|
Showing 1 - 5 of
5 matches in All Departments
Security without Obscurity: Frequently Asked Questions (FAQ)
complements Jeff Stapleton's three other Security without Obscurity
books to provide clear information and answers to the most commonly
asked questions about information security (IS) solutions that use
or rely on cryptography and key management methods. There are good
and bad cryptography, bad ways of using good cryptography, and both
good and bad key management methods. Consequently, information
security solutions often have common but somewhat unique issues.
These common and unique issues are expressed as an FAQ organized by
related topic areas. The FAQ in this book can be used as a
reference guide to help address such issues. Cybersecurity is based
on information technology (IT) that is managed using IS controls,
but there is information, misinformation, and disinformation.
Information reflects things that are accurate about security
standards, models, protocols, algorithms, and products.
Misinformation includes misnomers, misunderstandings, and lack of
knowledge. Disinformation can occur when marketing claims either
misuse or abuse terminology, alluding to things that are inaccurate
or subjective. This FAQ provides information and distills
misinformation and disinformation about cybersecurity. This book
will be useful to security professionals, technology professionals,
assessors, auditors, managers, and hopefully even senior management
who want a quick, straightforward answer to their questions. It
will serve as a quick reference to always have ready on an office
shelf. As any good security professional knows, no one can know
everything.
Information security has a major gap when cryptography is
implemented. Cryptographic algorithms are well defined, key
management schemes are well known, but the actual deployment is
typically overlooked, ignored, or unknown. Cryptography is
everywhere. Application and network architectures are typically
well-documented but the cryptographic architecture is missing. This
book provides a guide to discovering, documenting, and validating
cryptographic architectures. Each chapter builds on the next to
present information in a sequential process. This approach not only
presents the material in a structured manner, it also serves as an
ongoing reference guide for future use.
Security without Obscurity: Frequently Asked Questions (FAQ)
complements Jeff Stapleton's three other Security without Obscurity
books to provide clear information and answers to the most commonly
asked questions about information security (IS) solutions that use
or rely on cryptography and key management methods. There are good
and bad cryptography, bad ways of using good cryptography, and both
good and bad key management methods. Consequently, information
security solutions often have common but somewhat unique issues.
These common and unique issues are expressed as an FAQ organized by
related topic areas. The FAQ in this book can be used as a
reference guide to help address such issues. Cybersecurity is based
on information technology (IT) that is managed using IS controls,
but there is information, misinformation, and disinformation.
Information reflects things that are accurate about security
standards, models, protocols, algorithms, and products.
Misinformation includes misnomers, misunderstandings, and lack of
knowledge. Disinformation can occur when marketing claims either
misuse or abuse terminology, alluding to things that are inaccurate
or subjective. This FAQ provides information and distills
misinformation and disinformation about cybersecurity. This book
will be useful to security professionals, technology professionals,
assessors, auditors, managers, and hopefully even senior management
who want a quick, straightforward answer to their questions. It
will serve as a quick reference to always have ready on an office
shelf. As any good security professional knows, no one can know
everything.
Information security has a major gap when cryptography is
implemented. Cryptographic algorithms are well defined, key
management schemes are well known, but the actual deployment is
typically overlooked, ignored, or unknown. Cryptography is
everywhere. Application and network architectures are typically
well-documented but the cryptographic architecture is missing. This
book provides a guide to discovering, documenting, and validating
cryptographic architectures. Each chapter builds on the next to
present information in a sequential process. This approach not only
presents the material in a structured manner, it also serves as an
ongoing reference guide for future use.
Most books on public key infrastructure (PKI) seem to focus on
asymmetric cryptography, X.509 certificates, certificate authority
(CA) hierarchies, or certificate policy (CP), and certificate
practice statements. While algorithms, certificates, and
theoretical policy are all excellent discussions, the real-world
issues for operating a commercial or private CA can be
overwhelming. Security without Obscurity: A Guide to PKI Operations
provides a no-nonsense approach and realistic guide to operating a
PKI system. In addition to discussions on PKI best practices, the
book supplies warnings against bad PKI practices. Scattered
throughout the book are anonymous case studies identifying both
good and bad practices. The highlighted bad practices, based on
real-world scenarios from the authors' experiences, illustrate how
bad things are often done with good intentions but cause bigger
problems than the original one being solved. This book offers
readers the opportunity to benefit from the authors' more than 50
years of combined experience in developing PKI-related policies,
standards, practices, procedures, and audits, as well as designing
and operating various commercial and private PKI systems.
|
|