How Leading Banks Excel at PCI DSS through Key Management

During April 2015, PCI DSS v3.1 was released as the latest iteration for industry-wide requirements and guidelines for securing cardholder data. 

This blog post discusses the cryptographic key management techniques used in the banking industry to comply with PCI DSS.

Read more

Advantages of Centralized Key Management

Traditionally, end-to-end lifecycle key management was achieved through inefficient paper-based procedures and highly resource intensive tasks performed by 4 or 5 employees, but this inefficient process leads to human errors and is very time and resource consuming. Centralized cryptographic key management is the best solution to overcome such dependency on individuals.

This article discusses the advantages of using a centralized key management system.

Read more

7 Tips for Correct Usage of Encryption to Secure eGovernment Processes

Encryption has become the most essential part of securing data online. The biggest headache to the Cybersecurity industry is a data breach. The last few years have seen an increase in hacking and exposure of confidential data to individuals or cyber criminals. Lack of data protection or data encryption has been one of the major reasons behind such security breaches.

Recently, a healthcare industry data breach occurred because the company stored Social Security Numbers of 80 million customers without encrypting them. The subsequent paragraphs suggest a set of best practices that can help to improve the level of cyber security in eGovernment transactions.

Read more

10 Tips for a Cryptographic Key Management System in the Banking Industry - a Penetration Testing Perspective

This article discusses the shortcomings and learnings from penetration testing of cryptographic key management systems for banking organizations.

Read more

Key Management: Explaining the Life Cycles of a Cryptographic Key

This paper discusses the various phases in the life cycle of a cryptographic key, and how the operational life-time and key strength can be determined.

Read more

Key Management Strategies for SaaS: Avoid the pitfalls in the Cloud

This article discusses key management strategies for the SaaS cloud model, and unique security problems to be dealt with because of lack of user control.

Read more

Encryption Key Management Challenges for IaaS in the Cloud

This article discusses key management methods for the IaaS Cloud model, and security problems to be dealt with because of its virtualization structure.

Read more

Key Management Systems - Recommended Capabilities & Functions

Typical Services Provided by Key Management Systems

Key management is the administration of tasks involved in all aspects of cryptographic key usage in a cryptosystem. This includes dealing with the generation, distribution, exchange, storage, use, and replacement of keys. All aspects of security should be covered for the life-cycle of a key, from key generation to replacement, storage, or disposal. Each key must also be protected during its life-time to prevent unauthorized disclosure, modification, substitution, replay, and improper use. Likewise, the functions used in key management must be prevented from such unauthorized use.

Read more

Regain control of cryptographic keys in large organisations with centralised key management

This article describes from a CISO perspective how to manage and protect security assets in large organisations, i.e. the cryptographic keys and suggests adequate procedures and systems.

2/3 of organizations with public facing vulnerable to hacker attacks

The Heartbleed security vulnerability, publicised in March 2014, received an abundance of media attention as it exposed over 1 million web servers worldwide relying on OpenSSL version 1.0.1. The bug was corrected shortly after the leak with the release of OpenSSL v1.0.1g on April 7th 2014. However, estimates suggest that around 2/3 of organisations with public-facing systems are still vulnerable to the attack.

Read more