Your success is guaranteed with 050-v71-CASECURID02 pdf download

We are putting such a great effort to provide you with actual RSA SecurID Certified Administrator 7.1 exam questions and answers, along with clarification. Each 050-v71-CASECURID02 Questions and Answers on killexams.com has been establish by means of RSA certified professionals. They are tremendously qualified and certified people, who have several years of professional experience recognized with the RSA assessments. They check the 050-v71-CASECURID02 Free PDF question according to actual 050-v71-CASECURID02 test.

Exam Code: 050-v71-CASECURID02 Practice exam 2022 by Killexams.com team
RSA SecurID Certified Administrator 7.1
RSA Administrator information
Killexams : RSA Administrator information - BingNews https://killexams.com/pass4sure/exam-detail/050-v71-CASECURID02 Search results Killexams : RSA Administrator information - BingNews https://killexams.com/pass4sure/exam-detail/050-v71-CASECURID02 https://killexams.com/exam_list/RSA Killexams : I envy over 670,000 workers gaining double-digit returns on investments this year

Financial security is a goal that all adults aspire to, especially in their productive or active-work years. This rings particularly true for professional corporate workers, otherwise known as white-collar 9-5ers. Unlike entrepreneurs, we earn regimentally throughout our careers, a system with pros and cons. In most cases, our career life is a favourable arrangement because come what may, for as long as we work, when the month ends, we get paid.

Yet, with this arrangement comes the responsibility of protecting our financial sustainability because, again, unlike our entrepreneurial friends whose businesses could rake in unprecedented funds, we earn strictly pre-determined and oftentimes bounded salaries.

For us salary earners to safely protect our finances, especially in our later years, it is essential to leverage financial management and investment measures available, some of which include savings, intelligent investments and pension schemes. Of these viable options, one that is legally backed, protected and is the object of this discussion, is the Retirement Savings Pension plan.

Beyond being the savings set aside for our retirement life, the funds also enjoy regular growth from investment returns made by the Pension Fund Administrator. So, basically, with Pension packages, 9-5ers like me can be hopeful that our savings are professionally invested to ensure that our savings increase in value as we journey for the future.

As a mid-level corporate worker, I wasn’t so certain that I would have guaranteed financial security with my savings sitting in my Pension account. I had been OK with whatever my PFA told me until I read in the newspapers that a certain Pension Fund Administrator was projecting to earn double-digit returns on investments it made on behalf of its 670,000 Retirement Savings Account holders by the end of 2022. When I came across this information, I had mixed reactions because my sentiments went from amazement to shock and then sheer envy. There are many reasons why I am envious of this group of immensely fortunate RSA holders, and I will share some of them with you.

There is a global economic slowdown.

Let me offer some context here. It is no secret that the world as we know it has changed profoundly in recent years, with the global economy dwindling significantly. There have been numerous explanations for this, the most common of which is the aftermath of the Covid-19 pandemic on different stratifications of the world’s economy.

This unprecedented crisis is even more gripping in third-world economies like Nigeria’s, and as a result, the economic reality has not been the same. Now, many investment opportunities available for Nigerians come with increasingly low return options, with many prospective investors being hit by the popular caveat ‘Terms and Conditions Apply.’

Now you can see why I envy these lucky 670,000 colleagues. Despite the crippling effects of the global economic crisis and all the wherewithal uncertainties, their own PFA promises a whopping double-digit return on investments. God when?

There has been a steady spike in inflation rates.

You must have heard of the saying ‘when it rains, it pours.’ That’s precisely the case here. Along with the post-pandemic global economic slowdown in the last few years, there is the daunting reality of a steady increase in inflation rates worldwide.

Again, this situation, although global reaching, is more peculiar to the Nigerian climes because now, our already fragile economy is exacerbated by inflation. This phenomenon, aggravated by our steep exchange rates, made me think, with my little knowledge of economics, that my RSA will take a hit and lose all that has been gained over the years of impressive growth.

Yet, a Pension Fund Administrator is projecting an astounding double-digit return on investments for 670,000 of its Retirement Savings Account Holders. I am definitely envious of them!!!

The Bear Market is going strong. 

