FUJ00096239
FUJ00096239
To: Membery Bil GRO
From: McClintock Damian[/O=EXCHANGE/OU:
Sent: Fri 18/06/2010 3:43:41 PM (UTC)
Subject: RE: CGP call
-ADMINGROUP1/CN=RECIPIENTS/CN=DAMIANM]
ta
From: Membery Bill
Sent: 18 June 2010 15:25
To: McClintock Damian
Subject: FW: CGP call
For Your eyes only
Please don’t use this other than as information for your meeting with IRM
Kind Regards
Bill Membery
EC Council Forensic Investigator, BSI 27001 Lead Auditor and ISEB Practioner in Information Risk management
TSS Security
RMGA
Fujitsu Services
Trafalgar House
Temple Court
Risley
Warrington
WA3 6GD
E-mail billmemberyé GRO I
Web: http:/uk.fyjitsu.com
Fujitsu Services Limited, Registered in England no 96056, Registered Office: 22 Baker Street, London W1U 3BW.
This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu does not guarantee
that this e-mail has not been intercepted and amended or that it is virus-free.
From: Membery Bill
Sent: 18 June 2010 14:04
To: Lillywhite Tom
Subject: CGP call
Hi Tom
Info from Connie
Please keep part about dates from her viewpoint and fact that they are thinking of removing red alert week on Sunday regards
patching between us and therefore we have 30 days to implement (with LST freeze could be problem)
Patch management
CGP picked up that there is an issue with Red Hat Linux and that we have reluctance to implement patch and this patch was
released 5" May 2010.
She has picked up that is internal (i.e. in data centre) and therefore is looking to work with us regards implementation date (90 days
FUJ00096239
FUJ00096239
e.g. 5th August)
PCI Audit
1. CCN’s - ARC/SEC/ARC/0003 and CISP — she is looking for this to be agreed and signed off before audit, advised are
Commercial discussions at Director level and that we are putting out as internal Change for impacts (will chase next week with
Ken)
2. Audit - she is looking to manage missing stages of the audit to fit in with 30 days and 90 days above, looking for Damien’s
input on proposed date as auditor wants to sample platforms for AV/patching and re look at IDS/IPS etc. Proposes that it is in
WAR13 as IDS/IPS and Foundstone team here but is flexible and will fit in with us. Wants Damien and me to attend.
3. Meeting with DK etc looking to put him in firing line and John Scott is now attending with CGP
SL/DK
Issues still internally SL put on rack over CCN’s and also DK’s proposed meeting Wed next week with myself and Damien. Advised
CGP that this is regards Architecture, what provided previously in Horizon, what now in HNG-X and changes and also what coming
down the Line. She also advised internally SL not Info Sec Mngr and John Scott watching her and DK very closely.
LISS
Connie advised they have had meetings with Link and Vocalink regards this standard and that their QSA’s have advised that Track2
and PAN data are not exempt for banking transactions and therefore any storage of data with these in will need to be removed. She
advised that PO Ltd will need to put CT/CCN in for this as error by PH.
Kind Regards
Bill Membery
EC Council Forensic Investigator, BSI 27001 Lead Auditor and ISEB Practioner in Information Risk management
TSS Security
RMGA
Fujitsu Services
Trafalgar House
Temple Court
Risley
Warrington
WA3 6GD
Mobile Exterali
Mobile Internak
E-mail: bill: memberyt
Veb: http://uk.fujitsu.com
Fujitsu Services Limited, Registered in England no 96056, Registered Office: 22 Baker Street, London W1U 3BW.
This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu does not guarantee
that this e-mail has not been intercepted and amended or that it is virus-free.