I am working on a presentation entitled “Lessons Learned Deploying and Managing Enterprise Cryptosystems“. I will be presenting this at Information Security World 2008. In the 45 minutes I have for the presentation, it is my goal to touch on several key lessons learned in my work with cryptographic controls over the past several years. Cryptosystems is a broad topic, and can include not only techniques (encryption, digital signatures, timestamps), but also key management and implementation issues. There is a lot of material that I have available to draw from, and I want to make sure that the presentation includes the most valuable and relevant points that it can. After giving a presentation, there is almost nothing more disappointing than reviewing the feedback forms only to find out what people really wanted to know. This is especially disappointing if it is material you could have easily included…
I would love to know what kinds of questions you have and would like to see addressed.
In addition to your question, please provide a little context, such as:
– What are the drivers for your use of cryptographic controls (data protection, compliance, etc.)?
– Will your deployment be externally audited?
Cheers,
Erik
artofinfosec 