Librería Portfolio Librería Portfolio

Búsqueda avanzada

TIENE EN SU CESTA DE LA COMPRA

0 productos

en total 0,00 €

SECURITY WITHOUT OBSCURITY: A GUIDE TO PKI OPERATIONS
Título:
SECURITY WITHOUT OBSCURITY: A GUIDE TO PKI OPERATIONS
Subtítulo:
Autor:
STAPLETON, J
Editorial:
CRC PRESS
Año de edición:
2016
Materia
SEGURIDAD Y CRIPTOGRAFIA
ISBN:
978-1-4987-0747-3
Páginas:
343
65,95 €

 

Sinopsis

Features

Provides a no-nonsense approach and realistic guide for operating a PKI system
Includes discussions on PKI best practices and contains warnings against PKI bad practices
Presents multiple anonymous case studies that illustrate what not to do when handling particular problems
Summary

Most books on public key infrastructure (PKI) seem to focus on asymmetric cryptography, X.509 certificates, certificate authority (CA) hierarchies, or certificate policy (CP), and certificate practice statements. While algorithms, certificates, and theoretical policy are all excellent discussions, the real-world issues for operating a commercial or private CA can be overwhelming.

Security without Obscurity: A Guide to PKI Operations provides a no-nonsense approach and realistic guide to operating a PKI system. In addition to discussions on PKI best practices, the book supplies warnings against bad PKI practices. Scattered throughout the book are anonymous case studies identifying both good and bad practices.

The highlighted bad practices, based on real-world scenarios from the authors' experiences, illustrate how bad things are often done with good intentions but cause bigger problems than the original one being solved.

This book offers readers the opportunity to benefit from the authors' more than 50 years of combined experience in developing PKI-related policies, standards, practices, procedures, and audits, as well as designing and operating various commercial and private PKI systems.



Table of Contents

Introduction
About This Book
Security Basics
Standards Organizations

Cryptography Basics
Encryption
Authentication
Nonrepudiation
Key Management
Cryptographic Modules

PKI Building Blocks
PKI Standards Organizations
PKI Protocols: SSL and TLS
PKI Protocol: IPsec
PKI Protocol: S/MIME
PKI Methods: Legal Signatures and Code Sign
PKI Architectural Components

PKI Management and Security
Introduction
Publication and Repository Responsibilities
Identification and Authentication
Certificate Lifecycle Operational Requirements
Facility, Management, and Operational and Physical Controls
Technical Security Controls
Certificate, CRL, and OCSP Profiles
Compliance Audits and Other Assessments
Other Business and Legal Matters

PKI Roles and Responsibilities
Certificate Authority
Registration Authority
Policy Authority
Subscribers
Relying Party
Agreements

Security Considerations
Physical Security
Logical Security
Audit Logs
Cryptographic Modules

Operational Considerations
CA Architectures
Security Architectures
Certificate Management
Business Continuity
Disaster Recovery
Affiliations

Incident Management
Areas of Compromise in a PKI
PKI Incident Response Plan
Monitoring the PKI Environment Prior to an Incident
Initial Response to an Incident
Detailed Discovery of an Incident
Collection of Forensic Evidence
Reporting of an Incident

PKI Governance, Risk, and Compliance
PKI Governance
Management Organization
Security Organization
Audit Organization
PKI Risks
Cryptography Risks
Cybersecurity Risks
Operational Risks
PKI Compliance
Evaluation Criteria
Gap Assessment
Audit Process

Advanced PKI
Industry Initiatives
Certificate Trust Levels
Relying Party Unit
Short-Term Certificates
Long-Term Certificates

Bibliography

Index