Summit 2009 Day 2 Part 3
UDC Architecture and SOA
I was a little bored by this session as the presented focused in on some topics that I’m already aware of. Plus he went into the PL/SQL APIs to WebServices (which we’ve a done a POC with Oracle tools a couple years ago). He did recommend a book I’ll look into “SOA Patterns.”
PCI Implementation
This was a great session since Banner is dropping payment support. It was a little scary too. It talked about PCI compliance and how the new rules are affecting colleges. I picked up a lot of interesting bits – e.g., compliance is by institution (not merchant), don’t keep cardholder data (on the Web side we don’t), new rule that “vulnerable” applications should be desupported on 10/1/2009 (ouch!).
Basically, this should be a finance driven project process with assistance from IT. The presenter specifically said that “validation is at a point in time” and things change everyday. Here’s his blueprint:
- CFO/VP level sponsorship
- Finance/IT Team
- Limit PCI scope
- Train and Communicate
- Create a breach response plan, e.g. two institution types – those who have had CC breaches and those that will have breaches.
I spoke with Michelle after this session for about a half hour – we should start looking at this very soon.
The rest of the day I spent working on my presentation and cleaning up some work issues. I also spoke with Ted S. a little bit and picked up some interesting ideas from him.