Add to collection(s) Add to saved
  1. Social Science
  2. Law

Security Overview - Gift4charity

advertisement 
SECURITY OVERVIEW FOR GIFT4CHARITY.ORG WEB APPLICATION
Encryption
The Gift 4 Charity security model is based on web standards for ecommerce and
online transaction applications. All critical information paths are encrypted by
Godaddy with a 256 bit browser to server encryption level. Sensitive information
such as social security numbers or private employee identification numbers are
further encrypted in the database rendering the information useless to would be
hackers.
Physical Security
If a thief or hacker can gain physical access to a server there is no way to stop them from
gaining access to the information housed on the server. Likewise natural disasters and power
failures can cause severe interruptions to service as well as data corruption. To that end The
Gift 4 Charity is hosted in a SAS 70 Type II certified world-class infrastructure engineered from
the ground up to support just about any kind of contingency.
Liebert UPS System
750 Kilowatt Diesel Generator
Inegen Fire Suppression
Backup Battery Supply
Network Operations Center (NOC)
Earthquake Isolation
Biometric Authentication
Heavily Monitored Facility
Security Man Traps
Process
In addition to facility security and encryption, best practices regarding information flow and
process help to ensure data security. Sensitive information is wiped from the system once
donations have been processed. Social security numbers are not stored on an ongoing basis.
Daily backups are housed on site within the secured facility. Physical backups are kept off-site
in fireproof lock boxes within a secure facility (security guard, video surveillance, etc.)
Web Application Design
The web application framework is based on a custom modular framework. The
custom nature of the framework allows for not only flexibility of design and
implementation but also obfuscates security holes that propagate quickly on
ubiquitous frameworks (this is one reason why Windows and Internet Explorer are
so readily and easily exploited).
All critical data paths are secured and critical form data submissions are handled by encrypted
POST versus GET. In some areas POST data is further encrypted or serialized/encrypted
before being passed page to page within a session. Data interception would yield no usable
information.
Password and Login recovery are handled securely. In many basic web applications a lost
password request yields a plaintext email with a user's login and password. This is not only
inappropriate but also one of the largest security holes on the web today. The Gift 4 Charity
handles lost login/passwords in a secure manner never releasing this information in plaintext.
Gift4Charity.org Utilizes 256 Bit SSL
PRIVACY ACT NOTICE
Introduction
gift4charity.org takes your right to privacy seriously, and wants you to feel comfortable using this
web site. This privacy policy deals with personally-identifiable information (referred to as "data"
below) that may be collected by this site. This policy does not apply to other entities that are not
owned or controlled by gift4charity.org, nor does it apply to persons that are not employees or
agents of gift4charity.org, or that are not under gift4charity.org's control. Please take time to
read this site's Terms of use.
Collection of data
Registration for an account on this site requires only a valid e-mail address and a user name
that has not been chosen already. You are not required to provide any other information if you
do not want to. Please be aware that the user name you choose, the e-mail address you provide
and any other information you enter may render you personally identifiable, and may possibly
be displayed on this web site intentionally (depending on choices you make during the
registration process, or depending on the way in which the site is configured) or unintentionally
(subsequent to a successful act of intrusion by a third party). As on many web sites,
gift4charity.org may also automatically receive general information that is contained in server
log files, such as your IP address, and cookie information. Information about how advertising
may be served on this site (if it is indeed gift4charity.org's policy to display advertising) is set
forth below.
Use of data
Data may be used to customize and improve your user experience on this site. Efforts will be
made to prevent your data being made available to third parties unless (i) provided for otherwise
in this Privacy Policy; (ii) your consent is obtained, such as when you choose to opt-in or opt-out
for the sharing of data; (iii) a service provided on our site requires interaction with a third party,
or is provided by a third party, such as an application service provider; (iv) pursuant to legal
action or law enforcement; (v) it is found that your use of this site violates gift4charity.org's
policy, terms of service, or other usage guidelines, or if it is deemed reasonably necessary by
gift4charity.org to protect gift4charity.org's legal rights and/or property; or (vi) this site is
purchased by a third party, in which case that third party will be able to use the data in the same
manner as set forth in this policy. In the event you choose to use links displayed on this web site
to visit other web sites, you are advised to read the privacy policies published on those sites.
