Link to home
Start Free TrialLog in
Avatar of TheTone
TheToneFlag for United States of America

asked on

Security - Recommended Browser Session Timeout

Based on PCI, HIPPA, etc, and other industry Security Standards what should the browser session timeout value be when dealing with sensitive customer data?  Please state your source as well as your recommendation.
Avatar of ahoffmann
ahoffmann
Flag of Germany image

there is no such definition
you need to make your own opinion according the thread agent you expect and the risk it may have in your business and/or business data
then you need to make a goog balance betwwen security and usability
good idle timeout (time where no action is done in this session) is 15-30 minutes, IMHO

but keep in mind, that you need to implement this in the server-side application *and not* rely on just a browser-side implementation
ASKER CERTIFIED SOLUTION
Avatar of TheTone
TheTone
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of TheTone

ASKER

I researched this all day reading all the actual security specifications for PCI, HIPPA, ISO/EC 27002-2005 which I was hoping someone else already did.