PKI – Assessment

continue

"The concept of risk is built around the fact that a lot of things can leave you open to a problem and often you don’t even know what these things are."

PKI Assessment engagement

It  will consist of assessing the current PKI and certificate management practices used by the customer and the development of a strategy and roadmap for enterprise PKI and certificate management.

In this phase of the engagement, we will perform the following activities:

Phase one

Review Customers existing PKI (on-prem /Cloud-based PKI) procedures across the customers’ environment. The review will include an assessment of current certificate request, issuance and provisioning processes, and review the current policies.

Phase two

Analyze the current inventory of certificates provided by the Customer for the following certificate types: server TLS (Transport Layer Security), email S/MIME (Secure/Multipurpose Internet Mail Extensions), code signing, client and device certificates.

Phase three

Assist the Customer in defining a future state for certificate management with the following goals:

  • Enhanced security & governance
  • Consolidation and simplification of tools, processes etc. globally.
  • Automation (e.g., ServiceNow integration, end to end life cycle etc.)
  • Cost optimization

Phase four

Assist the Customer in developing a strategy for PKI based on the observations from the review program analysis, the Customer’s certificate inventory analysis, and the defined future state.

This engagement will be delivered over an eight-week period

PKI Current State Assessment Approach

Input

  • Current State Architecture
  • Physical & Logical Security
  • Monitoring & Audit Logging
  • Certificate & SSH Key & Lifecycle Management
  • PKI Operations
  • Business Continuity Planning
  • Certificate Policy (CP) and Certificate Practice Statement (CPS)
  • Risk and Compliance

Current State Analysis

Operational Efficiency

People

Security

Process

High Availability

Technology

Output

  • Observation
  • Gaps
  • Recommendations
  • Roadmap & Strategy

PKI Assessment Engagement Approach

The PKI Assessment engagement approach is described in the following steps:

Project Initiation

Project planning

  • Confirm stakeholders
  • Discuss kick-off meeting logistics and participants
  • Identify working space
  • Agree upon communication and status reporting protocols
  • Agree on read team testing scenario, scope and timing

Work Products

  • Confirmed stakeholder list
  • Work plan

Kick-off

  • Conduct kick-off meeting with key stakeholders
  • Coordinate and schedule interviews and/or workshops
  • Documentation request
  • Gain initial insights to Customer environment

Work Products

  • Kick-off meeting presentation
  • Interviewee list

PKI Program Assessment

Risk and Maturity Assessment

  • Review security policies, organization and governance
  • Conduct up to 5 interviews with executives, IT, InfoSec and business groups
  • Identify overall security program gaps and score security domains
  • Identify benchmark data
  • Develop key current state themes based on assessment
  • Conduct current state validation workshop

Work Products

  • Validated current state
  • Identification of security risks and gaps for each area
  • Top risk-ranked assets

Roadmap Development

Recommendations and Roadmap

  • Identify possible root causes and risks associated with gaps
  • Develop strategic, tactical, and “quickwin” initiatives
  • In collaboration with stakeholders, prioritize initiatives in a roadmap
  • Review roadmap with customer

Work Products

  • Detailed report outlining gaps and roadmap of prioritized initiatives

Reporting

Executive Summary

  • Draft executive summary and report
  • Obtain management feedback
  • Finalize report

Work Products

  • Executive level business and technical summary report
  • Final customer Information Security

Case Study

See how Encryption Consulting assisted a Retail institution in implementing a new PKI Infrastructure.

Icon

“Encryption Consulting developed a PKI Strategy for our organization which helped us remediate our current PKI environment in different areas such as PKI Operations, Certificate lifecycle management, and Design & Architecture .”

CISO, Financial Institution

Blog

Digital trends driving pki usage

Public key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates

Report

Encryption Consulting PKI & IoT Trends Survey

A study on global usage trends on Public Key Infrastructure (PKI) and Internet of Things (IoT) along with their application possibilities.

Download Report

Other Public key infrastructure Services

Ready to get started?

Ready to get your PKI and certificate management practices evaluated?

Request a consultation