Security Without Obscurity: A Guide to Pki Operations

Stapleton, Jeff, Epstein, W. Clay

  • 出版商: CRC
  • 出版日期: 2024-02-26
  • 售價: $2,400
  • 貴賓價: 9.5$2,280
  • 語言: 英文
  • 頁數: 298
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1032545259
  • ISBN-13: 9781032545257
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

相關主題

商品描述

Public Key Infrastructure (PKI) is an operational ecosystem that employs key management, cryptography, information technology (IT), information security (cybersecurity), policy and practices, legal matters (law, regulatory, contractual, privacy), and business rules (processes and procedures). A properly managed PKI requires all of these disparate disciplines to function together - coherently, efficiently, effectually, and successfully. Clearly defined roles and responsibilities, separation of duties, documentation, and communications are critical aspects for a successful operation. PKI is not just about certificates, rather it can be the technical foundation for the elusive "crypto-agility," which is the ability to manage cryptographic transitions. The second quantum revolution has begun, quantum computers are coming, and post-quantum cryptography (PQC) transitions will become PKI operation's business as usual.

商品描述(中文翻譯)

公鑰基礎設施(PKI)是一個運作生態系統,利用金鑰管理、密碼學、資訊科技(IT)、資訊安全(網路安全)、政策與實務、法律事項(法律、監管、契約、隱私)以及業務規則(流程與程序)。一個適當管理的PKI需要所有這些不同的學科共同運作 - 連貫、高效、有效和成功。明確定義的角色和責任、職責分離、文件記錄和溝通是成功運作的關鍵要素。PKI不僅僅是關於證書,它可以成為難以捉摸的「加密靈活性」的技術基礎,即管理加密過渡的能力。第二次量子革命已經開始,量子電腦即將來臨,後量子密碼學(PQC)過渡將成為PKI運作的常態。

作者簡介

Jeff Stapleton is the author of the Security Without Obscurity five-book series (CRC Press). He has over 30 years' cybersecurity experience, including cryptography, key management, PKI, biometrics, and authentication. Jeff has participated in developing dozens of ISO, ANSI, and X9 security standards for the financial services industry. He has been an architect, assessor, auditor, author, and subject matter expert. His 30-year career includes Citicorp, MasterCard, RSA Security, KPMG, Innové, USAF Crypto Modernization Program Office, Cryptographic Assurance Services (CAS), Bank of America, and Wells Fargo Bank. He has worked with most of the payment brands, including MasterCard, Visa, American Express, and Discover. His areas of expertise include payment systems, cryptography, PKI, PQC, key management, biometrics, IAM, privacy, and zero trust architecture (ZTA). Jeff holds Bachelor of Science and Master of Science degrees in computer science from the University of Missouri. He was an instructor at Washington University (St. Louis) and was an adjunct professor at the University of Texas at San Antonio (UTSA).

W. Clay Epstein currently operates a cybersecurity consulting company Steintech LLC, specializing in Cybersecurity, Encryption Technologies, PKI, and Digital Certificates. He has international experience developing and managing public key infrastructures primarily for the financial services industry. Clay has worked as an independent Cybersecurity and PKI consultant for the past 11 years. Previously, Clay was the VP and Technical Manager at Bank of America responsible for the Bank's global Public Key Infrastructure and Cryptography Engineering Group. Prior to Bank of America, Clay was CIO and Head of Operations at Venafi, a certificate and encryption key management company. Prior to Venafi, Clay was Senior Vice President of Product and Technology at Identrus, a global identity management network based on PKI for international financial institutions. Previously, Clay also served as Head of eCommerce Technologies for Australia and New Zealand Banking Group (ANZ) and was the CTO for Digital Signature Trust Co. Clay holds a Bachelor of Science in Computer Science degree from the University of Utah and a Master of Business Administration in Management Information Systems degree from Westminster College.

作者簡介(中文翻譯)

Jeff Stapleton是《Security Without Obscurity》五本書系列(CRC Press)的作者。他擁有超過30年的資訊安全經驗,包括密碼學、金鑰管理、PKI、生物識別和身份驗證。Jeff參與開發了數十個金融服務業的ISO、ANSI和X9安全標準。他曾擔任架構師、評估師、審計師、作者和專家。他的職業生涯包括Citicorp、MasterCard、RSA Security、KPMG、Innové、USAF Crypto Modernization Program Office、Cryptographic Assurance Services(CAS)、Bank of America和Wells Fargo Bank。他曾與MasterCard、Visa、American Express和Discover等大部分支付品牌合作。他的專業領域包括支付系統、密碼學、PKI、PQC、金鑰管理、生物識別、IAM、隱私和零信任架構(ZTA)。Jeff擁有密蘇里大學計算機科學學士和碩士學位。他曾在華盛頓大學(聖路易斯)擔任講師,並在聖安東尼奧德州大學(UTSA)擔任兼職教授。

W. Clay Epstein目前經營一家名為Steintech LLC的資訊安全顧問公司,專門從事資訊安全、加密技術、PKI和數位憑證。他在國際上擁有發展和管理公鑰基礎設施的經驗,主要針對金融服務業。Clay在過去11年中擔任獨立的資訊安全和PKI顧問。在此之前,Clay是美國銀行的副總裁兼技術經理,負責該銀行的全球公鑰基礎設施和加密工程團隊。在加入美國銀行之前,Clay是憑證和加密金鑰管理公司Venafi的首席信息官和運營主管。在加入Venafi之前,Clay曾擔任全球基於PKI的身份管理網絡Identrus的產品和技術高級副總裁,該網絡為國際金融機構提供服務。此前,Clay還曾擔任澳大利亞和新西蘭銀行集團(ANZ)的電子商務技術主管,並擔任數字簽名信任公司的首席技術官。Clay擁有猶他大學計算機科學學士學位和威斯敏斯特學院管理信息系統碩士學位。