Your SlideShare is downloading. ×
  • Like
  • Save
WebTrust for Certification Authorities
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

WebTrust for Certification Authorities

  • 1,268 views
Published

This slidecast will provide an overview of the WebTrust for Certification Authorities (CA) program, along with an understanding of the significance of the audit of certification authorities, relevant …

This slidecast will provide an overview of the WebTrust for Certification Authorities (CA) program, along with an understanding of the significance of the audit of certification authorities, relevant standards applicable to the audit, audit framework and the audit process. In addition, it will address some current issues that have been faced by certification authorities and actions taken to minimize the risk of the WebTrust for CA audit.

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • queue*
    Are you sure you want to
    Your message goes here
  • *cue epic music!*
    Are you sure you want to
    Your message goes here
  • yaaay!
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads

Views

Total Views
1,268
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
3
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. WebTrust for Certification Authorities (CAs)
    Prepared by: FarhinZaman
  • 2. Introduction
    Public Key Infrastructure (PKI)
    WebTrust Program for Certification Authority
    Significance of Audit
    Relevant Audit Standards
    WebTrust for CAs Framework
    Audit Process
    Future of WebTrust for Cas
    Conclusion
    Overview
  • 3. Increased number of users over the internet.
    Digital certificate: an electronic document containing information about an individual and his or her public key
    Certification Authority (CA): an entity which initially authenticates the public key subscriber and issues the certificate for use by the relying parties.
    Introduction
  • 4. Public Key Infrastructure (PKI)
  • 5. WebTrust Program for Certification Authority
    Ensures that CAs are properly following their Certification Practice Statement, properly verifying organizations, and properly protecting its certificate keys.
    Increases customer confidence over the internet as a place for e-commerce, while increasing customer confidence in the application of the PKI technology.
    Confidentiality, authentication and integrity are the most important ingredients required for trust in e-commerce transactions” and this can be provided by the PKI technology.
  • 6. Significance of Audit
    provides us with an unbiased opinion on the completeness of the system against its stated requirements from an independent third party.
    The audit also serves the function of detecting errors which may have a significant impact on the operations and verifies that fraud risk is moderated through effective internal controls
    The assurance services is provided by Public accounting firms and practitioners who are licensed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), in order to evaluate and test whether the services provided by a CA meet the principles and criteria
  • 7. Relevant Audit Standards
    United States - the assurance standards applicable to the audit are within the frameworks outlined by the AICPA, in particular section Attestation Standards (AT) 101
    Canada - the International Assurance Standards (IAS) have been adopted as the Canadian Auditing Standards (CAS) and are applicable in conducting the audit.
    Other countries, International Assurance Standards may be used, particularly International Standard on Assurance Engagement 3000.
  • 8. Three main audit areas outlined by AICPA/CICA:
    CA Business practice disclosure
    Service integrity
    Environmental controls
    Scope of WebTrust for CAs Audit
  • 9. Audit of the CAs consists of three general phases:
    Planning
    Execution
    Reporting
    Audit Process
  • 10. Current Issues
    Comodo
    StartCom
    Future of WebTrust for CAs
  • 11. Future of WebTrust for CAs
    Current Initiatives against security breaches
    CTO of Comodo has taken initiatives to address such concerns by ensuring that all RA-issued certificate requests for high-value domains matching a list maintained by Comodo will require a review by the company.
    Beta release of SSL Analyzer which is a tool used to scan website and summarize their server security levels.
  • 12. Future of WebTrust for CAs
    Suggested initiatives by Stephen Schultize:
    CAs should be subject to stricter screening process as well as auditing when being considered for the approval list.
    The browsers could offer tools that resemble ad blockers or spam blacklists that would allow non-expert users to avoid connection to illegitimate sites that seem to have been validated
    A solution where the domain owners can confirm the names and machine numbers issued by the CA will be important in confirming the integrity of secured websites.
  • 13. The existence of the recent security breaches encountered by CAs and RAs have begun to question not only the reliability of the audits but also the effectiveness WebTrust program for CAs itself.
    Initiatives undertaken by the CAs to improve the reliability of their services, along with more stringent guidelines by the AICPA/CICA regarding the audit of the CAs can help increase consumer trust over the internet.
    Conclusion
  • 14. Thank you