Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

What is a secure site?

Traditionally when you hear someone say 'Our website is Secure' they imply that their website uses SSL (Secure Sockets Layer) and that the traffic is encrypted (The little lock in your browser usually appears) unfortunately Encryption doesn't make a website secure. Sure encryption makes sure that nobody can sniff your session (see what you're doing), but if the site you're submitting personal data to contains a Vulnerability an attacker can still steal your data. Some sites contain logo's saying 'Secured by XXX' (XXX being a vendor name) but you can't trust these one bit. Rather then paying for a security monitoring service a website owner could easily just copy the image and save a few thousands dollars doing it. Unfortunately not everyone knows how to secure a website and some blind trust is needed in order to perform some everyday tasks. To ease your mind there are some rules that certain types of sites must follow in order to remain active.


The site in question is:

* A Hospital: Federal regulations require that Medical facilities comply to a security standard called 'HIPPA'. These facilities by law must perform security testing created by the government to provide a baseline security review of all computer systems.

* A Bank or Insurance Company: The Gramm-Leach-Bliley Act according to Wikipedia "GLBA compliance is not voluntary; whether a financial institution discloses nonpublic information or not, there must be a policy in place to protect the information from foreseeable threats in security and data integrity" - Wikipedia

* A Publically Traded Company: Publically traded companies also must pass a federally imposed act entitled 'The Sarbanes-Oxley Act'.
"Chief information officers are responsible for the security, accuracy and the reliability of the systems that manage and report the financial data. Systems such as ERP (Enterprise Resource Planning) are deeply integrated in the initiating, authorizing, processing, and reporting of financial data" - Wikipedia


Also see 'How do I secure my website?':
"How do I secure my website?"

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment







Remember personal info?


Copyright 2000-2008 CGISecurity.com | Privacy Policy