IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [regulation]

A rule of order having the force of law, prescribed by a superior or competent authority, relating to the actions of those under the authority's control.

A rule of order having the force of law, prescribed by a superior or competent authority, relating to the actions of those under the authority's control.

45 questions
2
votes
1 answer

Security requirements of storing ID numbers in database EU/USA?

I am dealing with a client (an official organization in one EU country) who is storing all clients' ID numbers in an Excel spreadsheet. They need those numbers to present their clients once per year i.e. to register to be members of one society. I…
Léo Léopold Hertz 준영
  • 143
  • 8
1
vote
0 answers

Compliant login process

Working with a developer to update a login system through a web-UI: Currently, we use: Enter login ID Goes through Challenge/Step-up Based on results: Challenge/Step-up User is presented the password page to login They are wanting to change the…
Leptonator
  • 117
  • 1
  • 8
1
vote
1 answer

Incentives to Support Adoption of the Cybersecurity Framework

The US White House has just release the subject blog post link here which suggests adoption of this proposed new cyber insurance might be rewarded by liability limitations including "reduced tort liability, limited indemnity, higher burdens of…
zedman9991
  • 3,377
  • 15
  • 22
1
vote
0 answers

What would be the logical approach in breaking down the following scenario in regard to CISSP Domains?

I'm currently doing my Cyber Security Certification program, I along with my fellow classmates are in Beginner stages. Over the past few weeks we have been writing up variety of Discussions using Domains 1 to 5, for this Week we are given a scenario…
0111010001110000
  • 33
  • 4
1
vote
2 answers

How to timestamp a document without electronic signature under eIDAS

I need to timestamp a file to prove data integrity, not authorship. I will use a RFC3161 qualified timestamping service. From the EU Regulation Section 6, Article 41, I understand that I can use a timestamp without an electronic signature*, as they…
Victor
  • 373
  • 1
  • 10
1
vote
2 answers

Credit Card details shown in full after payment on online store

A large and reputable online store shows the credit card details of the customer in full on the order confirmation and receipt page (after payment has been processed). This is the first time I have seen this occur on any online store, as usually it…
user141100
1
vote
0 answers

certification to get in order to save PHI for European businesses

I work in a digital health company that will likely save personal Health information. I am conflicting what certification I best get in order to best meet the needs of business partners from Europe. Of course there are different requirements for…
WebQube
  • 129
  • 4
1
vote
0 answers

What is EU-US security shield certificate means in term of EU PHI compliance

I'm facing a regulation issue. My servers are hosted on Google Cloud. I see that Google is HIPAA and Privacy Shield approved. If my database servers are hosted with Google and I'm storing personal health information there, am I allowed to store…
WebQube
  • 129
  • 4
1
vote
2 answers

scans for WIFI access points

PCI DSS requirement 11.1: "Implement processes to test for the presence of wireless access points (802.11), and detect and identify all authorized and unauthorized wireless access points on a quarterly basis" My qustion is : where should i perform…
BokerTov
  • 539
  • 4
  • 10
1
vote
1 answer

What regulations *require* multi-factor authentication?

What industries require multi-factor authentication? Please include the following information: Country Industry Regulation name Additional information as you see relevant. Some additional information I'd like to know is how the regulation…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
0
votes
2 answers

Security in the breaking cloud? Storage Wars?

If access to a cloud server instance that stores personal/important information is lost or removed by the provider, is my data protected? Can the provider access my data and copy it, distribute, or claim ownership? I'm horrified by the internet…
Drew Lex
  • 2,013
  • 2
  • 19
  • 24
0
votes
0 answers

eIDAS qualified timestamp on email

Every document that needs to be eIDAS compliant needs to have a qualified timestamp. If we take an email as a document, then the email, based on eIDAS regulations, needs to have an qualified timestamp issued by a qualified CA. As I know, no email…
Giulio Ferraiuolo
  • 1
0
votes
1 answer

Do users data from europe have to be stored in the EU?

I read recently that facebook could be moving 1.5 billion EU users data outside of the EU to get round the new EU regulations on GDPR. Is this legal and how could it be stopped? Source:…
coolio85
  • 5
  • 2
0
votes
1 answer

Differences in classified data handling

Is the difference in the strength of the cryptographic algorithms the only difference between handling TOP SECRET and SECRET information? Say in NSA Suite B, the following is recommended: - SECRET: AES128, SHA256, ECHD256 and ECDSA256 - TOP…
J. Miss
  • 1
-1
votes
1 answer

Security requirements for commingling systems

Are there federal regulations/requirements that prohibit such commingling of Private systems and CUI(CUI - Controlled Unclassified Information) storage systems? I am looking at CFR-2017 title32, vol6, part2002, and NIST SP 800-53, but I am not…
AgapwIesu
  • 107
  • 3
1 2
3