Security without Obscurity: Frequently Asked Questions (FAQ) complements Jeff Stapleton’s three other Security without Obscurity books to provide clear information and answers to the most commonly asked questions about information security (IS) solutions that use or rely on cryptography and key management methods. There are good and bad cryptography, bad ways of using good cryptography, and both good and bad key management methods. Consequently, information security solutions often have common but somewhat unique issues. These common and unique issues are expressed as an FAQ organized by related topic areas.

The FAQ in this book can be used as a reference guide to help address such issues. Cybersecurity is based on information technology (IT) that is managed using IS controls, but there is information, misinformation, and disinformation. Information reflects things that are accurate about security standards, models, protocols, algorithms, and products. Misinformation includes misnomers, misunderstandings, and lack of knowledge. Disinformation can occur when marketing claims either misuse or abuse terminology, alluding to things that are inaccurate or subjective. This FAQ provides information and distills misinformation and disinformation about cybersecurity.

This book will be useful to security professionals, technology professionals, assessors, auditors, managers, and hopefully even senior management who want a quick, straightforward answer to their questions. It will serve as a quick reference to always have ready on an office shelf. As any good security professional knows, no one can know everything.

Jeff Stapleton has 30 plus years’ experience in the financial services industry with 25 years as a security professional involved in developing ANSI and ISO security standards including payments, cryptography, key management, public key infrastructures (PKI) and biometrics. He has also been the X9F4 Cybersecurity and Cryptographic Solutions workgroup chair for over 20 years.
Jeff earned his bachelor’s and master’s degrees in Computer Science from the Universities of Missouri in St. Louis (UMSL) and Rolla (UMR) and has taught Information Security at Washington University in St. Louis (WUSTL) and the University of Texas in San Antonio (UTSA). He has conducted security assessments of payment networks, financial institutions, and assisted in developing secure payment systems. He has authored dozens of ISSA Journal articles, IEEE papers, and chapters in various books, including his own 3 book series Security without Obscurity, which is available from CRC Press.