Security Basics mailing list archives
Re: E-Commerce Compliance Requirements
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 6 May 2011 13:55:40 -0400
On Fri, May 6, 2011 at 8:25 AM, Matthew Reed <mreed () cgx com> wrote:
If you are taking credit card information, PCI will likely be the top priority.
You might also inquire into Sony's auditing firm to relieve you of some of the regulatory and compliance burdens (http://consumerist.com/2011/05/security-expert-sony-knew-its-software-was-obsolete-months-before-psn-breach.html). They seem to be very accommodating.
You also will have to investigate to find out if you are taking any PHI (Protected Health Information). While this is not usually the case, many people do not account for it or understand what PHI is. Any data that links a person to their physician, ailment or coverage is likely in scope for HIPAA. I have seen quite a few e-commerce solutions that collect heath information, you will want to confirm that is not in your scope. If it is, you will need to learn about HIPAA. If the company is publicly traded and the e-commerce revenue is considered direct billing, then this may likely be considered an accounting application and SOX (Sarbanes-Oxley) would come into play as well. Matthew Reed, GSEC, GCIH, CHPSE [SNIP]
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re:E-Commerce Compliance Requirements dysprosphor (May 06)
- <Possible follow-ups>
- E-Commerce Compliance Requirements dysprosphor (May 07)
- RE: E-Commerce Compliance Requirements Matthew Reed (May 07)
- Re: E-Commerce Compliance Requirements Jeffrey Walton (May 06)
- RE: E-Commerce Compliance Requirements Hung Lee (May 07)
- RE: E-Commerce Compliance Requirements Jacob (May 10)
- RE: E-Commerce Compliance Requirements Matthew Reed (May 07)
- RE: E-Commerce Compliance Requirements Alex Bolante (May 07)