Chapter 9

PKI Governance, Risk, and Compliance

Governance, risk, and compliance (GRC) are three areas of information security used across many industries and organizations. GRC is often considered a discipline to synchronize security policies and practices across an organization’s lines of business (LOBs). In this chapter, we look at GRC components as they relate to public key infrastructure including organizational structures, audits, and risks.

9.1 PKI Governance

Throughout the book, we have discussed various standards organization such as American National Standards Institute (ANSI) and International Organization for Standardization (ISO), accreditation bodies such as the National Institute of Standards and Technology (NIST) for algorithms ...

Get Security without Obscurity now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security without Obscurity by Jeff Stapleton, W. Clay Epstein

PKI Governance, Risk, and Compliance

9.1 PKI Governance

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly