VeriSign Certification Practice Statement (CPS) Class Certificates
You are the security manager for a mid-sized company (3,000 to 5,000 employees). Your company has determined that confidentiality (or privacy) and data integrity are the security services you must provide to your workforce. 10% of the workforce handles company sensitive information, which requires additional security protection. The remainder of the workforce must also protect their data, but not to the same level of protection or assurance.
Your assignment is to review the Verisign CPS and recommend the type of certificate(s) (e.g., Class 1) needed for your workforce. Provide a rationale with your recommendation. As the security manager, you also need to ensure cost is kept to a minimum to meet the company's security requirements. Even though the CPS does not include cost information, you can find cost data on the Internet.
Additionally, you need to identify the security challenges of implementing a solution, as well as the security features provided by this solution.
You also need to identify the security features described in the CPS that support the security requirements for this company.
Hint: Use the Verisign CPS and select the technical capabilities and security services desired for a specific environment (e.g., financial institution, health care, etc.). Also identify the planning considerations using the CPS and your class notes. You do not need to include detailed cost information, estimates.
Note: Symantec purchased Verisign. Check their website for cost information.
VeriSign Certification Practice Statement (CPS) Class Certificates
Student’s Name
Institutional Affiliation
VeriSign Certification Practice Statement (CPS) Class Certificates
As a security manager of a mid-sized firm with between 3,000 and 5,000 employees, it is appropriate to ensure that only authorized personnel can access the right data. In particular, confidentiality should be a priority for the firm. Due to the rapid advancement of technology, the rate of cybercrime is increasing, and only those companies that have the right security protocol might survive when faced with data insecurity issues. In the scenario at hand, about 10% of employees deal with sensitive information, which can be detrimental to both the organization and stakeholders if it gets into the hands of hackers. For this reason, the VeriSign Certification Practice Statement (CPS) offers a sustainable solution to the problem of data insecurity. Besides, the unavailability of legal Internet infrastructure is the most significant barrier to secure electronic transactions. The VeriSign CPS model set relevant standards that enhance a safe environment for e-commerce. Among the three CPS class certificates, namely class 3, 2, and 1, the former will be the most appropriate for the firm.
VeriSign CPS provides three classes of certificates, which include class 1, 2, and 3. Class 1 certificate does not have identity authentication or email address validation, and that is the reason why it is inappropriate for the company. Specifically, DigiCert sends an email to the address included during the registration of a certificate containing a randomly generated password or personal identification number (PIN). The subscriber or owner of the email uses the information provided to access the VeriSign portal and download and install class one certificate (VeriSign Inc., 2009). A class 2 certificate authenticate subscribers’ identities manually. The enterprise administrator requests the certificate, which is passed to the subscriber after proper verification. As such, the individual compares the subscriber’s data with the details recorded in business records. If the details match, a class 2 certificate is issued. For an individual to get a class 3 certificate authentication, one must give the right physical address. The applicant’s details are compared against the data recorded by the government-issued photographic identification, such as the driver’s license, identity card, or passport (VeriSign Inc., 2009). Moreover, the organization where the applicant works must authorize the identity of the person. DigiCert might as well authenticate the application through background checks, particularly in connection with one’s employment history. Additionally, it also verifies whether a subscriber is the owner of the base domain. The following table shows the usage and assurance levels of the three CPS class certificates.
Table 1: The Usage and Assurance Levels of Class 1, 2, and 3 Certificates.
Based on table 1, the three CPS class certificates have different assurance levels. Class 1 has the lowest, while a class 3 certificate has the highest security assurance. When it comes to usage, all class certificates emphasize safety in...
π Other Visitors are Viewing These APA Case Study Samples:
- ITM535 MOD1 Case Overview Of Business Intelligence4 pages/β1100 words | 4 Sources | APA | IT & Computer Science | Case Study |
- ITM535 MOD1 SLP 1: Business Intelligence Software3 pages/β825 words | 4 Sources | APA | IT & Computer Science | Case Study |
- Cloud Solutions: Google and Amazon Web Services1 page/β275 words | 2 Sources | APA | IT & Computer Science | Case Study |
- Case Study 2 (Security Controls) Security Management. (AHIMA)3 pages/β825 words | 4 Sources | APA | IT & Computer Science | Case Study |
- ITM535 MOD2 Case: Top Ten Practices for Data Integration5 pages/β1375 words | 4 Sources | APA | IT & Computer Science | Case Study |
- Report to the COO. Challenges in the Current System4 pages/β1100 words | 4 Sources | APA | IT & Computer Science | Case Study |
- Equifax Cybersecurity Incident5 pages/β1375 words | No Sources | APA | IT & Computer Science | Case Study |