PCI WISP (Written Information Security Policy)

In accordance with Payment Card Industry Data Security Standards (PCI DSS) V3.1 requirements, Middlebury has established this formal PCI Written Information Security Policy (PCI WISP). The PCI WISP specifically applies to payment card applications supported by the dedicated Payment Tech network, computing, and storage infrastructure, as explained in the section 3, Scope. This comprehensive policy document is to be implemented immediately along with all relevant and applicable standards, procedures and practices.

This PCI WISP is designed to provide Middlebury with a documented and formalized written information security policy in accordance with Requirement 12.1 of the PCI DSS V3.1. This policy ensures Middlebury is complying with the PCI DSS V3.1 requirements. Compliance with the stated policy and separate supporting standards, procedures and guidelines helps ensure the safety and security of the Middlebury PCI system components within the cardholder data environment and any other environments deemed applicable.

This PCI WISP encompasses all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data. “System components” include network devices, servers, computing devices, and applications. Examples of system components include but are not limited to the following:

  • Systems that provide security services (for example, authentication servers), facilitate segmentation (for example, internal firewalls), or may impact the security of (for example, name resolution or web redirection servers) the CDE.
  • Virtualization components such as virtual machines, virtual switches/routers, virtual appliances, virtual applications/desktops, and hypervisors.
  • Network components including but not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances.
  • Server types including but not limited to web, application, database, authentication, mail, proxy, Network Time Protocol (NTP), and Domain Name System (DNS).
  • Applications including all purchased and custom applications, including internal and external (for example, Internet) applications.
  • Any other component or device located within or connected to the CDE.

Middlebury Information Technology Services Security and Infrastructure (ITS-SI) is responsible for the management and annual evaluation of this policy. ITS-SI and/or the Middlebury PCI Compliance Team may modify this policy from time to time provided that all modifications are consistent with the current PCI DSS. This PCI WISP will be published in the College Handbook and annual notification will be sent to staff. Failure to comply with the terms of this policy may result in disciplinary actions and could also limit a department’s payment card acceptance privileges.


What if the Secret to Success Is Failure?

Dominic Randolph can seem a little out of place at Riverdale Country School — which is odd, because he’s the headmaster. Riverdale is one of New York City’s most prestigious private schools, with a 104-year-old campus that looks down grandly on Van Cortlandt Park from the top of a steep hill in the richest part of the Bronx. On the discussion boards of UrbanBaby.com, worked-up moms from the Upper East Side argue over whether Riverdale sends enough seniors to Harvard, Yale and Princeton to be considered truly “TT” (top-tier, in UrbanBabyese), or whether it is more accurately labeled “2T” (second-tier), but it is, certainly, part of the city’s private-school elite, a place members of the establishment send their kids to learn to be members of the establishment. Tuition starts at $38,500 a year, and that’s for prekindergarten.

Read more: http://goo.gl/gW3bE

Academic-Nonprofit Partnerships Can Pick Up Where Student Innovators Leave Off

When I was an undergraduate at MIT, I was involved with the small-but-growing community of students and faculty who were interested in international development. My classmates spent Friday nights hammering away on solar cookers, weekends in the kitchen trying to concoct simple hand warmers, and afternoons meeting mentors around campus to discuss their new ideas.


Get more creative by skipping the path of least resistance

The modern business environment values creativity. The success of many firms is rooted in their ability to innovate. That said, creative behavior flies in the face of our daily reality. Most of our lives consist of habits in which we try to do what we did last time in the same situation. In meetings, we sit in the same seat in a conference room. At restaurants, we order the same dish. On our drive home from work, we take the same route.


How LinkedIn Makes Money; Behind the IPO Numbers

In May, LinkedIn went public. To much fanfare, the business-oriented social networking site sold common shares at $45 each, for a total offering of $352.8 million and an overall valuation — public and private shares — of $4.3 billion. It was the biggest Internet initial public offering since Google went public in 2004. At one point on opening day, a share was trading at over $94, bringing back wistful memories of the dotcom boom of the late 1990s. At the end of the day, the company was worth $8.9 billion. In comparison, Facebook, the world's largest social network, but still a private company, may be worth $94 billion if it went public in the near future, according to published reports.


The journey toward values-based cultures — are you on the way?

Culture, values and leadership are critical priorities for business leaders. No matter how many resources your company deploys, how many experts you retain and no matter how many programs you run, little matters if you’re not reaching your global workforce at heart, mind and gut level.