Re: PCI Compliance End-User Training

[Dave Koontz <dkoontz () MBC EDU>]

 Most schools have done this?  Really? Can you prove this?

I tend to think most schools rely upon their campus policy and bank
requirements to ensure that users are aware of their policy and have
users sign off on them.  Sorry, but I don't think schools need to hear a
sales pitch from you or your company to think they are compliant. (nor
fear if they haven't bought your product).
 
I still think the most "cost effective" thing for most of us is not
allowing vendors into the EduCause lists.  Valied help is almost always
a sales pitch when you get right down to it.  This is a perfect case in
point.

On 7/26/2010 7:14 PM, Don Cochran wrote:
> Most schools have created their own Security Awareness course which is
> delivered to faculty and staff. And I would assume most feel the awareness
> course is sufficient for the required training under section 12 of the
> PCI-DSS.  SCIPP International has taken it a bit further and has developed
> industry specific modules which augment their foundation course which
> addresses the uniqueness's of the differing sectors and their requirements.
> SCIPP has an Education module which addresses FERPA, a healthcare module for
> HIPAA Security and a HIPAA Privacy, a retail module for PCI, etc. etc...
>
> We have also developed an on-line course which covers the principles of
> secure coding and satisfies the training requirement found in section 6 of
> the PCI-DSS which calls for the evidence of training on the OWASP Top-10
> (Cross-site scripting, data injection, and the like).
>
> Our cost effective courses are the only ANSI accredited certificate courses
> offered for security awareness training - more info can be found on our
> website or by contacting us at info () scippinternational org
>
> Warm regards,
>
> Don Cochran
> Director, Business Development
> SCIPP International
> 1964 Gallows Road, Suite 320
> Vienna, Virginia 22182
> United States of America
>  
> +1 703.637.4422 (Direct)
> +1 703.599-0666 (Cell)
> +1 703. 637-4371 (Fax)
> www.SCIPPinternational.org
>
>            SCIPP International
> "The Security Awareness Certification Company"
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Aaron Sigmon
> Sent: Monday, July 26, 2010 6:00 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] PCI Compliance End-User Training
>
> Hey guys,
>
> What are you using for PCI Compliance End-User Training?  Are you
> bringing in trainers, using a web-application/software, or just doing
> it in-house?  If you are using trainers and/or webapps/software, are
> there any you can recommend?
>
> Thanks,
>
> Aaron Sigmon
> Information Systems Analyst III
> ITS - Information Technology Services
> Central Piedmont Community College
> Office:  704-330-6141
> Mobile:  704-363-7577