EMC's Interpretation - “At most companies today, security projects are being driven by compliance and audit, so what a surprise that they don’t have alignment with the business! Security practitioners are not working on business problems; they are working on regulatory issues.”Now I’m not going to suggest that all regulation is unjustified and that businesses can’t profit from the level playing field that regulation can create.
While effective attacks against 1024-bit RSA keys appear unlikely to emerge in the near term, the community has for some years suggested the prudence of a movement away from 1024-bit key lengths by the end of 2010. The U.S. National Institute of Standards (NIST) recommends in its special publication 800-57, "Recommendation for Key Management--Part I: General http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf " (p. 66), that 1024-bit RSA be used to confer data protection only through 2010. Similarly, in May 2003, RSA Labs published key-size recommendations deprecating the use of 1024-bit RSA keys for protection of data with a lifetime beyond 2010. The general consensus is that 1024-bit RSA keys are roughly equivalent in strength to 80-bit symmetric keys, and that advances in computing power and incremental algorithmic advances could bring such keys within the reach of intensive computational attack in the next decade. It is worth noting, however, that many view the NIST date of 2010 as a conservative "best by" date, selected in part in anticipation of delayed industry adherence to NIST guidelines.
However, any regulation can be interpreted to the extreme and when it comes to security, materiality and RISK are NOT often given their proper weighting.
Finally vendors must build and implement “Thinking Security” systems collaborating with practitioners and each other.The rise of thinking security will mean that information-centric security is a reality, a reality that will catapult security to a new plane where it is widely seen as an accelerator of innovation.
No comments:
Post a Comment