Ashiq JA (guest)

Ashiq JA, Cyber Security Consultant and Security Writer with solid experience in the security field and expertise in risk management for Financial and Government sector through vulnerability management, security audits and assessments, security policies and procedures, risk mitigation, application penetration testing and secure software development. He is currently working as Cyber Security Consultant at a Federal body in United Arab Emirates.

Remote Monitoring - A unified view for auditing, detecting and recording relevant key management security events

This article describes the relevant factors, roles and tools, required for remote monitoring, including auditing, detecting and recording key management security events in four key dimensions.

Read more

How to define appropriate Crypto-periods for Cryptographic keys

The period of time between the key activation and key deactivation is called the crypto period of the key. The crypto period is defined by factors such as the sensitivity of the data, the risk of key compromise, and the cost of new key generations.

Read more

Key Management Systems and Malware: The 5 Minimum Recommended Protective Measures

Malware infections have become more evolved and sophisticated. Similarly, the technologies for preventing malware threats and attacks have evolved to use a multi-layered approach. 

The term malware is short for "malicious software." Malware is designed to harm computer systems or networks, typically to gain access for monetary gains. Different types of malware are designed for specific categories of infections such as Adware, Spyware, Worm, Trojan, Keyloggers and Ransomware.

This article discusses the 5 protective measures for securing key management systems from malware threats within an organization.

Read more

Expert’s Guidelines on how to document a Key Management System

This article discusses the importance and usage of documentation for a key management system within an organization.

Read more

Server and Device Hardening Recommendations for Key Management Systems

This article discusses the procedures and techniques used in key management system hardening for servers and devices. 

Read more

How To Solve The Biggest Problems With Key Management

Cryptographic keys are used to secure data-at-rest and data-in-transit. Trying to keep them protected yet always available for use is one of the most difficult problems in practical cryptography. Improper key management can lead to key leakage, where an attacker obtains the key and recovers the sensitive messages from the encrypted data.

This article discusses the key management problems and Cryptomathic's approach to solving the challenges faced by large organizations that use cryptography for variety of applications.

Read more

How Leading Banks Excel at PCI DSS through Key Management

During April 2015, PCI DSS v3.1 was released as the latest iteration for industry-wide requirements and guidelines for securing cardholder data. 

This blog post discusses the cryptographic key management techniques used in the banking industry to comply with PCI DSS.

Read more

Advantages of Centralized Key Management

Traditionally, end-to-end lifecycle key management was achieved through inefficient paper-based procedures and highly resource intensive tasks performed by 4 or 5 employees, but this inefficient process leads to human errors and is very time and resource consuming. Centralized cryptographic key management is the best solution to overcome such dependency on individuals.

This article discusses the advantages of using a centralized key management system.

Read more

7 Tips for Correct Usage of Encryption to Secure eGovernment Processes

Encryption has become the most essential part of securing data online. The biggest headache to the Cybersecurity industry is a data breach. The last few years have seen an increase in hacking and exposure of confidential data to individuals or cyber criminals. Lack of data protection or data encryption has been one of the major reasons behind such security breaches.

Recently, a healthcare industry data breach occurred because the company stored Social Security Numbers of 80 million customers without encrypting them. The subsequent paragraphs suggest a set of best practices that can help to improve the level of cyber security in eGovernment transactions.

Read more