The Treasury Institute for Higher Education
PCI-DSS Workshop
November 13, 2007
The Renaissance Long Beach
Long Beach, CA
Do you want to learn the latest developments resulting from the PCI Security Standards Council meeting in September?
The Treasury Institute is offering a unique opportunity to be among the first to learn about (and plan for) the latest developments in PCI DSS just weeks after the Security Standard Council's Community Meeting. In partnership with NACUBO (which joined the Council as a participating organization), the Treasury Institute will attend this meeting and report to attendees on expected changes to the DSS, supporting documentation, and compliance validation for 2008. Plan to join us at this special workshop.
Accepting credit and debit cards is a fact of life at campuses nationwide. Hand-in-hand with card acceptance is the responsibility to safeguard and protect all transaction and consumer data. The Payment Card Industry Data Security Standard (PCI-DSS) was created to help ensure the safe handling of sensitive consumer payment information.
While PCI-DSS applies to every organization that accepts payment cards, many educational institutions have been slow to achieve campus-wide compliance. This is unfortunate since educational institutions are disproportionately vulnerable to hacking and other breaches of confidential consumer data. As a result, financial institutions and card issuers increasingly view educational institutions as risky merchants.
If you are a business, financial, or IT manager with responsibility for payment card processing and/or PCI-DSS compliance, you cannot afford to miss this 1-day workshop on November 13th. Attendees will gain a deeper understanding of the standards and a checklist of actions to help their institution achieve and maintain compliance.
The Institute's May workshop attracted over 100 education professionals nationwide. The workshop featured detailed implementation case studies, energetic discussions, and information sharing between participants and speakers. Recognizing the need to remain current the PCI Council meets in September to review the Standards and other documents and the increasing emphasis on maintaining compliance, the Treasury Institute is sponsoring this one-day workshop in November.
Attendance is restricted to educational institutions. Space is limited, so register online today and make your plans to join us in Long Beach. Hotel reservations can be made online with The Renaissance Long Beach. For those requiring transportation from the Long Beach Airport, a taxi will cost approximately $17 each way.
Agenda
|
Tuesday, November 13
|
|
8:00 - 9:00 am
|
Registration and Continental Breakfast
|
|
9:00 - 10:30 am
|
Achieving Safe Harbor: Understanding PCI DSS and Managing the Compliance Process
A discussion of what constitutes cardholder data, eliminating sensitive authentication data, the role of compensating controls, the compliance validation process, requirements for third-party providers, the role of the PABP, and how to limit the scope of your compliance effort. This session will reflect the latest information from the PCI Security Standards Council Community Meeting in September (just weeks before this Workshop).
Walt Conway, Consultant, Treasury Institute |
|
10:30 - 10:45 am
|
Break |
|
10:45 - 12:00 pm
|
Case Study: Achieving PCI Compliance at UCLA
An examination of how UCLA achieved and maintained compliance with over 500 campus merchants.
Marsha Lovell, UCLA
|
| 12:00 - 1:00 pm |
Lunch |
| 1:00 - 2:15 pm |
PCI Update: Changes for 2008 Compliance
A report on changes, modifications, and clarifications that will have come out of the Security Standards Council Community Meeting in September. Attendees will learn the latest on the Standards, Self-Assessment Questionnaire, Audit Standards, Payment Applications Best Practices, and related documents. We aim to offer a window on future directions the SSC is likely to take with the standards and compliance validation.
Walt Conway, Consultant, Treasury Institute |
| 2:15 - 2:30 pm |
Break |
| 2:30 - 3:30 pm |
PCI Compliance Best Practices
A discussion of the lessons colleges and universities have learned and the strategies that have worked to achieve PCI compliance. We will draw from personal experience and from the experiences of the attendees at the previous PCI Workshops sponsored by the Treasury Institute. We also will look at common vulnerabilities and recent experiences with computer security breaches as they pertain to Higher Education institutions.
Walt Conway, Marsha Lovell |
| 3:30 - 4:00 pm |
Information sharing
Sharing questions, answers, and straight talk on PCI compliance: managing third-party providers, QSAs, and ASVs; important dates for compliance; and partnering with your acquirer. |
| 4:00 pm |
Workshop concludes |
|