Cookies
Like many web sites, this web site sets and uses cookies to enhance your user experience -- to
remember your personal settings, for instance. Advertisements may display on this web site
and, if so, may set and access cookies on your computer; such cookies are subject to the
privacy policy of the parties providing the advertisement. However, the parties providing the
advertising do not have access to this site's cookies. These parties usually use non-personallyidentifiable or anonymous codes to obtain information about your visits to this site.
Minors
gift4charity.org might not allow persons who are aged thirteen or younger to become members
of this site. For more information, please contact the site administrator.
Changes to this privacy policy
Changes may be made to this policy from time to time. You will be notified of substantial
changes to this policy either by through the posting of a prominent announcement on the site,
and/or by a mail message sent to the e-mail address you have provided, which is stored within
your user settings.
NO GUARANTEES
While this privacy policy states standards for maintenance of data, and while efforts will be
made to meet the said standards, gift4charity.org is not in a position to guarantee compliance
with these standards. There may be factors beyond gift4charity.org's control that may result in
disclosure of data. Consquently, gift4charity.org offers no warranties or representations as
regards maintenance or non-disclosure of data.
Contact information
If you have any questions about this policy or about this web site, please feel free to contact the
site administrator.
Terms and Conditions
TERMS & CONDITIONS
The Gift4Charity Web Site (the "Service") is an online information and communications service
provided by Gift4Charity, subject to your compliance with the terms and conditions set forth
below including, all exhibits hereto.
Please read this Agreement carefully before accessing or using the Service. By accessing or
using the Service, you agree to be bound by the terms and conditions set forth below. If you do
not wish to be bound by these terms and conditions, you may not access or use the Service. If
you utilize the Service in a manner inconsistent with these terms and conditions, Gift4Charity
may terminate your access, block your future access and/or seek such additional relief as the
circumstances of your misuse indicate is proper. Gift4Charity may modify this Agreement at any
time, and such modifications shall be effective immediately upon posting of the modified
Agreement. You agree to review the Agreement periodically to be aware of such modifications
and your continued access or use of the Service shall be deemed your conclusive acceptance
of the modified Agreement.
1. Operating Policies. You agree to comply with the Operating Policies set forth in Exhibit
A (as they may be amended by Gift4Charity from time to time), which are the rules that
govern your activity in connection with the Service. Gift4Charity has the right but not the
obligation to remove any communications and materials that Gift4Charity believes in its
sole discretion violate the Operating Policies.
2. Copyright, Licenses and Idea Submissions. The entire contents of the Service are
copyrighted under the United States copyright laws. The owner of the copyright is
Gift4Charity. You may print and download portions of material from the different areas of
the Service solely for your own non-commercial use. You may make: (a) one machine
readable copy, (b) one backup copy, and (c) one print copy of any portions of material
downloaded from the different areas of the Service solely for your non-commercial use.
Any other copying, redistribution, retransmission or publication of any downloaded
material, is strictly prohibited without the express written consent of Gift4Charity or any
third party information provider to the Service. You agree not to change or delete any
proprietary notices from materials downloaded from the Service. You agree to grant to
Gift4Charity a non-exclusive, royalty-free, worldwide, perpetual license, with the right to
sublicense, to reproduce, distribute, transmit, create derivative works of, publicly display
and publicly perform any materials and other information (including, without limitation,
ideas contained therein for new or improved products and services) you submit to public
areas of the Service (such as bulletin boards, forums and newsgroups) by all means and
in any media now known or hereafter developed. You also grant to Gift4Charity the right
to use your name in connection with the submitted materials and other information as
well as in connection with all advertising, marketing and promotional material related
thereto. You agree that you shall have no recourse against Gift4Charity for any alleged
or actual infringement or misappropriation of any proprietary right in your
communications to us.
3. Use of the Service. You understand that, except for information, products or services
clearly identified as being supplied by Gift4Charity, Gift4Charity does not operate,
control or endorse any information, products or services on the Internet in any way.
Except for Gift4Charity-identified information, products or services, all information,
products and services offered through the Service or on the Internet generally are
offered by third parties that are not affiliated with Gift4Charity. You also understand that
Gift4Charity cannot and does not guarantee or warrant that files available for
downloading through the Service will be free of infection or viruses, worms, Trojan
horses or other code that manifest contaminating or destructive properties. You are
responsible for implementing sufficient procedures and checkpoints to satisfy your
particular requirements for accuracy of data input and output, and for maintaining a
means external to the Service for the reconstruction of any lost data. You assume total
responsibility and risk for your use of the Service and the Internet. Gift4Charity
does not make any express or implied warranties, representations or
endorsements whatsoever (including without limitation warranties of title or
noninfringement, or the implied warranties of merchantability or fitness for a
particular purpose) with regard to the Service, any merchandise, information or
service provided through the Service or on the Internet generally, and Gift4Charity
shall not be liable for any cost or damage arising either directly or indirectly from
any such transaction. It is solely your responsibility to evaluate the accuracy,
completeness and usefulness of all opinions, advice, services, merchandise and
other information provided through the Service or on the Internet generally.
Gift4Charity does not warrant that the Service will be uninterrupted or error-free or
that defects in the Service will be corrected. The Service and any software made
available on the Service are provided on an "as is, as available" basis.
You understand further that the Internet contains unedited materials some of
which are sexually explicit or may be offensive to you. You access such materials
at your risk. Gift4Charity has no control over and accepts no responsibility
whatsoever for such materials.
In no event will Gift4Charity be liable for (I) any incidental, consequential, or
indirect damages (including, but not limited to, damages for loss of profits,
business interruption, loss of programs or information, and the like) arising out of
the use of or inability to use the Service, or any information, or transactions
provided on the Service or downloaded or hyperlinked from the Service, even if
Gift4Charity or its authorized representatives have been advised of the possibility
of such damages, or (II) any claim attributable to errors, omissions, or other
inaccuracies in the Service and/or materials or information downloaded through,
or hyperlinked from, the Service. Because some states do not allow the exclusion
or limitation of liability for consequential or incidental damages, the above
limitation may not apply to you. In such states, Gift4Charity's liability is limited to
the greatest extent permitted by law.
4. Indemnification. You agree to indemnify, defend and hold harmless Gift4Charity, its
officers, directors, employees, agents, licensors, suppliers and any third party
information providers to the Service from and against all losses, expenses, damages
and costs, including reasonable attorneys' fees, resulting from any violation of this
Agreement by you.
5. Third Party Rights. The provisions of paragraphs 3 (Use of the Service), and 4
(Indemnification) are for the benefit of Gift4Charity and its officers, directors, employees,
agents, licensors, suppliers, and any third party information providers to the Service.
Each of these individuals or entities shall have the right to assert and enforce those
provisions directly against you on its own behalf.
6. Term; Termination. This Agreement may be terminated by either party without notice at
any time for any reason; provided that you may no longer use the Service after you have
terminated this Agreement. The provisions of paragraphs 2 (Copyright, Licenses and
Idea Submissions), 3 (Use of the Service), 4 (Indemnification), 5 (Third Party Rights) and
8 (Miscellaneous) shall survive any termination of this Agreement.
7. Maintenance. Periodically the Service may require maintenance including, but not
limited to, revisions, updates, fixes, and database maintenance which will require the
Service to be temporarily suspended. This suspension will, in no way, constitute a
breach of service provided by the Service. During maintenance periodic and random
deletions of data including, but not limited to, web logs, web statistics tracking metrics
and expired user data may occur.
