Dear Middlebury Colleagues:
To offer some additional information on the Sophos roll-out the following timeline has been proposed and will be followed by the LIS deployment team for this
- Email will be converted to the Sophos solution the weekend of January 22, 2012
- Testing will be conducted on individual systems through the month of January
- Sophos engineers will be on site to help with a larger test group across LIS and to build a deployment agent on January 25 and 26th
- Server deployment and will be conducted on test servers and production servers through the month of January and February
- A second desktop test group will be identified and targeted for the end of January and beginning of February
- Based on the conclusion of two successful tests deployment will continue to the remainder of the campus in February
If you are interested in being a part of one of the test groups, please contact LIS Information Security at firstname.lastname@example.org. If you would Iike more information about Sophos please check the Infosec web site at go\itsecurity or contact LIS Information Security.
LIS-IT Security Administrator
The Payment Card Industry Data Security Standard (PCI DSS v2.0) is a standard that has been accepted by all major credit card companies and most credit providers. It is a standard that we must abide by if we are to accept credit cards as a form of payment. PCI DSS is broken into 12 requirements; each focusing on a different domain of security.
While PCI DSS is not an actual law, it is a standard enforced by the credit card industry, and the banks have stated and upheld the policy that they will no longer accept business from non-PCI compliant merchants. The government has used the PCI DSS as a yardstick by which they have measured such regulations as Gram-Leach-Bliley, Sarbanes-Oxley, and most recently the drafting of the Data Accountability and Trust Act.
We employ a device called a Barracuda here at Middlebury which helps us prevent SPAM from flooding our email system. Just shy of a year ago this system was updated to enable it to filter on cardholder information. By default this feature was turned on. We have left this enabled and have begun reporting on these blocked messages and alerting the senders of outbound messages. The Barracuda is intended to serve both as a SPAM filter and a compliance tool.