PCI DSS - 64 Resources

Overview
Publications (17)
Presentations (20)
Policies (13)
Podcasts (1)
Blogs (13)

Overview

Introduction

The Payment Card Industry Data Security Standard (PCI DSS) first came on the scene in 2005 as a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

To the extent that colleges and universities accept credit card payments for tuition, fees, conference registrations, or other services, institutions of higher education will have contractual obligations to fulfill the data security standards established by the payment card industry. Some colleges and universities have begun to consider the standards as a potential model for the handling of all types of sensitive data at their institutions and are exploring the extension of the standards to other types of information collected, stored, and distributed on campus networks.

Background

The Treasury Institute for Higher Education has been the focal point for helping colleges and universities to become PCI DSS compliant, hosting two workshops for the higher education community. In partnership with the National Association of College and University Business Officers (NACUBO), the Treasury Institute represent the business and financial interests of institutions of higher education. Additionally, information security officers and other IT staff from colleges and universities have attended the workshops and several institutions have been actively pursuing PCI DSS compliance for their institution. The Treasury Institute has also published a whitepaper for higher education and a checklist of best practices.

The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council’s mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.

Publications (17)

EDUCAUSE publications address a diverse range of professional challenges in higher education IT, from updates on current developments to explorations of important overarching issues. Listed below are the full range of research, reports and other publications that EDUCAUSE and its members have written about PCI DSS.

Item ID	Title	Pub Date	Views
EQM1019	Meeting a New Credit Card Security Standard	03/03/2010	2,164
CSD5876	Compliance Matrix Poster for IT & Compliance Professionals	03/17/2010	3,135
ERM0653	A Unified Approach to Information Security Compliance	01/01/2006	23,942
CSD5261	PCI Confusion Is The Norm	12/07/2007	595
CSD5298	Straight Talk About Data Security	12/26/2007	601
ERM0759	“Give Us Credit”: Evolving Security Standards for Credit Card Information	08/29/2007	3,937
EPS280	E-Commerce and the Cardholder Information Security Program (CISP)	01/01/2005	2,700
CSD4953	PCI Security Standards Council	06/11/2007	1,600
CSD4955	VISA USA's Cardholder Information Security Program (CISP)	06/11/2007	1,574
CSD4956	The MasterCard SDP (Site Data Protection) Program	06/11/2007	1,728
CSD4957	Payment Card Industry (PCI) Data Security Standard	09/11/2006	2,041
CSD4960	Payment Card Industry Data Security Standard (PCI-DSS): Self-Assessment Questionnaire	12/01/2004	2,276
CSD4997	States' Freudian PCI Envy	06/29/2007	2,140
CSD5005	Treasury Institute For Higher Education PCI DSS Resources	07/11/2007	2,494
CSD5006	Why Banks View Campuses as High Risk Customers	03/11/2007	2,423
CSD5016	Treasury Institute Blog	07/25/2007	2,206
CSD5128	Information Security and Data Breach Notification Safeguards	01/28/2010	3,179

Presentations (20)

Stepping away from the distractions of normal routine to meet with peers, share experiences, and learn together can be invaluable. EDUCAUSE places great emphasis on the face-to-face meeting experience, offering you numerous opportunities throughout the year to gather with colleagues - from small regional events and special topic meetings to large, national conferences covering the full spectrum of roles and issues important to higher education. For more information on EDUCAUSE conferences and seminars, please see our Frequently Asked Questions page. Listed below is the full range of presentations EDUCAUSE and its members tagged with PCI DSS

Item ID	Title	Pub Date	Views
MARC11_218800	Trustwave	01/13/2011	146
ENT11_224021	Achieving Cost-Effective PCI Compliance	05/17/2011	134
SEC12_245317	Seminar 01P - How Tokenization and Point-to-Point Encryption Can Reduce Your School's PCI Scope (or Not)	05/15/2012	144
SEC10_203011	Hot Topic Discussion: PCI DSS for Higher Education	04/13/2010	550
SEC11_222402	Two Diverse Approaches to PCI-DSS Compliance	04/05/2011	383
E11_229364	Reducing the Cost of PCI Compliance	10/20/2011	352
SWRC10_198012	PCI DSS: Credit Card Security Basics	02/19/2010	290
SEC09_170502	Conducting Internal PCI DSS Assessments	04/22/2009	463
E09_176086	Securing Campus Web Applications with Vulnerability Scanning and Web Application Firewalls	11/05/2009	400
MARC09_48024	Performing Risk Analysis and Testing: Outsource or In-House? A Towson University Case Study	01/07/2009	1,034
MWR08070	Navigating the Regulatory Maze: Notre Dame’s PCI Solution	03/17/2008	678
SEC08064	PCI DSS Lessons Learned	05/04/2008	454
SEC08074	The Data Center Within a Data Center: Building a Secure Environment for Compliance	05/04/2008	564
EDU07037	Secure Data Exchange	10/23/2007	859
SEC07074	Roundup of Legal Developments in Cybersecurity and Privacy Law	04/11/2007	1,871
CSD4961	PCI/DSS Workshop Materials	05/31/2006	2,217
LIVE0717	Lessons Learned on the Road to PCI Compliance	09/05/2007	3,304
EDU07218	Tackling Campus-Wide E-Commerce	10/23/2007	514
EDU07285	PCI Compliance in the University Setting	10/23/2007	1,722
SPC0674	Two Approaches to PCI DSS Compliance	04/11/2006	2,919

