Dawn M. Turner (guest)

Dawn M. Turner is a professional author with a passion for technical regulations and standards, as well as for their relevance and impact on corporate operations and industry in general. Dawn has more than 10 years of IT industry experience in hardware, programming & systems & network engineering. Her educational background includes a Certificate in computer operations & programming, CompTIA and Microsoft certifications, including A+, MCSE and MCP, Associates degree with major in business & minor in computer science, Bachelors of Science degree with major in business forensics & minor in accounting and an MBA with concentrations in finance & economics.
An Overview of EBA's New Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) in the Light of COVID-19

An Overview of EBA's New Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) in the Light of COVID-19

Considering the COVID-19 impact on digitalization, EBA’s updated Guidelines on ICT and Security Risk Assessment will help focus on priority areas, including compliance.

Read more
Digital signature deployment models for banking - Operating as an eIDAS Compliant Registration Authority Reduces Costs and Preserves Customer Ownership

Digital signature deployment models for banking - Operating as an eIDAS Compliant Registration Authority Reduces Costs and Preserves Customer Ownership

The eIDAS regulation provides both the technical and legal framework for electronic identification and digital signatures that the banking sector needs to fully digitalize its processes and go paperless.

Read more
Three Deployment Versions & Business Models of eIDAS-compliant Remote Signing for Financial Institutions

Three Deployment Versions & Business Models of eIDAS-compliant Remote Signing for Financial Institutions

This article looks at 3 alternative deployment options for remote signing, catering for 3 different business models. The choice of the option will depend on the financial institution’s specific situation and strategic goals. This article gives guidance.

Read more
eIDAS-Qualified Remote Signing: Exploring EN 419 241-2 Certified Qualified Signature Creation Devices 

eIDAS-Qualified Remote Signing: Exploring EN 419 241-2 Certified Qualified Signature Creation Devices 

EU Regulation No 910/2014 (eIDAS) addresses the creation of remote electronic signatures using electronic signature creation data that is managed remotely by a third-party trust service provider (TSP) working on behalf of the signee.

Read more
Cryptomathic’s Signer Builds on the Only QSCD Certified under SOG-IS

Cryptomathic’s Signer Builds on the Only QSCD Certified under SOG-IS

Under eIDAS, a qualified electronic signature creation device (QSCD) must be certified and approved to be used for generating qualified electronic signatures (QES). Cryptomathic’s Signer is the only QSCD that is certified under the SOG-IS agreement using the Common Criteria Recognition Arrangement (CCRA).

Read more
BYOK: a Solution for EBA’s New ICT and Security Risk Management Guidelines

BYOK: a Solution for EBA’s New ICT and Security Risk Management Guidelines

The European Banking Authority's (EBA’s) new ICT and Security Risk Management Guidelines provide guidance for cybersecurity requirements for financial institutions and third-party partners.

Read more
PCI Requirements on Implementing Key Blocks - Migration Phases and Key Management Solutions

PCI Requirements on Implementing Key Blocks - Migration Phases and Key Management Solutions

In June 2019, the PCI Security Standards Council issued an information supplement titled PCI PIN Security Requirement 18-3 – Key Blocks, which requires that encrypted symmetric keys be managed in structures called “Key Blocks.”

Read more
SHA-1 is Practical and Cost-Effective to Crack Now

SHA-1 is Practical and Cost-Effective to Crack Now

This article discusses recent warnings that a chosen-prefix collision attack on SHA-1 is now practical and cost-effective for attackers.

Read more
Summary of cryptographic algorithms - according to NIST

Summary of cryptographic algorithms - according to NIST

The cryptographic protection of a system against attacks and malicious penetration depends on two dimensions: (1) The strength of the keys and the effectiveness of mechanisms and protocols associated with the keys; and (2) the protection of the keys through key management (secure key generation, storage, distribution, use and destruction).

Read more