Search Results

Search found 648 results on 26 pages for 'regulatory and compliance'.

Page 3/26 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • PCI compliance - Setting BIND to no recursion, cURL can't access external sites

    - by Exit
    I was running a PCI scan and was following direction to change the BIND options from: // recursion no; allow-recursion { trusted;}; allow-notify { trusted;}; allow-transfer { trusted;}; to: recursion no; allow-recursion { none;}; allow-notify { trusted;}; allow-transfer { none;}; The end result was that cURL operations stopped being able to access external sites. I realize that not everything will be 100% for PCI compliance, but can someone explain if there is a way to balance this for both PCI compliance and function?

    Read the article

  • How to maintain PCI compliance on a LAMP server when repositories don't keep up with versions

    - by Jared Green
    We run Ubuntu Lucid 10.0.4 as the foundation of our LAMP environment. We are trying to become PCI compliant so that we can pass CC info through our server. We have run some third-party scans on our servers to begin the certification process and have run into errors regarding PHP 5 versions and Apache versions. The latest PHP version hosted in our official lucid repository is about 10 versions lower than what PCI compliance requires. How do we upgrade to stay current with PCI compliance requirements? We need to get from php 5.3.2 to php 5.3.15 As well as up to apache 2.2.23 I've searched far and wide for an answer and haven't come up with a realistic answer. Some recommend compiling manually - which sounds like a nightmare, and others recommend a PPA - which sounds insecure. What should we do?

    Read the article

  • Usual Suspects: Typical 3rd Party Entities in E-Commerce [closed]

    - by zharvey
    I am doing some requirements/analysis for a web app that I'd like to build (Ruby/Java developer here). This web app would have a store front, shopping cart and would need to be totally compliant with all e-com best practices. It's amazing how much non-technical info comes up when you search for phrases like "how does e-commerce work", but very little comes up in the way of technical details. As such, I'm having extreme frustration finding answers to what I consider pretty straight-forward questions. I came here because I believe this question is not off-topic; if it is, please leave a comment as to why this question does not belong here and I will happily remove it myself (upvotes if your comment can point me to the correct place for this question!). So then: What 3rd parties will I need to work with to have a modern, web-compliant e-com site? So far I can account for a payment gateway provider like Authorize.net and an SSL certificate provider like Trustwave. Any others? What other standards besides PCI compliance will I be held to (besides governing laws, of course!)? Vulnerability scans: PCI compliance requires quarterly scans: if I'm a "Level 4" (low volume) Merchant does that still apply to me? Irregardless, my backend architecture is quite huge, with web servers, app servers, database, message brokers and more. Do each of these servers need to be scanned?!? If not what servers do need to get these quarterly scans? I usually hate to ask micro-questions inside of one large one, but these are so closely-related I just felt like asking them all separately would be spamming the site with too many petty questions. Thanks in advance!

    Read the article

  • m2eclipse sets JDK compliance to 1.4

    - by jihedamine
    Using eclipse 3.5, when I create a new maven project, m2eclipse automatically adds J2SE1.4 to libraries and Compiler Compliance Level to 1.4 (Project properties Java Compiler). My JRE system library is 1.6 and my default compiler compliance level is 1.6. I don't even have 1.4 installed. Can I make m2eclipse use my default settings and prevent it from modifying project settings?

    Read the article

  • Needed inputs for helping hospitals/practices save money on mandatory compliance Policies and Course

    - by Jason Gaya
    Hey, Recently one of my clients came up to me and asked "Is there any way we can save some money on mandatory compliance policies and courses, and I started wondering what can I do? I started creating a calculator to show some savings if they used elearning. I wanted your input to validate that data. How many Policies your practice/hospital need to sign and average number of pages per policy? Also how many employees need to sign these policies? This would be really helpful and once I have this done I will send a copy to you as well...Thank You for all the help and support

    Read the article

  • My WiFi gets deauthenticated every few minutes or seconds (Reason: 7)

    - by dan
    My Wifi on my new Thinkpad W520 running Natty keeps dropping out and coming back on. Output from dmesg below. Any advice? [30493.687552] wlan0: authenticate with e0:91:f5:ef:7b:b2 (try 1) [30493.689127] wlan0: authenticated [30493.689144] wlan0: associate with e0:91:f5:ef:7b:b2 (try 1) [30493.693592] wlan0: RX AssocResp from e0:91:f5:ef:7b:b2 (capab=0x411 status=0 aid=4) [30493.693595] wlan0: associated [31631.172868] wlan0: deauthenticated from e0:91:f5:ef:7b:b2 (Reason: 7) [31631.211847] cfg80211: All devices are disconnected, going to restore regulatory settings [31631.211868] cfg80211: Restoring regulatory settings [31631.211873] cfg80211: Calling CRDA to update world regulatory domain [31631.215037] cfg80211: Ignoring regulatory request Set by core since the driver uses its own custom regulatory domain [31631.215042] cfg80211: World regulatory domain updated: [31631.215044] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp) [31631.215046] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) [31631.215049] cfg80211: (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm) [31631.215051] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm) [31631.215053] cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) [31631.215055] cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm) [31632.289638] wlan0: authenticate with e0:91:f5:ef:7b:b2 (try 1) [31632.291262] wlan0: authenticated [31632.291276] wlan0: associate with e0:91:f5:ef:7b:b2 (try 1) [31632.295119] wlan0: RX AssocResp from e0:91:f5:ef:7b:b2 (capab=0x411 status=0 aid=4) [31632.295123] wlan0: associated [31886.234836] wlan0: deauthenticated from e0:91:f5:ef:7b:b2 (Reason: 7) [31886.306735] cfg80211: All devices are disconnected, going to restore regulatory settings [31886.306740] cfg80211: Restoring regulatory settings [31886.306744] cfg80211: Calling CRDA to update world regulatory domain

    Read the article

  • Implementing Database Settings Using Policy Based Management

    - by Ashish Kumar Mehta
    Introduction Database Administrators have always had a tough time to ensuring that all the SQL Servers administered by them are configured according to the policies and standards of organization. Using SQL Server’s  Policy Based Management feature DBAs can now manage one or more instances of SQL Server 2008 and check for policy compliance issues. In this article we will utilize Policy Based Management (aka Declarative Management Framework or DMF) feature of SQL Server to implement and verify database settings on all production databases. It is best practice to enforce the below settings on each Production database. However, it can be tedious to go through each database and then check whether the below database settings are implemented across databases. In this article I will explain it to you how to utilize the Policy Based Management Feature of SQL Server 2008 to create a policy to verify these settings on all databases and in cases of non-complaince how to bring them back into complaince. Database setting to enforce on each user database : Auto Close and Auto Shrink Properties of database set to False Auto Create Statistics and Auto Update Statistics set to True Compatibility Level of all the user database set as 100 Page Verify set as CHECKSUM Recovery Model of all user database set to Full Restrict Access set as MULTI_USER Configure a Policy to Verify Database Settings 1. Connect to SQL Server 2008 Instance using SQL Server Management Studio 2. In the Object Explorer, Click on Management > Policy Management and you will be able to see Policies, Conditions & Facets as child nodes 3. Right click Policies and then select New Policy…. from the drop down list as shown in the snippet below to open the  Create New Policy Popup window. 4. In the Create New Policy popup window you need to provide the name of the policy as “Implementing and Verify Database Settings for Production Databases” and then click the drop down list under Check Condition. As highlighted in the snippet below click on the New Condition… option to open up the Create New Condition window. 5. In the Create New Condition popup window you need to provide the name of the condition as “Verify and Change Database Settings”. In the Facet drop down list you need to choose the Facet as Database Options as shown in the snippet below. Under Expression you need to select Field value as @AutoClose and then choose Operator value as ‘ = ‘ and finally choose Value as False. Now that you have successfully added the first field you can now go ahead and add rest of the fields as shown in the snippet below. Once you have successfully added all the above shown fields of Database Options Facet, click OK to save the changes and to return to the parent Create New Policy – Implementing and Verify Database Settings for Production Database windows where you will see that the newly created condition “Verify and Change Database Settings” is selected by default. Continues…

    Read the article

  • Wireless Activity Monitoring for PCI DSS Compliance

    - by dkusleika
    In an effort to be PCI DSS compliant, I took a trustkeeper.net questionnaire. I failed the question that asks Is the presence of wireless access points tested for by using a wireless analyzer at least quarterly or by deploying a wireless IDS/IPS to identify all wireless devices in use? (SAQ #11.1) My only wireless access point is outside my firewall, so even if you cracked my wireless you couldn't get inside my domain (unless you crack that too). My firewall doesn't have IPS and I couldn't tell if it had IDS. I looked around for a wireless analyzer, but what I found was $500, which is a little pricey for my size business. And even if I got it, I'm not sure I would understand what it tells me. Surely there are smaller/less sophisticated businesses that take credit cards and have solved this. My questions are: What are the risks if someone were to crack my wireless? (Could they read all internet traffic? Just wireless traffic? Just use my internet connection?) And what is the best/cheapest way to test my connection point quarterly? Should I buy the $500 analyzer? Domain is Windows Server 2000. Firewall is Sonicwall Pro 2040. Router is 8 port D-link.

