts and engineers, IT staff, privacy officers, C-level executives, and others from across the higher education community. It is the premier forum for strengthening the ability of the higher education sector to protect information assets from the changing threat vectors and respond to the ever-increasing compliance requirements imposed on the higher education community. The Security 2011 conference, "Setting a Course for Collaboration and Innovative Solutions," will focus on security topics that span the information assurance measures of people, process, and technology.

I am doubly excited to be presenting at EDUCAUSE's security conference. First, because they gave me a half-day (3.5 hours...better bring coffee!) at this premier event; and more importantly, because it is a chance to meet with a great group of IT and security people from institutions nationwide.

Here's the plan. The session is Seminar 01-P on Monday, April 4. I'll start out exploring the PCI ecosystem including PCI DSS, PA-DSS, and the card brand mandates. This will be a quick intro for some and review for others. I'll also cover some best practices for meeting what I call PCI Requirement 0 (Reducing scope). That will include outsourcing and related topics. I also plan to delve into changes in PCI version 2.0 and especially the new SAQ C-VT, as well as all the SAQs. I'm looking forward to lots of questions: the last time I did this I got to about my third slide before I was slammed with questions and we went off in whatever direction the audience wanted! I sure hope they have a whiteboard or flip chart.

If EDUCAUSE is in your plans, I hope you will register for my Monday afternoon seminar. Even if you don't like PCI, it's a chance to get to San Antonio a little early and enjoy that beautiful city a bit longer.