[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] what are the rules for SSNs?
- From: "Schmidt, Albert E" <AES@xxxxxxxxxxxxxxx>
- Subject: RE: [WEB SECURITY] what are the rules for SSNs?
- Date: Fri, 11 Jul 2008 13:00:08 -0400
The FTC summary is nice, but it does not address the threat of insiders - it seems to indicate that SSN's only need to be encrypted when they are outside an entities secured network. I have not seen a network that I would say is 100% secure. Security is best applied in layers. It would be better to encrypt the data while it is in the network, then to rely on network security.
________________________________
From: Johannes B. Ullrich, Ph.D. [mailto:jullrich@xxxxxxxx]
Sent: Fri 7/11/2008 12:27 PM
To: Licky Lindsay
Cc: WASC Forum
Subject: Re: [WEB SECURITY] what are the rules for SSNs?
The FTC has a summary here:
http://www.ftc.gov/bcp/edu/microsites/idtheft/business/safeguards.html
However, the rules are not as specific as for example PCI.
----- Original Message -----
From: "Licky Lindsay" <noontar@xxxxxxxxx>
To: "WASC Forum" <websecurity@xxxxxxxxxxxxx>
Sent: Friday, July 11, 2008 9:49:55 AM GMT -05:00 US/Canada Eastern
Subject: [WEB SECURITY] what are the rules for SSNs?
In the U.S., what laws, regulations, standards, etc control how handle
social security numbers?
For example, is it acceptable to store mass numbers of them
unencrypted in database?
Not asking if it's a good idea to do so.. asking if it's legal and in
compliance with standard practices. Realize those are not the same.
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Brought to you by http://www.webappsec.org
Search this site
|