Name: EC-Conference2024: FIPS 140-2 and 140-3 Explained with Critical Insights for Cryptographic Security and Compliance
Start: 2024-11-08T19:00:00Z
End: 2024-11-08T19:01:03.000Z
Location: BrightTALK
Rating: 4.5

We are the world's leading provider of applied cryptography.
Over 100 Fortune 500 corporations have sought our help in protecting their most sensitive data and solving the most complex problems. Through our products and professional services, you can strengthen your ability to protect cryptographic keys, digital certificates, software code signing, Certificate Lifecycle management, and more. We are committed to staying up-to-date with the latest technology trends, compliances, and best practices in data security, and we leverage this expertise to help our clients achieve their security goals.

The NIS 2 Directive is set to reshape cybersecurity requirements across the EU, impacting a wide range of organizations. In this video, we break down what NIS 2 is, who it applies to, and the key compliance measures you need to know. From stricter incident reporting to enhanced supply chain security, we’ll cover the most critical aspects of the directive and what steps businesses should take to prepare. Stay ahead of compliance challenges and strengthen your security posture with this essential overview.

Navigating the NIS 2 Directive: Key Insights and Implications

Understanding cryptographic requirements is crucial for achieving PCI-DSS v4.0.1 compliance. In this video, we break down the key cryptographic controls required for securing payment data, including encryption standards, key management best practices, and compliance challenges. Learn how to align your cryptographic strategy with PCI requirements and avoid common pitfalls in protecting cardholder data.

Mapping Cryptographic Requirements in  PCI- DSS v4.0.1 Compliance

In today’s software ecosystem, securing the integrity and authenticity of your code is paramount, especially for macOS applications. This webinar will look into the critical importance of Apple Signing for all your Mac OS software, tools, updates, utilities, and applications. We will explore how Apple’s stringent requirements for code signing not only protect end users from malicious software but also ensure compliance with industry standards.
 
Join Riley Dickens, our Senior Consultant, as he discusses:
- The significance of Apple Signing in building trust with users and app stores
- How signing can prevent malware injection and unauthorized code modifications
- The essential role of Apple Signing in securing software distribution and mitigating supply chain attacks
- Best practices for managing certificates and keys securely, especially using HSMs
- How to integrate Apple Signing into your DevOps workflows for seamless and automated code-signing
- By the end of the session, you’ll gain valuable insights into how Apple Signing elevates security and helps you maintain compliance, all while ensuring a smooth and efficient signing process for your software development lifecycle.

Protecting Your macOS Applications with Apple Signing CSP of Encryption Consulting

Welcome to our tutorial on signing an APPX file using Codesign Secure. In this video, we’ll walk you through the process of securely signing your application and preparing the manifest for signing with a certificate.

What You'll Learn:

1. Introduction to Codesign Secure: Understanding the benefits of using Codesign Secure for code signing.
2. Preparing the APPX File: Step-by-step instructions for setting up your APPX file.
3. Altering the Manifest: How to modify and prepare the manifest file for certificate signing.
4. Signing Process: Demonstration of signing the APPX file using Codesign Secure.

5. Verification: Ensuring your APPX file is correctly signed and verified.

How to Sign an APPX File with Codesign Secure

Welcome to our in-depth tutorial on setting up your CodeSign Secure system! In this video, we'll walk you through the essential steps to configure Role Based Access Controls (RBAC), set up email notifications, manage signing projects, and fine-tune user permissions to ensure a seamless and secure code signing experience.

What You'll Learn:

Role Based Access Controls (RBAC): Understand how to create and assign roles to users, ensuring that each team member has the right level of access.
Email Setup: Learn how to configure email notifications to keep your team informed about key activities and updates.
Signing Project Setup: Step-by-step guide to creating and managing signing projects for streamlined operations.
User Permissions: Customize user permissions to align with your organization's security policies and workflow requirements.

CodeSign Secure: Comprehensive System Setup Tutorial

This video provides a clear overview of FIPS compliance, including its significance and the key requirements for FIPS 140-2 and FIPS 140-3. We will break down the different security levels, approved cryptographic methods, and the distinction between FIPS validation and compliance. You’ll also learn how Encryption Consulting can support organizations in achieving FIPS compliance efficiently. For a more comprehensive discussion, check out the detailed video linked in the description.

