Traditionally when you hear someone say ‘Our website is Secure’ they imply that their website
uses SSL (Secure Sockets Layer) and that the traffic is encrypted (The little lock in your browser
usually appears) unfortunately Encryption doesn’t make a website secure. Sure encryption
makes sure that nobody can sniff your session (see what you’re doing), but if the site you’re submitting
personal data to contains a Vulnerability an attacker can still steal your data. Some sites contain
logo’s saying ‘Secured by XXX’ (XXX being a vendor name) but you can’t trust these one bit. Rather then
paying for a security monitoring service a website owner could easily just copy the image and save
a few thousands dollars doing it. Unfortunately not everyone knows how to secure a website and some blind
trust is needed in order to perform some everyday tasks. To ease your mind there are some rules that
certain types of sites must follow in order to remain active.
The site in question is:
* A Hospital: Federal regulations require that Medical facilities comply to a security standard
called ‘HIPPA’. These facilities by law must perform security testing created by the government
to provide a baseline security review of all computer systems.
* A Bank or Insurance Company: The Gramm-Leach-Bliley Act according to Wikipedia
“GLBA compliance is not voluntary; whether a financial institution discloses nonpublic information or not,
there must be a policy in place to protect the information from foreseeable threats in security and
data integrity” – Wikipedia
* A Publically Traded Company: Publically traded companies also must pass a federally imposed
act entitled ‘The Sarbanes-Oxley Act’.
“Chief
information officers are responsible for the security, accuracy and the
reliability of the systems that manage and report the financial data.
Systems such as ERP (Enterprise Resource Planning) are deeply
integrated in the initiating, authorizing, processing, and reporting of
financial data” – Wikipedia
Also see ‘How do I secure my website?’:
“How do I secure my website?”
