9 PKI Governance, Risk, and Compliance
Governance, risk, and compliance (GRC) are three areas of information security used across many industries and organizations. GRC is often considered a discipline to synchronize security policies and practices across an organization’s lines of business (LOBs). In this chapter, we look at GRC components as they relate to public key infrastructure (PKI), including organizational structures, audits, and risks.
9.1 PKI GOVERNANCE
Throughout the book, we have discussed various standards organizations such as the American National Standards Institute (ANSI) and the International Organization for Standardization (ISO), accreditation bodies such as the National Institute of Standards ...
Get Security Without Obscurity, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