Introduction to FIPS Compliance

Welcome to our latest video on CodeSign Secure, where we explore the Reporting and Logs features of our code signing product.
Reporting:Our robust reporting capabilities provide comprehensive audit trails, capturing every code signing event. You'll see how our reports detail who signed the code, when it was signed, and the status and results of each signing process. This feature ensures you can monitor and analyze your code signing activities for compliance and security.
Logs:Discover the power of real-time logging in CodeSign Secure. Our logs give you full visibility into every event, tracking the source and destination of signed code, helping you quickly identify and resolve issues. With detailed logs, you can maintain a secure and transparent signing environment, ensuring the integrity of your operations.

Reports and Logs in CodeSign Secure

Our session provides actionable insights into successfully navigating and implementing the Digital Operational Resilience Act (DORA). We’ll explore how DORA integrates compliance and resilience to secure ICT operations, its foundational structure, and the industries it impacts. Key topics include cryptography’s role in DORA, its alignment with ISO 27001 and NIST standards, and practical strategies to overcome implementation challenges. The session is ideal for organizations aiming to enhance security and meet regulatory requirements.

Dora Compliance

In this video, we'll introduce you to Quantum Key Distribution (QKD), a revolutionary method for ensuring secure communication channels. QKD utilizes the principles of quantum mechanics to exchange cryptographic keys securely, offering unprecedented protection against eavesdropping and interception.

Join us as we explore how QKD works, its reliance on quantum entanglement and the Heisenberg Uncertainty Principle, and its real-world applications across government, finance, and critical infrastructure.

Quantum Key Distribution (QKD) Explained: Secure Communication Redefined

In this video, we dive deep into the functionalities of the Application Management page, showing you how to create and manage your applications efficiently within CodeSign Secure. Whether you're a seasoned developer or new to code signing, this guide will help you navigate and utilize the Application Management tab to its fullest potential.

Application Management in CodeSign Secure | CodeSign Secure Tutorial

In this video, we explore the key concepts of Quantum Security and its role in securing communication against quantum threats.

With the advancements of quantum computing, traditional encryption methods face rising threats. Quantum computers have the potential to break current encryption algorithms, jeopardizing the privacy and security of sensitive information transmitted over the internet.

Quantum security offers a promising solution to the increasingly sophisticated threats. By harnessing the principles of quantum mechanics, researchers have developed innovative cryptographic techniques impervious to attacks from quantum computers.

Our video decrypts the mysteries of quantum key distribution (QKD), quantum-resistant encryption, and other quantum security protocols. Learn how these advancements reshape data protection strategies, ensuring secure digital communication.

Quantum Security to Protect Your Organizations' Communication in the Quantum Age

In this video, we explore the groundbreaking concept of Quantum Key Distribution (QKD) and how it's revolutionizing the way we secure our data.

In an age where cyber threats loom large, traditional encryption methods can sometimes fall short in protecting sensitive information. But fear not, because quantum physics is here to save the day!

Join us on a journey into the quantum realm as we uncover the inner workings of QKD. Discover how the principles of quantum mechanics, such as superposition and entanglement, are harnessed to create an unbreakable encryption key.

We'll break down the complex process into simple, digestible chunks, so whether you're a quantum enthusiast or a newcomer to the field, you'll come away with a solid understanding of how QKD works.

From generating quantum bits (qubits) to detecting eavesdropping attempts, we'll cover it all. By the end of this video, you'll see why QKD is poised to become the gold standard in secure communication.

So, if you're ready to unlock the secrets of quantum encryption, hit that play button and let's dive in! Don't forget to like, share, and subscribe for more mind-bending content on the cutting edge of technology. Quantum computing, quantum cryptography, and more await you on our channel. Stay tuned and stay curious!

Unlocking the Secrets: How Quantum Key Distribution Safeguards Your Data | Encryption Consulting

Welcome to our video on Post Quantum Cryptography (PQC) and the essential role of NIST in its standardization.
What You'll Learn:
What is PQC? Discover the importance of PQC in protecting against future quantum computing threats.
NIST's Role: Learn about NIST's mission and its crucial work in developing cryptographic standards.
Standardization Process: An overview of NIST's multi-phase process to evaluate and select PQC algorithms.
Selection Criteria: Key factors NIST uses to assess PQC algorithms, including security, performance, and implementation complexity.
Why It Matters:
As quantum computing evolves, current cryptographic systems are at risk. NIST's work in PQC is vital for ensuring secure digital communications in the future.

Understanding Post Quantum Cryptography and NIST's Role | Encryption Consulting

Unlock the power of CodeSign Secure with our concise guide! In this video, we delve into the key functionalities of CodeSign Secure, focusing on:

1: Creating Keys and Certificates: Step-by-step instructions for generating secure keys and certificates.

2: Managing Keys and Certificates: Best practices for organizing, storing, and renewing your keys and certificates.

3: Optimizing Your Experience: Tips to maximize your efficiency and leverage CodeSign Secure’s features.
Perfect for developers and IT professionals, this video ensures you have the knowledge to use CodeSign Secure confidently.

Understanding CodeSign Secure: Keys and Certificates Management

In this session, discover how automating encryption can simplify security management for application and SaaS providers. We’ll explore the technical challenges and solutions for seamlessly integrating encryption into your workflows, ensuring data protection at every stage. Learn best practices for automating key management, encryption processes, and compliance monitoring to secure sensitive data without disrupting operations. Real-world use cases will highlight successful implementations of automated encryption that reduced complexity and enhanced security for leading SaaS providers.

EC-Conference2024: Automating Encryption, A Guide for Application and SaaS Providers

The migration of existing use cases to PQC is challenging the whole industry. There are general recommendations from industry committees and governmental institutions.  For example, the CNSA 2.0 constitutes concrete requirements for dedicated use cases starting in 2025.  The preferred PQC algorithms for long-term use cases like firmware signing are the so-called “stateful hash-based signatures.  These algorithms, i.e. LMS/HSS and XMSS/XMSS-MT, were standardized by NIST in 2020.  Utimaco will present  “OTS-preserving framework” for secure deployment and operating of these algorithms in Hardware Security Modules (HSM) in distributed systems and offline scenarios. Utimaco will outline the design criteria of this framework in real-world distributed environments, describe the proposed OTS-preserving framework, its implementation status, and its discussion within the PQC community, including with NIST, and conclude by presenting a customer implementation.  This will highlight the state handling challenge and how an ideal solution should look like to allow a smooth transition into the PQC era.

EC-Conference2024: Overcoming PQC Migration Challenges with Stateful Hash-Based Signatures and Secure Deployment in HSMs

Let’s explore the critical importance of software change management controls in mitigating risks. Beginning with a high-level overview of AI's capabilities, we'll transition into a crucial discussion on why blind reliance on software can lead to vulnerabilities and how software should be built. Through real-world examples, we'll underscore the profound impact of inappropriate software changes, emphasizing the need for robust testing and oversight protocols to safeguard against risk.

Key Takeaways: 

- Understand the fundamentals of AI and its widespread adoption in various industries.

- Recognize the risks associated with unquestioning reliance on software outputs, including potential fraud and errors. 

- Learn about the significance of software change management controls and testing in high volume software development organizations. 
 
- Appreciate the real-world implications of inappropriate software changes through breaches and exploits. 

- Acquire strategies for implementing effective software change management practices to protect against AI and ensure operational integrity.

When Code Breaks: Exploring Billion Dollar Outages

It's time for organizations to transition from FIPS 140-2 to 140-3. The new FIPS 140-3 compliance comes with new security requirements, and every security requirement requires multiple measures that have to be taken into consideration for an effective transition. This session provides a detailed overview of the FIPS 140-2 and FIPS 140-3 frameworks, focusing on security requirements, levels, and key changes. Learn how to navigate the implementation process, understand critical terminologies, and prepare for FIPS 140-3 compliance.
 
Key Takeaways:
- Overview of FIPS 140-2 and FIPS 140-3 standards
- Key differences and changes introduced in FIPS 140-3
- Understanding security levels and scope of requirements
- Steps for transitioning from FIPS 140-2 to FIPS 140-3
- Practical insights for ensuring cryptographic compliance and security

EC-Conference2024: FIPS 140-2 and 140-3 Explained with Critical Insights for Cryptographic Security and Compliance

FIPS

FIPS 140-2

FIPS 140-3

FIPS Compliance

Regulatory Compliance

Compliance

Cybersecurity

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

EC-Conference2024: FIPS 140-2 and 140-3 Explained with Critical Insights for Cryptographic Security and Compliance

Presented by

About this talk

More from this channel