    Read the article

  • Does TAM == TAPI3 Voice Compliance?

    - by Wayne Hartman
    I am looking to purchase some cheap USB modems that claim to be able to use TAM (Telephone answering machine). I am an unable to see any explicit commands that these devices support. Would it be safe to assume that these devices support the AT instructions for playing/recording audio from the modem?

    Read the article

  • PCI-DSS compliance for business with only swipe terminals [migrated]

    - by rowatt
    I support the IT infrastructure for a small retail business which is now required to undergo a PCI-DSS assessment. The payment service and terminal provider (Streamline) has asked that we use Trustwave to do the PCI-DSS certification. The problem I face is that if I answer all questions and follow Trustwave's requirements to the letter, we will have to invest significantly in networking equipment to segment LANs and /or do internal vulnerability scanning, while at the same time Streamline assures me that the terminals we have (Verifone VX670-B and MagIC3 X-8) are secure, don't store any credit card information and are PCI-DSS compliant so by implication we don't need to take any action to ensure their network security. I'm looking for any suggestions as to how we can most easily meet the networking requirements for PCI-DSS. Some background on our current network setup: single wired LAN, also with WiFi turned on (though if this creates any PCI-DSS complexities we can turn it off). single Netgear ADSL router. This is the only firewall we have in place, and the firewall is out the box configuration (i.e. no DMZ, SNMP etc). Passwords have been changed though :-) a few windows PCs and 2 windows based tills, none of which ever see any credit card information at all. two swipe terminals. Until a few months ago (before we were told we had to be PCI-DSS certified) these terminals did auth/capture over the phone. Streamline suggested we moved to their IP Broadband service, which instead uses an SSL encrypted channel over the internet to do auth/capture, so we now use that service. We don't do any ecommerce or receive payments over the internet. All transactions are either cardholder present, or MOTO with details given over phone and typed direct into terminal. We're based in the UK. As I currently understand it we have three options in order to get PCI-DSS certification. segment our network so the POS terminals are isolated from all PCs, and set up internal vulnerability scanning on that network. don't segment the network, and have to do more internal scanning and have more onerous management of PCs than I think we need (for example, though the tills are Windows based, they are fully managed so I have no control over software update policies, anti virus etc). All PCs have anti virus (MSE) and windows updates automatically applied, but we don't have any centralised go back to auth/capture over phone lines. I can't imagine we are the first merchant to be in this situation. I'm looking for any recommendations a simple, cost effective way to be PCI-DSS compliant - either by doing 1 or 2 above with (hopefully) simple and inexpensive equipment/software, or any other ways if there's a better way to do this. Or... should we just go back to the digital stone age and do auth/capture over the phone, which means we don't need to do anything on our network to be PCI-DSS certified?

    Read the article

  • Storing Cards and PCI Compliance

    - by Nimbuz
    I'm developing a SaaS service and will be managing payments as a merchant for customers, and since we'll be using multipe payment processors depending on users location, amount and other factors so its important to store card details. I did some research and from what I understood all you need is a PCI compliant host (VPS, Dedicated or Private Cloud) and get it validated and certified through some provider like TrustWave etc... Is that correct or am I missing something? Also, would be great if you could suggest a few (not necessasrily cheap, but affordable) PCI compliant hosts. Many thanks

    Read the article

  • Win XP Pro, IIS 5.1, PCI Compliance

    - by Mudman266
    I have a client that was scanned and determined not to be PCI Compliant. I looked and they had IIS setup to allow a program from central office to push/pull info from their server. Many of the reasons they failed appeared to have been fixed in SPs (they were on SP2) or security updates. I fully patched the server to (Windows XP Pro) SP3 with all optional updates. I had them scan again and again they failed with only one less vulnerability that I manually corrected (server was showing debugging/error messages). The main issue I'm having is that when I research the CVE code for each error, they say they are fixed in SP2 and up. I'm wondering if I need to remove IIS and resetup since I have patched to SP3. Any ideas?

