10 Tips for a Cryptographic Key Management System in the Banking Industry - a Penetration Testing Perspective

This article discusses the shortcomings and learnings from penetration testing of cryptographic key management systems for banking organizations.

Read more

Key Management: Explaining the Life Cycles of a Cryptographic Key

This paper discusses the various phases in the life cycle of a cryptographic key, and how the operational life-time and key strength can be determined.

Read more

Key Management Strategies for SaaS: Avoid the pitfalls in the Cloud


This article discusses key management strategies for the SaaS cloud model, and unique security problems to be dealt with because of lack of user control.

Read more

Encryption Key Management Challenges for IaaS in the Cloud


This article discusses key management methods for the IaaS Cloud model, and security problems to be dealt with because of its virtualization structure.

Read more

Key Management Systems - Recommended Capabilities & Functions


Typical Services Provided by Key Management Systems

Key management is the administration of tasks involved in all aspects of cryptographic key usage in a cryptosystem. This includes dealing with the generation, distribution, exchange, storage, use, and replacement of keys. All aspects of security should be covered for the life-cycle of a key, from key generation to replacement, storage, or disposal. Each key must also be protected during its life-time to prevent unauthorized disclosure, modification, substitution, replay, and improper use. Likewise, the functions used in key management must be prevented from such unauthorized use.

Read more

Regain control of cryptographic keys in large organisations with centralised key management

This article describes from a CISO perspective how to manage and protect security assets in large organisations, i.e. the cryptographic keys and suggests adequate procedures and systems.

2/3 of organizations with public facing vulnerable to hacker attacks

The Heartbleed security vulnerability, publicised in March 2014, received an abundance of media attention as it exposed over 1 million web servers worldwide relying on OpenSSL version 1.0.1. The bug was corrected shortly after the leak with the release of OpenSSL v1.0.1g on April 7th 2014. However, estimates suggest that around 2/3 of organisations with public-facing systems are still vulnerable to the attack.

Read more

How to protect mobile banking and payment apps from malicious app attacks

We are constantly reminded by news stories how complex it can be to secure mobile banking and payments apps. A recent study has found that 11% percent of Android banking apps are suspicious, which is enough to frighten many banking app service

Read more

Signing in the Cloud

Introduction

What is driving Electronic Commerce and e-Government solutions? The answer is simple: useful applications and user-friendly yet secure solutions that can deliver operational cost savings. Smartcards, used for providing digital signatures for Electronic Commerce (EC), never caught on in any significant volume for the mere fact that there are very few smartcard readers around, which makes such solutions very expensive. However, there is an alternative

Read more

Business Requirements for Crypto Key Management - Marketplace Dynamics

We live in an information age where customers demand access to your organisations services anytime, from anywhere and via almost any medium. Invariably services are on-line and if you fail to provide them, your competitors will. The rate of change and innovation is unprecedented.

Read more