Ashiq JA (guest)

Ashiq JA, Cyber Security Consultant and Security Writer with solid experience in the security field and expertise in risk management for Financial and Government sector through vulnerability management, security audits and assessments, security policies and procedures, risk mitigation, application penetration testing and secure software development. He is currently working as Cyber Security Consultant at a Federal body in United Arab Emirates.

The eIDAS Agenda: Innovation, Interoperability and transparency

Digital signatures (and the accompanying concepts of encryption and authentication) have been a critical aspect of electronic communications for several years now, and both regulatory bodies and businesses continue to demonstrate a vested interest in the continued growth and advancement of this field.

A popular point of discussion and research among businesses in the EU is eIDAS, the EU regulation on the use of identification and trust services for electronic transactions in the internal market. Not only is eIDAS required for legally-compliant digital signatures, it's also part of a greater picture of technological innovation and growth within the EU.

Read more

Recommendations for Providing Digital Signature Services

With the ever-growing number of electronic transactions and documents, the use of digital signatures make it possible to trust and act upon these transactions as if they were printed on paper and signed by a trusted source. Digital signatures are used as a proof of authenticity, data integrity and non-repudiation of communications conducted over the internet. 

This article describes 7 drivers for successful digital signature services.

Read more

How to Deploy and Manage Cryptography in a Project the Right Way

With the ever increasing number of online services and electronic transactions, business owners are becoming ever more dependent on the use cryptography to prevent sensitive information from cyber attackers.

Read more

Using a Centralized Key Management System to Enforce Information Security Policies

A Key Management System (KMS) must be designed in a manner that supports the goals of each organization using the KMS. The aim of a security policy is to provide a secure working environment for the organization by establishing required security measures, protocols and controls. 

Read more

What is the right user interface for a Key Management System?

User interface design and usability are the deciding factors in attaining a good user experience for most IT deployments, including key management systems (KMS). The most significant constraint to the use of a KMS is the difficulty that some systems present to the non-specialist users.

User interfaces (UIs) that adapt to the expertise of the user can guide a new and less-trained user, while permitting an expert to use efficient shortcuts and to bypass step-by-step guidance.

This article presents high level recommendations on efficient user interface design for a key management system.

Read more

How Third Party Testing Can Improve Key Management System Security

Independent third-party testing is essential for identification, detection, and elimination of defects in a key management system (KMS). The third-party testing organizations often have specialized facilities and expertise to carry out the testing and offer unbiased testing reports. These testing and validation activities should be performed on each module including the security functions and the protective measures employed by each module. This article discusses the benefits of third party testing for a key management system.

Read more

Securing Web applications with Cryptographic Zones

A cryptographic zone exists between two points, where a symmetric key or asymmetric public keys are shared in order to encrypt sensitive information. Once the key, or keys have been exchanged, data, and in some cases other keys, are encrypted within this zone.

Read more

Assignment and Configuration of Roles in a Crypto Key Management System

This article introduces and describes the relevant roles needed to successfully manage a key management system in an organisation.

Read more

How to implement efficient Key Management in a Legacy Infrastructure

In this article, we discuss the various issues and present Cryptomathic’s approach to central key and crypto management that has been adopted by major banks. 

Read more