Cenzic Solutions for Compliance
Application Security to Meet Rigorous Regulatory Requirements
Cenzic's application security solutions help organizations comply with a variety of data protection regulations, by allowing them to use automated processes to test for vulnerabilities.
The Payment Card Industry Data Security Standard (PCI DSS) Program is a mandated security initiative which was created to offer merchants and service providers a complete, unified approach to safeguarding credit cardholder information for all card brands.
The Open Web Application Security Project (OWASP) is an all-volunteer group that produces free, professional-quality, open-source documentation, tools, and standards. The Open Web Application Project has compiled a highly regarded list of the top-ten security vulnerability categories.
SB 1386 Compliance
California SB 1386 became effective in on 1st July 2003, amending civil codes 1798.29, 1798.82 and 1798.84. It is a serious bill, with far reaching implications.
Essentially, it requires an agency, person or business that conducts business in California and owns or licenses computerized 'personal information' to disclose any breach of security (to any resident whose unencrypted data is believed to have been disclosed).
Security Compliance Best Practices
Companies within same industry sectors try to emulate each other's best practices in different areas. Security is no different. It's always challenging to find out the best practices in the area of security because information about security practices is not publicized for obvious reasons. Cenzic, while respecting and honoring the confidentiality of companies, enables all our customers to leverage from best practices of other customers.
Security Compliance Internal Security
Internal security requirements and corporate best practices guidelines are a given in even the smallest of enterprises. In many cases workgroups or entire departments within the company have as their charter the construction of internal security compliance documents. But, how do you test your applications for compliance to such requirements?
The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.
The Sarbanes-Oxley Act was signed into law on 30th July 2002, and introduced highly significant legislative changes to financial practice and corporate governance regulation. It brought forth stringent new rules with the stated objective: "to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws."
HIPAA stands for the Health Insurance Portability and Accountability Act. The Federal Department of Health and Human Services has issued HIPAA regulations to protect the confidentiality of personal health care information. Protected health information is defined as individually identifiable health information maintained or transmitted by a covered entity (aka: organization that the act pertains to) in a number of forms including computer networks.
Reduce Security Risk:
Estimate the financial impact of a breach!
Calculate your application security exposure and risks.Start Calculator