In 2003, California became the first state in the country to set robust strictures on the visibility of online consumer data. The California Online Privacy Protection Act, also known as CalOPPA, created regulations that required online websites and businesses to prominently display their Privacy Policy in regard to their users data.This law aimed to protect online users’ data and to inform them as to how their data might be tracked, mined, stored, trolled, sold, used, or shared. As of now, the posting of this notification is mandatory for any business or website that accrues personally identifiable information from California residents. CalOPPA states, [A website must] conspicuously post its Privacy Policy on its Web site, or in the case of an operator of an online service, make that policy available. If you are an online business found in non-compliance, if you do not clearly convey to your customers what data you collect, how you collect it, and what you plan to do with it, there are potentially severe ramifications that could cripple your business.
Blog
-
California Privacy Policy: What is CalOPPA?
Established in 2003, The California Online Privacy Protection Act (CalOPPA) was the very first state law in the United States that required commercial and online websites to post their privacy policy to the general public. The goal of this act was to protect online users from having their data mined, stored, used, or sold, without their knowledge or consent.
-
Tracking and monitoring all access to network resources and cardholder data (PCI DSS Reqs. 3, 7, 10)
Recent statistics have shown that 42% of consumers feel that credit cards are the safest payment option to protect cardholder data for their online purchases. With more consumers focusing on purchasing online rather than via brick and mortar retailers, this means that online retailers must take extra care in monitoring their network resources as they pertain to their cardholder data. Consumers are well within their entitlement to expect that their credit card transaction is secure once it has been processed. However, that expectation might fall short if the pathways that the payment company develops does not securely transmit their cardholder data once the transaction goes through. It is for this reason (and many others) that securing access to network resources for any organization that processes and/or stores credit card payments is critical.
-
Client Feature: MK Decision – The future of credit based decisioning
As compliance and cybersecurity providers, RSI Security has the opportunity to work with forward thinking, innovative, and downright neat companies. This week, RSI Security has the pleasure of featuring our client: MK Decision, an up and coming startup company in the Financial Technology (FinTech) sphere. Known for their Credit Card Origination System (CCOS) that they launched in May of 2018 — which recently secured them a spot in the Money20/20 USA Startup Academy. For those of you who may not know what CCOS or Money20/20 are, allow us to provide some insight.
-
5 things you need to know about how email encryption works
Whether its for personal or business reasons, email has become an indispensable method of communication in the modern world (and has been for quite some time). But thats exactly why emails are some of the biggest targets for hackers and cybercriminals. And its also why individuals, businesses, and all organizations are trying to send secure emails via enhanced email encryption.
-
Deploying Secure Systems and Applications (PCI DSS Req. 6)
The Payment Card Industry (PCI) is a coalition of credit card companies including American Express, Discover, MasterCard and Visa that is built on the backbone of 12 requirements specified in the PCI Data Security Standards (DSS). These requirements were implemented to ensure the continued financial safety of businesses and consumers alike. The number and severity of data breaches constantly on the rise and the PCI DSS requirements are there to provide organizations with the compliance framework they need to maintain a high level of network security.
-
NIST Definition of Cloud Computing
The term Cloud Computing appears in Google search nearly 54 million times. But The Cloud remains to be this elusive entity to the general population. Those who fit into this category either see cloud-based computing as this near-magical technology that whisks your data into another dimension for you to summon at a moments notice at your beck and call (which sounds pretty wizard-like). For those who work with the technology daily and understand its capabilities, the technology is much more simplistic than others would make it seem, even though it does have some technical nuances.
-
What You Need to Know About NIST Password Guidelines
Almost every online interaction, whether it be a financial transaction, company login, or a simple email conversation, requires the use of a password. With data breaches becoming more common and prolific, passwords have evolved into complex strings of characters that are difficult to remember. Ironically, this conundrum has resulted in stores selling password books for recording all the numerous credentials individuals use on a daily basis; however, this defeats the very purpose of passwords. Consequently, the National Institute of Science and Technology (NIST) began researching past data breaches and experimenting with various password structures to identify better authentication practices. Besides providing NIST definitions for cloud computing, the NIST has also now provided guidelines to create safer passwords. Do you know how to create a safe and effective password for your profiles? Learn about NIST password guidelines and NIST compliance by reading on.
-
How to Improve Your Security With NIST
Business owners should know the answer to the question, how prepared is your business to face cyber threats? However, most do not. The National Institute of Standards and Technologys (NIST) cybersecurity framework is one of the most recognized structures for improving sensitive data security against todays cyber threats from all devices. Meant to be a voluntary framework for taking security measures to identify and minimize cybersecurity risks, the NIST framework has been used in a wide variety of industries. In this article, well break down why the NIST framework was created, how it is structured, and how it helps to create a robust cybersecurity risk-management strategy. The NIST framework can be daunting at first, particularly for smaller organizations that may not be sure how to leverage the framework to create actionable insights into gaps in their cybersecurity. The information provided in this article should prove as a helpful starting place for organizations wishing to get a brief introduction to the NIST framework, as well as highlight some of the key advantages that adopting the NIST framework brings to organizations of any size.
-
What is NERC CIP Compliance?
Flashback to August 14, 2003 when North America experienced its worst blackout to date with more than 50 million people losing power in the Northeastern and Midwestern United States and parts of Canada. Less than 3 years prior to this massive blackout, the North American Electric Reliability Corporation (NERC) had been appointed as the electric utility industrys primary point of contact with the U.S. government for national security and critical infrastructure protection issues. After nearly eight (8) months of investigations into the record-breaking blackouts, NERC found that the prevention of future blackouts could be done through making Reliability Standards mandatory and enforceable through the U.S. federal government.