Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Implementing Email Security and Tokens: Current Standards, Tools, and Practices

It's your job to make email safe.

Where do you start?

In today's national and global enterprises where business is conducted across time zones and continents, the "e" in email could stand for "essential." Even more critical is rock-solid email security. If you're the person charged with implementing that email security strategy, this book is for you. Backed with case studies, it offers the nuts-and-bolts information you need to understand your options, select products that meet your needs, and lock down your company's electronic communication systems.

  • Review how email operates and where vulnerabilities lie
  • Learn the basics of cryptography and how to use it against invaders
  • Understand PKI (public key infrastructure), who should be trusted to perform specific tasks, how PKI architecture works, and how certificates function
  • Identify ways to protect your passwords, message headers, and commands, as well as the content of your email messages
  • Look at the different types of devices (or "tokens") that can be used to store and protect private keys

Biography

Sean Turner, a founding member of the International Electronic Communication Analysts (IECA), has helped develop numerous standards including S/MIME, X.400, X.500, and P772, the content type for the US DMS. He is co-chair of the IETF S/MIME WG.

Russ Housley founded Vigil Security and has worked in the computer and network security field since 1982. He is the IETF chair.

Table of Contents

Acknowledgments.

Part I Email and Security Background.

Chapter 1 Introduction.

Chapter 2 Understanding Email.

Chapter 3 Security Fundamentals.

Chapter 4 Cryptography Primer.

Part II PKI Basics.

Chapter 5 Understanding Public Key Infrastructure.

Part III Secure Email.

Chapter 6 Protecting Email Message Contents.

Chapter 7 Protecting Email Passwords, Headers, and Commands.

Part IV Tokens.

Chapter 8 Tokens and Hardware Security Modules.

Part V Case Studies.

Chapter 9 Signatures and Authentication for Everyone.

Chapter 10 Department of Defense Public Key Infrastructure, Medium Grade Service, and Common Access Card.

Chapter 11 National Institute of Standards and Technology Personal Identity Verification.

Part VI Expectations for the Future.

Chapter 12 Future Developments.

Appendix A ABNF Primer.

Appendix B ASN.1 Primer.

Appendix C MIME Primer.

Appendix D RFC Summaries.

References.

Index.

rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments