Highest Voted 'compliance' Questions - IT Security Stack Exchange

17

votes

5 answers

Is Google Analytics HIPAA compliant? How can I find out?

I'd really like to implement Google Analytics at my work on web software that is required to be HIPAA compliant. But I'm wondering if it's against the rules. Does anyone know how I can find out? I've searched Google, but there isn't much there on…

hipaa compliance

asked Nov 08 '11 at 12:57

Ben

271
2
5

15

votes

7 answers

Storing credit cards for automatic payments?

I have no experience with storing credit cards and I do not know anything about the legal end of this. The company I work for / develop for wants to store credit cards to process auto payments for accounts that are on layaway. Does anyone know a…

compliance legal pci-dss

asked Sep 08 '11 at 18:50

Jeff

509
1
4
8

15

votes

4 answers

Question of importance of FIPS in security implementations

I am by far, no security expert but I experience on the subject working in Java (JCA,JCE and JSSE). Anyway, recently there was a discussion about FIPS compliance. I looked into this and SUN's libraries are not FIPS compliant per se. Additionally,…

cryptography compliance fips

asked May 26 '11 at 19:59

Jim

1,395
4
13
18

14

votes

3 answers

In what cases can overly strict security policies be detrimental to organisations?

In a philosophical sense is heterogeneous security, a system where people are given more autonomy, better than security policies/procedures written in stone? I've worked at some companies where office politics were so strong and everyone was so…

physical compliance corporate-policy usability

asked May 08 '15 at 09:04

Celeritas

10,039
22
77
144

14

votes

4 answers

Why do we trust organizations that certificate ISO 27001?

I've been asked why do we trust organizations that certifies ISO 27001? From where did they get the authority and recognition to be able to certify ISO 27001? For example, I can start a certification business and certify that a company is ISO 27001…

compliance corporate-policy iso27001

asked Apr 06 '14 at 12:02

The Illusive Man

10,487
16
56
88

14

votes

2 answers

Is there a way for a consumer to report PCI non compliance?

compliance pci-dss disclosure

asked Apr 20 '11 at 13:43

p_upadhyay

1,121
3
14
31

14

votes

4 answers

PCI-DSS - one application per server?

How do I interpret the 2.2.1 point for PCI-DSS? Is "application server" 'one primary function' or does it need to be "program x server", "program y server" etc? I have a collection of applications that run server side within my environment. Some of…

pci-dss compliance risk-management

asked Dec 18 '12 at 18:07

Tim Brigham

3,762
3
29
35

14

votes

3 answers

Nessus vs third-party scans

As part of our PCI-DSS compliance process we get scans done by a third party. Based on the form and wording of the output, it's pretty clear they're using Nessus for most of their heavy lifting. Same as we use internally, actually. What is the…

network compliance pci-dss network-scanners

asked Jan 14 '11 at 05:52

sysadmin1138

2,033
13
16

13

votes

3 answers

Whistleblowing, business ethics and credit card data

I'm writing this post as I'm facing a personal, ethical dillemma and I would like feedback on the best way to approach this situation, particularly from a philosophical point of view. I work for a small-business. I'm part-time, doing "grunt" work…

compliance pci-dss disclosure ethics

asked Jul 24 '11 at 08:26

ethically_minded

13

votes

3 answers

New credit card security standards regarding PA-DSS Compliance

The new credit card standards including PA-DSS can be quite confusing for software companies. My question is this: If your software company designs a POS software system (like we do) which utilizes a locally installed 3rd party credit card…

compliance pci-dss

asked May 25 '11 at 19:46

Matt

233
1
7

13

votes

2 answers

Are TPM chips or the equiavlent required for FIPS 140-2 security level 1 compliance?

A 'TPM chip' is: a secure cryptoprocessor that can store cryptographic keys that protect information FIPS 140-2 requires a cryptographic module, which can be hardware, software, or both that have been certified. If I was using Bitlocker as a…

compliance hardware fips

asked Jan 09 '12 at 16:56

Mark Rogers

508
3
18

13

votes

1 answer

Does ISO 27001 allow a company to use FTP?

On a project I had to use unsecured FTP to connect to the hosting provider - not SFTP, not FTPS. The hosting provider proudly claims it's ISO 27001 certified. Somehow this all seemed quite wrong to me. Is it possible that a company gets ISO 27001…

compliance ftp iso27001

asked Oct 29 '15 at 11:35

the

1,841
2
16
33

12

votes

5 answers

Data needed for why not to load third party JavaScript on web page with credit card form

My company makes a JavaScript widget that e-commerce sites can embed on their pages. Our current instructions to our customers tell them to load our JS on every page of their site and most follow this advice to the letter, even including it on their…

javascript pci-dss compliance

asked May 14 '13 at 22:28

Nathan Friedly

221
2
6

12

votes

4 answers

Is Facebook Connect or Twitter OAuth PCI Compliant?

We have a system that stores credit cards securely on file. We'd love to allow users to sign up using Facebook Connect or Twitter. Obviously this wouldn't be secure if we were trusting just any old OAuth or OpenID provider, but in the case of…

authentication compliance pci-dss openid oauth

asked Jan 24 '11 at 02:51

realworldcoder

1,123
11
10

12

votes

4 answers

Wireless Activity Monitoring for PCI DSS Compliance

In an effort to be PCI DSS compliant, I took a trustkeeper.net questionnaire. I failed the question that asks: Is the presence of wireless access points tested for by using a wireless analyzer at least quarterly or by deploying a wireless IDS/IPS…

network compliance pci-dss network-scanners wifi

asked May 12 '10 at 14:07

dkusleika

Questions tagged [compliance]