Comments on: What do you want to know about Cryptography in the Enterprise ? http://artofinfosec.com/43/what-do-you-want-to-know-about-cryptography-in-the-enterprise/ Random Insights on Protecting Data, Privacy, and Digital Infrastructure Fri, 21 Nov 2008 21:54:07 +0000 http://wordpress.org/?v=2.6.3 By: Magid http://artofinfosec.com/43/what-do-you-want-to-know-about-cryptography-in-the-enterprise/#comment-3 Magid Sat, 19 Jan 2008 05:43:14 +0000 http://artofinfosec.com/43/what-do-you-want-to-know-about-cryptography-in-the-enterprise/#comment-3 Hello Erik, I tried adding an answer on linkedin but it seemed closed out, so here is my comment instead: Having worked on making my organization meet PCI-DSS requirements for data encryption, I faced some challenges, one of which is the topic of key rotation. Encryption keys are as good as they're rotated. Allowing for key rotation, be that every 2 or 4 years even, would help keep cryptographic controls strong as well as auditors happy. How do achieve that, without disrupting normal operations, and at a reasonable cost is most certainly a challenge. I look forward to your next podcast ! Cheers, -Magid Magid Latif, CISSP Hello Erik,

I tried adding an answer on linkedin but it seemed closed out, so here is my comment instead:

Having worked on making my organization meet PCI-DSS requirements for data encryption, I faced some challenges, one of which is the topic of key rotation. Encryption keys are as good as they’re rotated. Allowing for key rotation, be that every 2 or 4 years even, would help keep cryptographic controls strong as well as auditors happy. How do achieve that, without disrupting normal operations, and at a reasonable cost is most certainly a challenge.

I look forward to your next podcast !

Cheers,
-Magid

Magid Latif, CISSP

]]>