PKI Assessment

continue

"The concept of risk is built around the fact that a lot of things can leave you open to a problem and often you don’t even know what these things are."

Encryption Consulting has their own custom framework for doing a Public Key Infrastructure (PKI) Assessment for a customer based on NIST, PKI & HSM best practices. Every area of the customer’s PKI is evaluated and assigned a risk rating. This enables organizations to identify high risk components and prioritize remediation efforts. The scorecard from Encryption Consulting is an invaluable tool to security teams trying to plug gaps with a limited budget.

PKI Assessment engagement will consist of the assessment of the current certificate management practices at customer and the development of a strategy and roadmap for certificate management.

Below are the objectives of the PKI Assessment.

We at Encryption Consulting strive to follow every objective on every engagement:

Over the course of the engagement, we will:

  1. Review Customers existing PKI procedures across the global environment. The review will include an assessment of current certificate request, issuance and provisioning processes, and review of current policies.
  2. Analyze the current inventory of certificates provided by customer for the following certificate types: server TLS (Transport Layer Security), email S/MIME (Secure/Multipurpose Internet Mail Extensions), code signing, client and device certificates.
  3. Assist Customer in defining a future state for certificate management with the following goals:
    1. Enhanced security & governance
    2. Consolidation and simplification of tools, processes etc. globally.
    3. Automation (e.g., ServiceNow integration, end to end life cycle etc.)
    4. Cost optimization
  4. Assist Customer in developing a strategy for PKI based on the observations from the review program analysis, and the Customer certificate inventory analysis and the defined future state.

This engagement will be delivered over an eight-week period

PKI Assessment

Excel document with the results of the following activities:

  • Identification of stakeholders and information gathering sessions
  • Review of current process followed across the business units globally
  • Analysis of Customer provided certificate inventory
  • Identification of gaps and opportunities

PKI Strategy and Recommendations

PowerPoint presentation with strategy and recommendations, including:

  • Summary of observations from the certificate management assessment
  • Definition of future state including but not limited to requirements for certificate management
  • Recommendations for process and technology for certificate management
  • A strategy and high level transition plan from current to future state
Step 01

Project planning

  • Confirm stakeholders
  • Discuss kick-off meeting logistics and participants
  • Identify working space
  • Agree upon communication and status reporting protocols
  • Agree on read team testing scenario, scope and timing

Work Products

  • Confirmed stakeholder list
  • Work plan

Kick-off

  • Conduct kick-off meeting with key stakeholders
  • Coordinate and schedule interviews and/or workshops
  • Documentation request
  • Gain initial insights to Customer environment

Work Products

  • Kick-off meeting presentation
  • Interviewee list
Step 02

Risk and maturity assessment and

  • Review security policies, organization and governance
  • Conduct up to 5 interviews with executives, IT, InfoSec and business groups
  • Identify overall security program gaps and score security domains
  • Identify benchmark data
  • Develop key current state themes based on assessment
  • Conduct current state validation workshop

Work Products

  • Validated current state
  • Identification of security risks and gaps for each area
  • Top risk-ranked assets
Step 03

Recommendations and roadmap

  • Identify possible root causes and risks associated with gaps
  • Develop strategic, tactical and "quickwin" initiatives
  • In collaboration with stakeholders, prioritize initiatives in a roadmap
  • Review roadmap with customer

Work Products

  • Detailed report outlining gaps and roadmap of prioritized initiatives
Step 04

Executive summary and

  • Draft executive summary and report
  • Obtain management feedback
  • Finalize report

Work Products

  • Executive level business and technical summary report
  • Final customer Information Security

Case Study

Encryption Consulting assisted a Retail institution to implement a new PKI Infrastructure.

“Encryption Consulting developed a PKI Strategy for our organization which helped us remediate our current PKI environment in different areas such as PKI Operations, Certificate lifecycle management, and Design & Architecture .”

CISO, Financial Institution

Blog

Digital trends driving pki usage

Public key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates

Report

nCIPHERS Global PKI and IoT Trends

According to the findings, the rapid growth in the use of IoT devices1 is having an impact on the use of PKI technologies

Download Report
Know more

Other Public key infrastructure Services