RE: E-Commerce Compliance Requirements

[Matthew Reed <mreed () cgx com>]

If you are taking credit card information, PCI will likely be the top priority.

You also will have to investigate to find out if you are taking any PHI (Protected Health Information). While this is 
not usually the case, many people do not account for it or understand what PHI is. Any data that links a person to 
their physician, ailment or coverage is likely in scope for HIPAA. I have seen quite a few e-commerce solutions that 
collect heath information, you will want to confirm that is not in your scope. If it is, you will need to learn about 
HIPAA.

If the company is publicly traded and the e-commerce revenue is considered direct billing, then this may likely be 
considered an accounting application and SOX (Sarbanes-Oxley) would come into play as well.


Matthew Reed, GSEC, GCIH, CHPSE


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of dysprosphor () gmail com
Sent: Thursday, May 05, 2011 10:56 PM
To: security-basics () securityfocus com
Subject: E-Commerce Compliance Requirements

Hi guys,



I've got a question, the company I work at deals with a high-volume of e-commerce transactions for both mobile and web 
platforms, could you pinpoint some of the regulatory standards I should be looking at?



Thanks in advance!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


NOTICE:  This message, as well as any attached document, contains information from Consolidated Graphics, Inc. that is 
confidential and/or privileged, or may contain attorney work product.  The information is intended only for the use of 
the addressee(s) named above.  If you are not the intended recipient, you are hereby notified that any review, use, 
dissemination, forwarding, printing, copying, disclosure, or the taking of any action in reliance on the contents of 
this message or its attachments is strictly prohibited, and may be unlawful.  If you have received this message in 
error, please destroy all copies (in any form) of this message and its attachments, if any, without disclosing the 
contents, and notify the sender immediately.  Unintended transmission does not constitute waiver of the attorney-client 
privilege or any other privilege.  Unless expressly stated in this email, nothing in this message should be construed 
as a digital or electronic signature.  Thank you for your cooperation.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------