©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments: An insider’s.

Slides:



Advertisements
Similar presentations
Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Advertisements

G L O B A L S E R V I C E / I N D U S T R Y A U D I T / T A X / A D V I S O R Y / L I N E O F B U S I N E S S SAS 112 Presentation California State University.
© 2007 PROSKAUER ROSE LLP® SARBANES-OXLEY ACT OF 2002 Presented by: Julie M. Allen
Views on TRAC and the UWE workload model 12 th December 2013.
Program Managers Forum
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
Trending Topics in Contract Auditing Presenters: Allen Devine, Senior Manager Dan Smith, Manager Government Contracts.
0 © 2009 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms.
Internal Audit Awareness
March 6, 2012 SOC Reporting: What is New in the Audit Guides?
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
R E G I O N A L A U D I T T R A I N I N G A U D I T ISA changes 2010.
Public Private Partnerships: What’s in it for my Government? 14 July 2011 Malcolm Butterfield.
1 When the Auditor Comes Knocking … What to Prepare and What to Expect from your CA auditor.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Advantages of IT Security Prof. Uldis Sukovskis, CISA Riga Information Technology Institute Secure information exchange in Electronic media Baltic IT&T.
The U.S. Federal PKI and the Federal Bridge Certification Authority
Information Risk Management in the Audit Chapter 9 Presented by Dee Dee Owens, Senior Manager KPMG LLP KPMG LLP.
The Audit Process Chapter 9 Presented by Jessica C Smith, Manager KPMG LLP KPMG LLP.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Single Audit (A-133) Chapter 9 Presented by Elisa Stilwell, Senior Manager KPMG LLP KPMG LLP.
SAS No. 70 BADM 559 Jong Choi. Overview of SAS 70 Definition ▫SAS 70 helps service auditors to assess operational and technical controls of a service.
The Federal Bridge Certification Authority – Description and Current Status Peter Alterman, Ph.D. Senior Advisor to the Chair, Federal PKI Steering Committee.
©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments “Another.
EDUCAUSE PKI Working Group Where Are We and Where are We Going.
PUBLIC SECTOR Internal Controls Over Financial Reporting (ICOFR) Management’s Assertions Central PA Chapter of the AGA February 9, 2011 ADVISORY.
Service Organization Control (SOC) Reporting Options and Information
Audit Matters. Three matters to consider:  Annual Management Letter.  External Auditor Performance and Fees.  Change of Audit Firm for 2012/13 audit.
Best Practices Working Group June 19-21, 2001 Munich, Germany.
IT Internal Audit Survey Overview of survey findings May 2009 IT ADVISORY ADVISORY.
OMB Circular A-123 Lessons Learned OMB Circular A-123 Lessons Learned FEDERAL ADVISORY Sean Hoffman Partner KPMG LLP.
Bridgend County Borough Council Financial statements audit 2005/6 – Presentation to Audit Committee 26 October 2006 Public Sector AUDIT Gilbert Lloyd Ian.
AUDIT FEI Career Management Group Qualifications for a Successful CFO/Controller in Today's Market December 3, 2009.
WebTrust SM/TM Principles and Criteria for Certification Authorities CA Trust Jeff
Natives of Kodiak, Inc. September 20,2014 Beth Stuart kpmg.com.
Five Easy Steps to Successful CC Evaluations Wesley H. Higaki International Common Criteria Conference September 2008.
KPMG’s 2012 National Faculty Symposium Building Partnerships with Academia June 26–27, 2012 | New York, NY.
Factors Associated with IT Audits by the Internal Audit Function Discussant Comments October 2, 2009 INFORMATION RISK MANAGEMENT ADVISORY.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
Tax Audit Documentation A Practical Approach CA Sarang Gudhate 19 th Sep, 2015.
Adaptive Processes Consulting Pvt. Ltd. An ISO 9001:2000 Certified Company This document is the property of and proprietary to.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
I-CIDM Bridge to Bridge Working Group (BBWG) Purpose and Activities Fed-Ed Meeting The Fairmont Hotel Washington, DC December 14, 2004 Debb Blanchard Enspier.
Auditing Standards Update 2006 VAGFOA Conference Rob Churchman, CPA June 5, 2006.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Annette Rosta Associate Director Recruiting Diversity & Compliance KPMG Career Center Navigating Career Web Sites February 2012 Annette Rosta Associate.
HEBCA – The Operating Authority July 2005 Dartmouth PKI Summit.
© 2005 KPMG LLP, the Canadian member firm of KPMG International, a Swiss cooperative. All rights reserved. Family Business Succession Managing the All.
KPMG’s 2012 National Faculty Symposium Building Partnerships with Academia June 26–27, 2012 | New York, NY.
Who is the typical fraudster? Michael Peer Partner 16 June 2011.
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Federal PKI Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
Service Organization Control Reports What Have We Learned? Chris Bruhn DIRECTOR, IT RISK SERVICES, BKD, LLP SAS 70 ENDS EXIT TO SSAE 16.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
©2014 CliftonLarsonAllen LLP CLAconnect.com See CLA PowerPoint User Guide for instructions to insert an image or change the icon on the business card.
Tax Litigation in Russia – Current Court Practice LITIGATION SERVICES 10 March 2011.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Team 1 – Incident Response
Test Audit – DIN Sabine Schrimpf Deutsche Nationalbibliothek
Capabilities Matrix Access and Authentication
Views on TRAC and the UWE workload model
David L. Wasley Spring 2006 I2MM
Inter-institutional Trust Fabric Overview and Synergies
Rethinking classroom design
Progress Report GUID on Information Systems Audit
Presentation transcript:

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments: An insider’s view Nathan Faut, Senior Associate KPMG

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Agenda Background PKI “Audit” Activities PKI and other “Audit” Activities Short-term look into what’s ahead Q&A

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Background CISA, December 2005 Completed Web Trust engagements for DEA, USPS Previously helped establish HEPKI PA Previously worked with Cybertrust, a PKI vendor

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI “Audit” Activities Audit vs. attestation ABA PKI Assessment Guidelines CA Control Objectives CA Audit criteria –AICPA/CICA Web Trust for CA –FBCA Compliance Assessments “The trust is in the auditor’s opinion” – Judy Spencer

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Other “Audit” Criteria and Controls Certification & Accreditation (C&A) per OMB A-130, NIST , , et.al. Federal Information Security Management Act (FISMA) Financial Audits

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 CA “Audit” Expectations Have all CA documents in final form and ready (tip: do a pre-audit CP-to-CPS map) Plan to reproduce 6 to 12 months of data including physical access logs, server logs, incident logs and reports, etc. Decide what documents or parts of documents to make public Expect to educate and be educated

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 What’s Next? HSPD 12 credentials Bridge-to-Bridge Cross Certifications, e.g. FBCA-Certipath Federation Compliance Registration Compliance Commoditization

©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 Q&A Thank You Nathan Faut

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.