We agree. It is on our list of items to address. I am wondering if we can come up with a near-term placeholder. Worse case, the working group can revisit it when it bubbles up on the agenda.
I also agree 150% that best practices are much better than hoping individual organizations will make good decisions.
------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
------------------------------
Original Message:
Sent: Apr 26, 2023 01:00:20 PM
From: E A
Subject: Vaulted Tokenization Key Management
Indeed, results of threat / weakness over
resource availability driven risk analysis
should inform these decision, Michael, in the
ideal world.
However, there are s/c "best practices" that
are largely influencing individual enterprise
decisions in the real world.
This group might want to at least to set the
foundation for the risk based approach.
Best,
--------------------------------------------------------------
Strategic Efficiency, GRC
CEA, PMP, CISSP, CCSP, AWS CSA, ITIL
" Rite information to Rite roles at Rite time "
Original Message:
Sent: 4/26/2023 11:59:00 AM
From: Michael Roza
Subject: RE: Vaulted Tokenization Key Management
Like with most things, you need to perform a risk analysis.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
Original Message:
Sent: Apr 26, 2023 08:08:27 AM
From: E A
Subject: Vaulted Tokenization Key Management
... anywhere from often to never, depending on paranoia to regulation ratio.
We planned to address it, if recalling correctly.
Cheers!
Original Message:
Sent: 4/25/2023 10:46:00 AM
From: Alex Sharpe
Subject: Vaulted Tokenization Key Management
What is the contemporary thinking on how often the master key should be changed? It came up on a call this morning. Thought I would ask.
Cheers,
alex.
------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]
Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
------------------------------