Will regulatory requirements affect the type of authentication used?

Is the organization required to comply with any regulatory requirements that may affect the type of authentication used?

As the federal government or other regulatory agencies get more involved in the protection of customer or patient information, organizations may find themselves required to follow regulations or face stiff penalties. These could include HIPAA for healthcare, PCI for companies that work with customer credit card information or FERPA for educational institutions.

About the author
Russ Rogers is an information security expert and author of Nessus Network Auditing, 2nd Edition. Russ is currently a penetration tester for the federal government.

One of the bigger issues at play here is the fact that the organization may not even be aware of these regulations. As the security professional and adviser to the organization, you should point out what the customer needs to consider. It will also have an impact on the recommended solution you end up installing. Protecting customer financial information may be a high priority for the organization, so consider what methodologies will provide the best protection for the organization while still taking into account any financial or complexity constraints.

This was first published in September 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: