Found in 1 comment on Hacker News
Tangurena · 2009-02-06 · Original thread
The case is mostly #3.

PCI-DSS is the most commonly used standard, is aimed at retailers and payment processing systems. And while it is credit card based, much of what is in it covers other stuff that you should be thinking about if you're storing banking information.

One book to look at is Cryptography in the Database. There is a section about laws that cover data security such as GLBA (which says nothing that a developer finds useful) and SOX (which, for software development, is more about background checks and version/configuration control). http://www.amazon.com/Cryptography-Database-Defense-Symantec...

Another book that may help with keeping the data away from hackers (and rogue employees) is Translucent Databases. I have the 1st edition, and the 2nd just came out last month: http://www.amazon.com/Translucent-Databases-2nd-authenticati...

In support of #1, check out NIST's 800 series of standards. When we were looking to bid on a government computing contract, they included a long list of them by reference, effectively turning a 3k page RFP into about 6k pages: http://csrc.nist.gov/publications/PubsSPs.html

Fresh book recommendations delivered straight to your inbox every Thursday.