zitat
Disaster Recovery Plan
[The] disaster recovery plan should include everything required to get your PKI environment back up and operational, including (1) how and where backup files are stored, (2) how backups can be retrieved, (3) what hardware is needed to access them, (4) where to get the hardware if if the primary systems are destroyed, and (5) where your operating system software and application software is stored and how to reinstall all of the pieces.
Zitat des Tages
What both disaster recovery and business continuity have in common is the need for testing and verification that the testing actually accomplishes the goals of DR or BC. A regular test plan must be performed and evaluated for both DR and BC. Without regular testing, you will never know that the data you thought were backed up can actually be restored or that your failover data center will come online when a disaster strikes. If you do not test your DR and BC plans, your PKI organization will fail when it is needed most. Backups can and do fail occasionally. If you do not test restoring your backups, you will never know if the data will be available in a crisis situation.
Jeff Stapleton & W. Clay Epstein; Security without Obscurity: A Guide to PKI Operations
Zitat des Tages
Immer wieder gibt es auch in Gärten Höhenunterschiede, die man geschickt ausgleichen oder überwinden muss. Eine Treppe ist dabei eine gängige Möglichkeit.
Zitat des Tages
Backups can and do fail occasionally.
Jeff Stapleton, W. Clay Epstein; Security without Obscurity: A Guide to PKI Operations
Zitat des Tages
Über mögliche Kennzahlen einer PKI:
PKI information includes the number of certificate requests, the number of certificates issued, the number of revocation requests, the number of certificates revoked, service-level statistics, and the relative numbers based on certificate types. Other pertinent information might be certificate misuse or other agreement violations.
Zitat des Tages
Failure to properly manage your SSL certificates will have an additional consequence to your customer support organization. If customers visit an Internet website and see a security warning because of an expired SSL certificate, they may have concerns about whether their private data are at risk. Either they will abandon the site or they may pick up the phone and call your customer support linke to ask about what caused the situation.
Zitat des Tages
Having more than one commercial CA provider can be a good decision to avoid vendor lock-in and provide a readily available alternative source of SSL certificates in the event a commercial CA is compromised.
Zitat des Tages
If your SSL certificates on your Internet-facing e-commerce site expire, you will lose your customers‘ trust resulting in a loss of buiness.
Zitat des Tages
An expired SSL certificate in your network can have very real negative consequences, as it takes just one expired SSL certificate to put your business at risk.
Zitat des Tages
For example, you may need an external commercially issued extended validation certificate for your e-commerce site at RSA248 with SHA256 where your internal server may be perfectly happy with an internally issued standard SSL certificate at RSA248 with SHA1 (for at least a little while longer).