Subscribe to our security ezine
PALISADE
 
 
 
Security Testing Consulting SOC Services Identity & Access Management
       
   

Compliance/Governance

A web application must have adequate measures to guard itself  against remote adversaries and a wide range of threats. There are many regulations which need to be adhered to by a company if it wants to have its application to achieve compliance.

The prominent ones are listed below:

GLBA: The Gramm-Leach-Bliley Act (GLB Act), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. The Act consists of three sections: The Financial Privacy Rule, the Safeguards Rule, and the Pretexting provisions. The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices.

HIPAA: (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs and provides standards for patient health, administrative and financial data interchange.  HIPAA, developed by the Department of Health and Human Services, took effect in 2001 with compliance required in phases up to 2004.

SOX (Sarbanes-OXley Act): The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. The legislation not only affects the financial side of corporations, but also affects the IT departments whose job it is to store a corporation's electronic records. IT departments are increasingly faced with the challenge of creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation.

EU Data Protection Act: The EU Data Protection Act came into force in March 2000. The protection of individual privacy tops the list among its salient features. It insists that companies processing personal data must comply with eight data protection principles and it also gives individuals access to 5 fundamental rights to ensure that their privacy is not invaded in anyway.

Given below are some of the pre requisites to comply by this Act: 

The Act-

• Requires businesses to gain prior consent before sending unsolicited advertising e-mail to individuals.

• Requires that the use of cookies or other tracking devices is clearly indicated and that people are given the opportunity to reject them.

• Network operators and their partners must be able to provide subscription and advertising services based on location and traffic data to their customers. There is no restriction on the type of services that may be provided as long as subscribers give their consent and are informed of the data processing implications.

• Ensure stronger rights for individuals to decide if they wish to be listed in subscriber directories. Clear information about the directory must also be given, e.g. whether further contact details can be obtained from just a telephone number or a name and address.

FISMA: The 2002 Federal Information Security Management Act (FISMA) was enacted to streamline—while at the same time strengthening—the requirements of its predecessor, the Government Information Security Reform Act (GISRA). FISMA requires federal agencies to improve the security of IT systems, applications, and databases. By presenting a baseline of requirements for government agencies, FISMA calls for risk and vulnerability measurement through information security best practices. This way, agencies can ensure the integrity, confidentiality, and availability of federal information systems.
Privacy Act: The Privacy Act mandates that each United States Government agency have in place an administrative and physical security system to prevent the unauthorized release of personal records.

In addition to these regulations there are region specific regulations which are specific to  Asia.
RBI: Reserve Bank of India

ESCA: Elecronic Signatures and Certification Authorities

BNM: Bank Negara Malaysia
 
     
  ISO 27001 Certification
  BCP / DCP
  Security Audits
  ITIL
  PCI DSS
  Compliance/ Governance (Regulatory)
     
     
“Excellent service. Thank you all very much! It was great working with you on this project. "

- Driver Holdings
Paladion tests and certifies your application against security risks
Securing the Banking Infrastructure

 
 
 
     
     
Home | Partners | About Us | Industries | Services | Products | Customers | Careers | Contact Us | Enquiry | Sitemap | Privacy Policy
© 2008 Paladion. All rights reserved.