cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
benjaminb
Newcomer I

Cryptography, need to go down the rabbit hole, suggestions ?

My dear fellow colleagues,

 

After having passed CISSP last year I would like to get more knowledge on cryptography. Practical stuff like lifecycle, key management, crypto-period, best type of algo for specific usage, cloud & in-house HSM for keygen and signing etc...

 

The intro in CISSP was great but I want more hands on, use-case knowledge etc... Any books or online courses that you could recommend me ? Fyi, I'm less interested in the mathematical side of things. 

Thank you for your advice

13 Replies
benjaminb
Newcomer I

@rslade , thank you. Am definitely going to go through these book reviews of yours . Bit of a treasure trove !
rslade
Influencer II

> benjaminb (Newcomer I) mentioned you in a post! Join the conversation below:

> @rslade , thank you. Am definitely going to go through these book reviews of
> yours . Bit of a treasure trove !

Quite welcome ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Every gun that is made, every warship launched, every rocket
fired, signifies in the final sense a theft from those who hunger
and are not fed, those who are cold and are not clothed.
- President Dwight Eisenhower
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Markonweb
Newcomer II

Some great resources listed in this thread. I would add NIST's guidance on:

key management (SP 800-57 parts 1, 2 and 3 as well as SP 800-131A) https://csrc.nist.gov/projects/key-management/key-management-guidelines

 and key establishment https://csrc.nist.gov/Projects/Key-Management/Key-Establishment

 

The Cloud Security Alliance is accepting contributions to their draft Cloud Key Management charter up until the end of next month. https://cloudsecurityalliance.org/group/cloud-key-management/#_overview If you have time, you may want to get involved in that working group. I learned a great deal from my involvement in the NIST Cloud Computing Security working group and the NIST Cloud Forensic Science working group.

 


Best, Mark
CISSP-ISSAP ISSEP ISSMP CAP CCSP CSSLP HCISPP SSCP CCISO CISM CRISC CISA FITSP-M FITSP-A FIP CIPP/G CIPP/US CIPM CIPT SCF CCSK ITIL-F Cloud+ Security+ AWS-SAA
Early_Adopter
Community Champion

More stuffs here:

 

http://download.pgp.com/pdfs/Intro_to_Crypto_040600_F.PDF chapter two is a a bit of a product pitch, but even though it’s long in the tooth it’s a nice primer. Written by some interesting folks it’s a nice read in of itself.

 

https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip Didn’t see this added by previous posters, and it’s in the rabbit hole, so I’ll put it in. A lot of conference material was put online as well, and is pretty searchable.