8. Miscellaneous. This Agreement shall all be governed and construed in accordance with
the laws of the State of Minnesota applicable to agreements made and to be performed
in Minnesota. You agree that any legal action or proceeding between Gift4Charity and
you for any purpose concerning this Agreement or the parties' obligations hereunder
shall be brought exclusively in a federal or state court of competent jurisdiction sitting in
Minneapolis. Any cause of action or claim you may have with respect to the Service
must be commenced within one (1) year after the claim or cause of action arises or such
claim or cause of action is barred. Gift4Charity's failure to insist upon or enforce strict
performance of any provision of this Agreement shall not be construed as a waiver of
any provision or right. Neither the course of conduct between the parties nor trade
practice shall act to modify any provision of this Agreement. Gift4Charity may assign its
rights and duties under this Agreement to any party at any time without notice to you.
Exhibit A
Operating Policies
Your participation in on-line communications occurs in real time and is not edited, censored, or
otherwise controlled by Gift4Charity. Gift4Charity cannot and does not screen content provided
by users of the Service. Notwithstanding the foregoing, Gift4Charity reserves the right to monitor
content on the Service and to remove content which Gift4Charity, in its sole discretion,
determines to be harmful, offensive, or otherwise in violation of these Operating Policies. In
order to maintain an informative and valuable service that meets the needs of the users of the
Service and avoids the harm that can result from disseminating statements that are false,
malicious, violate the rights of others, or otherwise harmful, it is necessary to establish the
following rules to protect against abuse:
I.
II.
III.
IV.
V.
VI.
VII.
VIII.
IX.
X.
Unless you are participating in an area of the Service that requires or encourages
anonymity, use your real name in online communications.
You may not post or transmit any message which is libelous, defamatory or which
discloses private or personal matters concerning any person. You may not post or
transmit any message, data, image or program which is indecent, obscene or
pornographic.
You may not post or transmit any message, data, image or program that would violate
the property rights of others, including unauthorized copyrighted text, images or
programs, trade secrets or other confidential proprietary information, and trademarks or
service marks used in an infringing fashion.
You may not interfere with other users use of the Service.
You may not use any robot, spider, or other automatic device or process to monitor or
copy our web pages or any portion of the content contained herein without our express
written permission.
You may not post or transmit any file which contains viruses, worms, "Trojan horses" or
any other contaminating or destructive features.
You may not post or transmit any message which is harmful, threatening, abusive or
hateful. It is not the Service's intent to discourage you from taking controversial positions
or expressing vigorously what may be unpopular views; however, Gift4Charity reserves
the right to take such action as it deems appropriate in cases where the Service is used
to disseminate statements which are deeply and widely offensive and/or harmful.
You may not post or transmit charity requests, petitions for signatures, chain letters or
letters relating to pyramid schemes. You may not post or transmit any advertising,
promotional materials or any other solicitation of other users of the Service for goods or
services except in those areas (e.g., a classified bulletin board) that are designated for
such purpose.
You may not post or list articles which are off-topic according to the description of the
group or list or send unsolicited mass emailings to 10 people or more if such e-mail
could reasonably be expected to provoke complaints from its recipients.
You may not use the facilities and capabilities of the Service to conduct any activity or
solicit the performance of any illegal activity or other activity which infringes the rights of
others.
If you have any further questions, please email info@gift4charity.org
Related documents
Review Slides
Review Slides
CDRIN Privacy Statement
CDRIN Privacy Statement
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Patterning - Use variables in simple algebraic expressions and
Patterning - Use variables in simple algebraic expressions and
Acknowledgement of Privacy Practices
Acknowledgement of Privacy Practices
Lecture for Chapter 2.3 (Fall 09)
Lecture for Chapter 2.3 (Fall 09)
Keyloggers At Work
Keyloggers At Work
Online privacy JEOPARDY! - UNC School of Information and Library
Online privacy JEOPARDY! - UNC School of Information and Library
NMR Spectrometer (Versions 1 & 2 ) for 3H Labs
NMR Spectrometer (Versions 1 & 2 ) for 3H Labs
Parallel Test (RfPara 4001)
Parallel Test (RfPara 4001)
Download
advertisement