ABSTRACT
Risk management is based on the presumption that data risks can be reduced by implementing security controls. This chapter discusses each of the layers: Facility Security, System Security Cryptographic Modules, Key Management, and Data Management. It also discusses the relative risks of the key management lifecycle that affects cryptography. Facility security includes a wide variety of physical and logical controls to protect systems, which in turn protect cryptographic modules, which protect cryptographic keys, which are used to protect data. The physical security controls afforded by the numerous campus elements represent a layered security approach. The cryptographic architecture identified the Internet cross-connection, the datacenter cross-connections, the backup connection, and the backup and recovery cross-connection. A cryptographic module provides cryptographic services by executing cryptographic algorithms and protecting cryptographic keys during the algorithm execution. From a cryptographic architecture viewpoint, standards-based cryptography is preferred over proprietary solutions.
