How do you implement cryptography for top secret information exchange foreseeing a post quantum scenario soon and what types of algorithms do you use? What about network security, are VPN keys are more secure?

Security & GRC Data Privacy & Protection

4.7k views1 Upvote5 Comments

Sort by:

ceo in Softwarea year ago

VPNs have many known vulnerabilities, and TunnelVision pretty much rendered most (if not all) VPNs vulnerable. I'd use a Zero Trust architecture like a Software Defined Perimeter (SDP), especially one that is encrypted end-to-end at Layer 2. At NVIS AI, we do this, and we've also partnered recently with a company on the bleeding edge of cryptology, using a dynamic manifold projection system, ensuring that each cryptographic nonce public key is unique and non-reusable in replay attacks. Connect with me if you wish to learn more.

Director of Network Transformation2 years ago

Agree with a few of the comments made below. Move to a Zero Trust framework. VPNs, because they place the user/device directly on the network, are security challenges. Better to broker access with modern ZTNA solutions. You gain multiple factors to determine access policies and most critically, visibility.

Chief Information Security Officer in Healthcare and Biotech2 years ago

Zero trust architecture can be a good option

Mission Diplomatic Technology Officer in Government2 years ago

A burning platform, money, and a strong partnership of industry, academia, and government. And to the second questions Zero Trust appears to be the rising model to replace the traditional huge pipe VPN.

CISO in Software2 years ago

I think we need to be patient and wait for approved NIST algorithms and not rush ahead.

Content you might like

We are on the cusp of conducting a pilot of AI tooling - we intend to use Gemini & CoPilot, providing training, guidance & policy to our user group. Before we start we should conduct a risk assessment - my question is: can you recommend a tool or template?

How does your organization handle security team involvement in change requests submitted to CAB/RAB — specifically in relation to formal security review and approval?

Always required – Security must formally review and approve every change request.11%

Required for security-impacting changes – Security reviews only changes flagged as having potential security implications. Please comment : Who decides which changes require security review and which do not ? Is this determination manual or automated? How do you avoid gaps or oversights in this process ?82%

Not required – Security does not review changes submitted CAB/RAB by other teams. 7%

Risk-based or automated – Security involvement is determined by a tiered model or automated risk scoring within ITSM.

View Results

I am looking for insights on establishing an Architecture Review Board (ARB) within our organization. As we aim to enhance our architectural governance and ensure alignment with our strategic objectives, we recognize the importance of setting up an effective ARB. To this end, I would greatly appreciate your guidance on the following aspects: 1. Establishing a Charter: What key elements should be included in the ARB charter to clearly define its purpose, scope, and authority? 2. Member Selection: What criteria should we consider when selecting members for the ARB to ensure a diverse and knowledgeable board? 3. Review Process: Could you share best practices for structuring the review process to ensure thorough and consistent evaluations of architectural proposals? 4. Decision-Making: What are effective methods for making decisions within the ARB, and how can we ensure transparency and accountability? 5. Documentation and Communication: What templates or tools would you recommend for documenting reviews and communicating decisions to stakeholders? 6. Measuring Success: How can we establish criteria for measuring the success and impact of the ARB on our architectural practices? Your expertise and experience in this area would be invaluable to us as we embark on this initiative. Any additional insights or resources you could provide would be greatly appreciated.

Procurement of bitcoin in ransomware situation. What are folks doing to prepare for the need of a large purchase of bitcoin in the need to pay ransomware. Yes ideally we would take the "we'll never pay approach" however, I think it's important to be realistic and in certain circumstances you may need to cross that line.
Are you tied into a retainer of some sort with an exchange or Bitcoin holding firm?

In the next 6 months, which will your company do?

Invest more in eCommerce34%

Maintain the current investment in eCommerce60%

Invest less in eCommerce4%

View Results

How do you implement cryptography for top secret information exchange foreseeing a post quantum scenario soon and what types of algorithms do you use? What about network security, are VPN keys are more secure?

Sort by:

Content you might like

We are on the cusp of conducting a pilot of AI tooling - we intend to use Gemini & CoPilot, providing training, guidance & policy to our user group. Before we start we should conduct a risk assessment - my question is: can you recommend a tool or template?

How does your organization handle security team involvement in change requests submitted to CAB/RAB — specifically in relation to formal security review and approval?

In the next 6 months, which will your company do?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go