Educause Security Discussion mailing list archives
Re: Consultant recommendations for PCI DSS compliance work?
From: "Don M. Blumenthal" <don () DONBLUMENTHAL COM>
Date: Wed, 20 Jan 2010 12:58:23 -0500
In the interest of keeping things relatively local, and adding that my contacts with these companies haven't concerned PCI-DSS issues, I can suggest two excellent outfits on the QSA list. IOActive in Seattle SecureWorks in Atlanta. Don ====================== Don M. Blumenthal DMB Associates, LLC Technology, Policy, and Law (734) 997-0764 (202) 431-0874 (m) don () donblumenthal com www.donblumenthal.com From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy Sent: Wednesday, January 20, 2010 12:37 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Consultant recommendations for PCI DSS compliance work? I'd be interested in hearing this as well. I inquired about QSA recommendations a while back and only received a couple of replies, so any more information is welcome. If you're interested in developing internal knowledge on PCI DSS standards and compliance, the PCI council just posted the planned standards training sessions for the first half of 2010. There's only one session in the US, in Phoenix in Feb. https://www.pcisecuritystandards.org/education/training.shtml It's supposed to be very similar to the training received by the official Qualified Security Assessors for PCI-DSS (although I expect most QSAs learn a lot from their colleagues and on the job training). Brad Judy Emory University From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Francis Sent: Wednesday, January 20, 2010 12:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Consultant recommendations for PCI DSS compliance work? Hello, In evaluating PCI DSS compliance, I've found that there are a number of different possible solutions as well as conflicting answers on what can be compliant. While I'm confident that our internal IT staff could build up sufficient expertise to ultimately address the compliance requirements, I think we need to look to outside guidance from those that have expertise with PCI DSS compliance. Can anyone recommend a vendor that they have worked with to assist them on PCI DSS compliance? I'm not looking for a general security consultant; I need the PCI expertise specific to the IT side but with a very strong knowledge of the entire set of requirements for PCI DSS compliance. Thanks, Greg Greg Francis Director, Central Computing and Network Support Services Gonzaga University francis () gonzaga edu __________ Information from ESET Smart Security, version of virus signature database 4790 (20100120) __________ The message was checked by ESET Smart Security. http://www.eset.com
Current thread:
- Consultant recommendations for PCI DSS compliance work? Greg Francis (Jan 20)
- <Possible follow-ups>
- Re: Consultant recommendations for PCI DSS compliance work? Patrick Laughran (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Brad Judy (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Don M. Blumenthal (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? HALL, NATHANIEL D. (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Hudson, Edward (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Michael Sana (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Blake Penn (Jan 25)