Educause Security Discussion mailing list archives
Re: PCI Responsability
From: Carlos S Lobato <clobato () NMSU EDU>
Date: Fri, 6 Apr 2018 19:28:11 +0000
At New Mexico State University, we have an official University Board called PCI DSS Compliance Committee with representatives from Controller, Treasury, Merchants including University Accounts Receivable and IT representatives from Networking, Applications, Systems and Security. I am the chair of the committee and the committee reports progress annually to the Chancellor of the University. This works very well, has backing from Executive Administration and compliance is taken seriously. In my opinion, I don’t think is a good idea to have Finance or IT solely own it. You the actual merchants involved as they have to operate according to PCI DSS requirements and once they understand the requirements they will implement them. This is working very well for us. Carlos Carlos S. Lobato, CISSP, CISA, CIA, CPA IT Compliance Officer (Chief Privacy Officer) New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003-8001 Phone: 575-646-5902 Fax: 575-646-5278 Email: clobato () nmsu edu<mailto:clobato () nmsu edu> IT Compliance at NMSU - https://itcompliance.nmsu.edu/ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Lazarus, Carolann Sent: Friday, April 6, 2018 1:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] PCI Responsability Same here – IT advises (both security and technical) Controller and Financial Management under the VP Finance has ultimate responsibility. We have a PCI compliance group that will soon morph into a standing PCI Compliance Committee that will have oversight responsibilities. Carolann Lazarus 716-829-6947 lazarus () buffalo edu<mailto:lazarus () buffalo edu> From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Ken Connelly Sent: Friday, April 6, 2018 12:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] PCI Responsability IT Security advises on the technical aspects but the responsibility for compliance lies under the VP for Finance and Operations, specifically Business Operations and Cashiers offices. - ken On 4/6/18 10:18 AM, Ronald King wrote: Good morning colleagues, I wanted to reach out to you to ask what division or department in your institution is ultimately accountable for PCI compliance. Is it your IT, Finance or another department/division? Why? Do you have a dedicated employee, contractor or team overseeing compliance to PCI? As always, feel free to reach me directly. Thank you and have a great weekend! Ron Ronald A. King, CISSP Chief Information Security Officer Morgan State University Office: (443) 885-3372 1700 E. Cold Spring Ln. Email: ronald.king () morgan edu<mailto:ronald.king () morgan edu> Baltimore, MD 21251 URL: http://www.morgan.edu Growing the future ... Leading the world<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf> -- - Ken ================================================================= Ken Connelly Director, Information Security Information Security Officer University of Northern Iowa email: Ken.Connelly () uni edu<mailto:Ken.Connelly () uni edu> p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent!
Current thread:
- Re: PCI Responsability, (continued)
- Re: PCI Responsability Ben Marsden (Apr 06)
- Re: PCI Responsability Josh Callahan (Apr 06)
- Re: PCI Responsability Ken Connelly (Apr 06)
- Re: PCI Responsability Lazarus, Carolann (Apr 06)
- Security Onion - IDS build Sunil Singh (Apr 07)
- Re: PCI Responsability Lazarus, Carolann (Apr 06)
- Re: PCI Responsability Laura Raderman (Apr 06)
- Re: PCI Responsability Rob Milman (Apr 06)
- Re: PCI Responsability Penn, Blake C (Apr 09)
- Re: PCI Responsability Dennis Bolton (Apr 09)
- Re: PCI Responsability Ronald King (Apr 13)
- Re: PCI Responsability Dennis Bolton (Apr 09)
- Re: PCI Responsability Carlos S Lobato (Apr 06)
- Re: PCI Responsability Ronald King (Apr 06)