[ Pobierz całość w formacie PDF ]
.authority (CA).Overview OverviewCertificate Information Systems Auditor (CISA) is a Certificates are digitally signed statements issued bycertification issued by the Information Systems Audit CAs to entities requesting them.These certificates canand Control Association (ISACA).The certification then be used to perform secure electronic transactionstests understanding of knowledge and practice in sev such as e-commerce or online banking.In order to pre-eral areas, including disaster recovery and business con vent the abuse of such privileges, certificates that aretinuity, protection of information assets, business lost, stolen, or expired must be readily identifiable toprocess evaluation and risk management, and IS (infor the parties involved, and for these purposes CAs mainmation systems) audit processes.These areas form a tain and publish a CRL of previously issued certificatesfoundation for good security practices for planning, that are no longer valid.By consulting such a list priorimplementing, and evaluating secure information sys to completing a transaction, commercial parties are protems.CISA is a recognized certification that has been tected from liabilities arising from invalid certificates.around since 1978 and is held by more than 29,000 indiSee Also: certificate authority (CA), digital certificateviduals worldwide. For More Information%7Å„certificate serverVisit the ISACA Web site at www.isaca.org for moreA server that issues a certificate for a certificateinformation on CISA. authority (CA)See Also: Information Systems Audit and Control Asso Overviewciation (ISACA)Digital certificates are issued and managed by applications called certificate servers.These applications arecertificate request designed to automatically process certificate requests,A specially formatted message requesting a certificate issue certificates, maintain a central store or database offrom a certificate authority (CA).issued certificates, and publish a certificate revocation54certificate store Certified Information Systems Security Professional (CISSP)list (CRL) of expired, lost, or stolen certificates.Certif Overviewicate servers form the basis of the operation of Public Certificate trust lists (CTLs) can contain any informaCKey Infrastructure (PKI) systems upon which secure tion signed by a trusted entity, such as documents, listselectronic transactions such as online banking and of file names, or lists of hashes of certificates.By have-commerce depend.ing these items signed by a trusted entity, their authenticity and ownership is validated and ensured.ForMarketplaceexample, CAs themselves maintain CTLs in their certifMicrosoft Windows Server 2003 includes a Certificateicate stores to identify other CAs they themselves trust.Services component that can be used to set up a PKIsystem for enterprise or commercial use.Certificate Another example would be Web servers that authentiserver applications from other vendors include cate clients based on client certificates.Such serversNetscape Certificate Server, Sun ONE Certificate can maintain their own CTLs containing informationServer, Novell Certificate Server, PGP Certificate about which CAs are trusted by the server.If a clientServer, and many others.tries to authenticate using a certificate signed by anauthority not present in the server s CTL, the serverSee Also: certificate authority (CA), certificate revoca rejects the authentication attempt.tion list (CRL), certificate store, digital certificate, Pub lic Key Infrastructure (PKI) Web browsers also need to maintain their own CTLsthat specify which CAs they trust.This is necessarywhen the browser needs to verify the identity of a Webcertificate storeserver using the server s own certificate, for example, inA central database of certificates issued and maintainedsecure online banking.by a certificate authority (CA).See Also: certificate authority (CA), digital certificateOverviewWhen a CA issues a certificate to an entity, the authoritymust maintain a copy of the certificate for reference Certified Information Systemspurposes.These certificates are kept in a special data-Security Professional (CISSP)base called a certificate store, which typically containsA widely accepted certification for computer securitythree things:professionals.Ï% Certificates issued to entities requesting themOverviewCertified Information Systems Security ProfessionalÏ% Certificate revocation lists (CRLs) of expired, lost,(CISSP) is a certification issued by the Internationalor stolen certificatesInformation Systems Security Certification ConsorÏ% Certificate trust lists (CTLs) of trusted certificatetium, or (ISC)2.The certification has been widely recauthorities and other trusted itemsognized in the IT (information technology) communityfor more than a decade as a gold standard for securitySee Also: certificate authority (CA), certificate revo professionals.CISSP certification is difficult to achievecation list (CRL), certificate trust list (CTL), digitaland is held by thousands of practitioners in more thancertificate35 countries
[ Pobierz całość w formacie PDF ]