Home page logo

basics logo Security Basics mailing list archives

Re: E-Commerce Compliance Requirements
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 6 May 2011 13:55:40 -0400

On Fri, May 6, 2011 at 8:25 AM, Matthew Reed <mreed () cgx com> wrote:
If you are taking credit card information, PCI will likely be the top priority.
You might also inquire into Sony's auditing firm to relieve you of
some of the regulatory and compliance burdens
They seem to be very accommodating.

You also will have to investigate to find out if you are taking any PHI (Protected Health Information). While this is 
not usually the case, many people do not account for it or understand what PHI is. Any data that links a person to 
their physician, ailment or coverage is likely in scope for HIPAA. I have seen quite a few e-commerce solutions that 
collect heath information, you will want to confirm that is not in your scope. If it is, you will need to learn about 

If the company is publicly traded and the e-commerce revenue is considered direct billing, then this may likely be 
considered an accounting application and SOX (Sarbanes-Oxley) would come into play as well.

Matthew Reed, GSEC, GCIH, CHPSE


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]