    Read the article

  • Managing Operational Risk of Financial Services Processes – part 1/ 2

    - by Sanjeevio
    Financial institutions view compliance as a regulatory burden that incurs a high initial capital outlay and recurring costs. By its very nature regulation takes a prescriptive, common-for-all, approach to managing financial and non-financial risk. Needless to say, no longer does mere compliance with regulation will lead to sustainable differentiation.  Genuine competitive advantage will stem from being able to cope with innovation demands of the present economic environment while meeting compliance goals with regulatory mandates in a faster and cost-efficient manner. Let’s first take a look at the key factors that are limiting the pursuit of the above goal. Regulatory requirements are growing, driven in-part by revisions to existing mandates in line with cross-border, pan-geographic, nature of financial value chains today and more so by frequent systemic failures that have destabilized the financial markets and the global economy over the last decade.  In addition to the increase in regulation, financial institutions are faced with pressures of regulatory overlap and regulatory conflict. Regulatory overlap arises primarily from two things: firstly, due to the blurring of boundaries between lines-of-businesses with complex organizational structures and secondly, due to varying requirements of jurisdictional directives across geographic boundaries e.g. a securities firm with operations in US and EU would be subject different requirements of “Know-Your-Customer” (KYC) as per the PATRIOT ACT in US and MiFiD in EU. Another consequence and concomitance of regulatory change is regulatory conflict, which again, arises primarily from two things: firstly, due to diametrically opposite priorities of line-of-business and secondly, due to tension that regulatory requirements create between shareholders interests of tighter due-diligence and customer concerns of privacy. For instance, Customer Due Diligence (CDD) as per KYC requires eliciting detailed information from customers to prevent illegal activities such as money-laundering, terrorist financing or identity theft. While new customers are still more likely to comply with such stringent background checks at time of account opening, existing customers baulk at such practices as a breach of trust and privacy. As mentioned earlier regulatory compliance addresses both financial and non-financial risks. Operational risk is a non-financial risk that stems from business execution and spans people, processes, systems and information. Operational risk arising from financial processes in particular transcends other sources of such risk. Let’s look at the factors underpinning the operational risk of financial processes. The rapid pace of innovation and geographic expansion of financial institutions has resulted in proliferation and ad-hoc evolution of back-office, mid-office and front-office processes. This has had two serious implications on increasing the operational risk of financial processes: ·         Inconsistency of processes across lines-of-business, customer channels and product/service offerings. This makes it harder for the risk function to enforce a standardized risk methodology and in turn breaches harder to detect. ·         The proliferation of processes coupled with increasingly frequent change-cycles has resulted in accidental breaches and increased vulnerability to regulatory inadequacies. In summary, regulatory growth (including overlap and conflict) coupled with process proliferation and inconsistency is driving process compliance complexity In my next post I will address the implications of this process complexity on financial institutions and outline the role of BPM in lowering specific aspects of operational risk of financial processes.

    Read the article

  • FIPS compliance issue on third-party dll

    - by eych
    Currently been using ComponentOne report generator on a web app with no issues. Recently had to turn on FIPS compliance on the server. The app now fails at the call made to ComponentOne method. Is it correct to think that the C1 dll was built on a machine that had FIPS turned off? Any workarounds aside from turning off FIPS on the server?

    Read the article

  • SQLCE 3.5 FIPS compliance on Windows Mobile 6.0

    - by trampster
    What is a positions of SQLCE 3.5 when running on Windows Mobile 6.0 in relation to FIPS compliance. I have read lots of differing reports on this and need a definitive answer, one which comes from a reliable source (please provide links) I have read this "The encryption modes in SQL Server Compact 3.5 are FIPS complaint if FIPS mode is enabled at the OS level." Is this true? if so how does one enable it at the OS level.

    Read the article

  • Mcafee PCI Compliance failing on Session ID cookie?

    - by frio80
    Hello there. I am attempting to obtain PCI compliance for my site but the Mcafee security scan has thrown a: Potential Sensitive Persistent Cookie Sent Over a Non-Encrypted (SSL) Channel Drupal (default behavior) sets a session cookie when you simply arrive at the site. This is causing the problem. Clearly, the entire site shouldn't be under SSL; plenty of other sites set session cookies like this. What gives?

    Read the article

  • Needed inputs for helping hospitals/practices save money on mandatory compliance Policies and Course

    - by user363414
    Recently one of my clients came up to me and asked "Is there any way we can save some money on mandatory compliance policies and courses, and I started wondering what can I do? I started creating a calculator to show some savings if they used elearning. I wanted your input to validate that data. How many Policies your practice/hospital need to sign and average number of pages per policy? Also how many employees need to sign these policies? This would be really helpful and once I have this done I will send a copy to you as well.

    Read the article

  • Auszeichnung für Oracle beim Channel Marketing Award 2010: IT-Security Kampagne "Keine Aufregung" belegt 2. Platz

    - by A&C Redaktion
    Am 18. November wurde in Augsburg der Channel Marketing Award 2010 verliehen. Gesucht wurden die besten Kampagnen der IT-Branche, mit denen wirtschaftlich und kreativ herausragende Marketing-Aktivitäten rund um das Partner Business umgesetzt wurden. In der Kategorie With/Through Partner hat Oracle mit der IT-Security Kampagne www.keine-aufregung.de hinter Xerox den 2. Platz belegt! Damit verwies „Keine Aufregung", durchgeführt von Bozana Pistorius im Januar 2010, Kampagnen von IBM, Corel und E-Plus auf die Plätze. Bilder der Kampagnen sind hier zu finden. Die Berichterstattung zum CMA Award gibt es online bei IT-Business inklusive Video und Bildergalerie.   V.l.n.r.: Alexander Woelke (Woelke von der Brüggen), Sarah Olbrich (Woelke von der Brüggen), Bozana Pistorius (Oracle), Claudine Petit (Cloudbridge Consulting) und Werner Nieberle (Vogel IT Medien)

    Read the article

  • Attaining credit card data

    - by Adam
    I've read the many posts on this site that say we are not allowed to store cc numbers if we are not pci-compliant. But, I'm wondering if it is possible to send a CC number through a form to an email address? Would that be still infringing on the standards? The reason I ask is that a local business owner wants to retrieve a number through a form on his website, so he can manually enter the cc info on his end. I'm assuming the only way to properly get a credit card number is to setup a merchant account? What's the best way to get a cc number without calling the actual customer? I'm thinking email is a bad idea as well.

    Read the article

  • Off-site Cardholder Data Storage

    - by LinuxGnut
    Is there a service or site out there that will store cardholder data for me? I don't need any kind of transaction processing or recurring billing... I just need somewhere that I can store data on until someone in my company is able to look at it. The specific need is allowing customers to input data that will be used for credit checks. Name, Address, Credit Card(s), and the such. Google Checkout, PayPal, NetSuite, and Authorize.net seem to be what everyone suggests to me, but they don't offer what I need -- they're just payment gateways.

    Read the article

  • Is this scenario in compliance with GPLv3?

    - by Sean Kinsey
    For arguments sake, say that we create a web application , that depends on a GPLv3 licensed component, lets say Ext JS. Based on Section 0 of the license, the common notion is that the entire web application (the client side javascript) falls under the definition of a covered work: A “covered work” means either the unmodified Program or a work based on the Program. and that it will therefor have to be distributed under the same license Ok, so here comes the fun part: This is a short 'program' that is based on Ext JS var myPanel = new Ext.Panel(); The question that arises is: Have I now violated the GPL by not including the source of Ext JS and its license? Ok, so lets take another example <!doctype html> <html> <head> <title>my title</title> <script type="text/javascript" src="http://extjs.cachefly.net/ext-3.2.1/ext-all.js"> </script> <link rel="stylesheet" type="text/css" href="http://extjs.cachefly.net/ext-3.2.1/resources/css/ext-all.css" /> <script type="text/javascript"> var myPanel = new Ext.Panel(); </script> </head> <body> </body> </html> Have I now violated the terms of the GPL? The code conveyed by me to you is in a non-functional state - it will have to be combined with the actual source of Ext JS, which you(your browser) will have to retrieve, from a source made public by someone else to be usable. Now, if the answer to the above is no, how does me conveying this code in visible form differ from the 'invisible' form conveyed by my web server? As a side note, a very similar thing is done in Linux with many projects that depends on less permissive licenses - the user has to retrieve these on its own and make these available for the primary lib/executable. How is this not the same if the user is informed on beforehand that he (the browser) will have to retrieve the needed resources from a different source? Just to make it clear, I'm pro FLOSS, and I have also published a number of projects licensed under more permissive licenses. The reason I'm asking this is that I still haven't found anyone offering a definitive answer to this.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >