Cyber security is a field both deep and broad with a large number of complicated facets. As no one can be an expert in all things, it can sometimes be difficult even for experienced security professionals to know where vulnerabilities are in the system.
That’s where risk assessments come in; they can help you identify problems that need to be addressed. The problem is that risk assessment tools aren’t always straightforward or easy-to-use.
That’s why we’ve put together this guide to help simplify the process for you. Using four basic questions, you can quickly identify if there’s cause for serious concern regarding your PKI management. While this guide won’t be comprehensive, it will certainly help you begin the risk management process for your system’s security.
1. How Do You Manage Keys and Certificates?
A business’s PKI may start with a single key and a handful of certificates, but it won’t end there. As the company grows, so will its online presence, and a larger digital footprint requires more certificates to secure. Depending on the size of the website, a company can quickly accumulate 10,000 certificates or more.
That’s a lot of information to keep track of, and how you track it makes a big difference. There are usually two approaches: you’re either using unsophisticated tactics like tracking it yourself in a spreadsheet or trusting your CA to do it, or you’re using a trustworthy third-party solution. If your solution is the former, you’re making a big PKI management mistake.
2. Who Requests Keys and Certificates?
This question is like playing golf: the fewer the better. Ideally, your PKI management will be centralized and under the jurisdiction of a single department. The more departments that are authorized to request keys and certificates from a CA, the more difficult your PKI will (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-assessment-pki-management/