Policies (13)

Item ID	Title	Resource Category	Pub Date	Views
CSD6000	NDSU Guidelines for Protecting Sensitive Data Policies and Procedures	Community Contributions	09/03/2010	432
CSD6010	Security for Mobile Computing and Storage Device Policy Policies and Procedures	Community Contributions	04/06/2011	519
CSD6031	Unviersity of Utah Policy on Payment Card Acceptance Policies and Procedures	Community Contributions	08/23/2009	53
CSD6032	Unviersity of Minnesota Accepting Revenue Via Payment Cards Policies and Procedures	Community Contributions	01/04/2010	43
CSD6033	Cornell University Accepting Credit Cards to Conduct University Business Policies and Procedures	Community Contributions	02/10/2011	55
CSD5959	University of British Columbia: PCI Compliance Resources Policies and Procedures	Community Contributions	10/04/2010	150
CSD4958	Payment Card Industry Data Security Standard (PCI-DSS): Security Scanning Procedures Policies and Procedures	Community Contributions	09/11/2006	1,865
CSD4959	Payment Card Industry Data Security Standard (PCI-DSS): Security Audit Procedures Policies and Procedures	Community Contributions	09/11/2006	2,399
CSD5046	The University of Iowa Credit Card Handling Policies and Procedures Policies and Procedures	Community Contributions	08/13/2007	3,110
CSD5048	Policy Coverage Matrix for Payment Card Industry Policies and Procedures	Community Contributions	08/13/2007	3,096
CSD5033	Accepting Payment Cards Policies and Procedures	Community Contributions	08/02/2007	3,138
CSD5047	Duke University: The Payment Card Industry (PCI) Data Security Standard Policies and Procedures	Community Contributions	08/01/2007	3,288
CSD6030	KUMC Payment Card Acceptance Operational Protocol (PCI) Policies and Procedures	Community Contributions	03/13/2011	36

Podcasts (1)

Name	Views	Post date
EDUCAUSE LIVE! Podcast: Lessons Learned on the Road to PCI Compliance Play \| Show Notes \| Download (40.53 MB audio/mpeg)	3,952	09/12/2007

Blogs (13)

EDUCAUSE hosts a number of blogs for its members. To view a list of all our blogs, click here.

Title	Blogger	Posted	Views
PCI v2.0 Comment Period Now Open!	Valerie M. Vogel, EDUCAUSE	11/10/2011	83
Security Sessions at the 2011 EDUCAUSE Enterprise Conference	Valerie M. Vogel, EDUCAUSE	05/11/2011	37
2011 Security Professionals Online Conference: View Program, Register Now	Peggy Kurkowski, EDUCAUSE	03/04/2011	104
2011 Security Professionals Conference: Early-Bird Rates End March 7	Peggy Kurkowski, EDUCAUSE	02/15/2011	89
Register Now for the 2011 Security Professionals Conference	Valerie M. Vogel, EDUCAUSE	01/31/2011	60
Register Now for the 2011 Security Professionals Conference	Peggy Kurkowski, EDUCAUSE	01/28/2011	146
Academic Medical Center Security and Privacy Conference: Registration Now Open	Valerie M. Vogel, EDUCAUSE	03/15/2010	148
Complying With the New Payment Application Data Security Standard (PA-DSS)	Valerie M. Vogel, EDUCAUSE	03/02/2010	214
Sixth Annual CACR Higher Education Cybersecurity Summit – April 1, 2010	Valerie M. Vogel, EDUCAUSE	02/19/2010	140
2010 PCI DSS Workshop Presentation Materials are Now Available	Valerie M. Vogel, EDUCAUSE	02/19/2010	750
PCI DSS (and more!) Workshop	Valerie M. Vogel, EDUCAUSE	03/05/2009	542
Tune In September 5: Free Web Seminar on Payment Card Industry (PCI) Compliance in Higher Education	Colleen Luckett, EDUCAUSE	08/28/2007	3,732
New Resource Page on PCI DSS (Payment Card Industry Data Security Standard)	Valerie M. Vogel, EDUCAUSE	06/15/2007	3,513

Do you have a great resource that should be listed here? Email contribute@educause.edu with your recommendation!