According to Investopedia, a bear market occurs when a market experiences prolonged price declines. It typically describes a situation in which securities (investable assets) prices fall 20% or more from recent highs amid widespread pessimism and negative investor sentiment. Unfortunately, this has been the reality of the global investment environment in the last few months, and by all indications, it appears to not be changing anytime soon. Even the almighty cryptocurrency market could not withstand the prevailing headwinds.

A bear market has many effects on the economy, none of them hardly positive. For instance, it is expected to experience increased unemployment rates, low returns on investments, and devaluation of currencies, amongst others. Overall, a bear market is typically a difficult period for investors.

This exactly buttresses my sentiments. In case you didn’t know, Pension Fund Administrators invest our savings in multiple investment instruments. The profits made on those investments are returned directly into the accounts of account holders to boost their savings for the later years. This means that naturally, in one way or another, the bear market negatively impacts investment returns made by Pension Fund Administrators.

Despite this, a PFA is projecting double-digit bounties for its 670,000 RSA customers. You really cannot blame me for being envious of this fortunate group.

After practicing the newspaper article, I researched the PFA in question, and it turns out that it is none other than Leadway Pensure PFA, an affiliate of Leadway Assurance Company Limited—a topmost financial services provider in Nigeria, and now I know what my next steps would be; if you don’t gerrit, forget abourrit.

Better still, get more information about them by scanning the QR Code at the top right or visiting https://leadway-pensure.com. You can also call the Leadway Pensure PFA Virtual Assistants on 012800800 for professional advice.

Sun, 07 Aug 2022 22:52:00 -0500 en-US text/html https://punchng.com/i-envy-over-670000-workers-gaining-double-digit-returns-on-investments-this-year/
Killexams : Data recapture vital to changing PFAs

Why do I have to complete a CAPTCHA?

Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.

What can I do to prevent this in the future?

If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.

If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.

Another way to prevent getting this page in the future is to use Privacy Pass. Check out the browser extension in the Chrome Web Store.

Tue, 26 Jul 2022 12:52:00 -0500 en-US text/html https://thenationonlineng.net/data-recapture-vital-to-changing-pfas/
Killexams : Rights, Responsibilities of Contributors Under The Contributory Pension Scheme

The Pension Reform Act 2014 (PRA 2014) confers certain rights on contributors which provide some level of protection and comfort to them and their loved ones during their working years, and upon retirement. These rights cover all employees in the Public Service of the Federation, Federal Capital Territory, and States that have implemented the Contributory Pension Scheme (CPS), as well as the private sector. It is therefore important for contributors to know what some of these rights are, in order to be guided accordingly.

Right to Choose a Pension Fund Administrator

The contributor’s journey through the CPS begins with the opening of a Retirement Savings Account (RSA) with a Pension Fund Administrator (PFA). Every individual under this Act has a right to choose a PFA, without any interference by their employer or by any third party and is required by the PRA 2014 to register with a PFA, obtain a Personal Identification Number (PIN) for their RSA and provide the details to their employer to commence remittance of their pension contributions.

Right to Timely Complete Remittance of Pension Contributions

The employer is required to deduct at source from the salary of the employee, an amount comprising their pension contribution, and remit the same along with the employer portion to the Pension Fund Custodian specified by the Pension Fund Administrator of the employee, not later than seven working days from the date salaries are paid. The minimum rate of contribution is 18% of the employee’s monthly emoluments where 10% is contributed by the employer and 8% is contributed by the employee. The constituent of monthly emoluments is as may be defined in the employee’s contract of employment, but should not be less than the total sum of basic salary, housing, and transport allowances. For employees whose salaries are not classified into basic, transport, and housing allowances, the pension contributions should be based on the gross salary payable.

Right to Transfer RSA from One PFA to another

Contributors have the right to determine which PFA manages their pension contributions and retirement benefits. Therefore, if a contributor feels the need to transfer their RSA from one PFA to another PFA, they can do so, though, no more than once a year. This is pursuant to Section 13 of the PRA 2014. In order to facilitate its implementation, the National Pension Commission (PenCom) deployed the RTS on November 20, 2020. The RTS is a fully automated, efficient, and transparent process that has pre-defined timelines, ensuring the hassle-free movement of RSAs between PFAs. The transfer process is free of charge and the contributor has the liberty to choose the PFA they prefer for this purpose.

Right to Earn Penalty Charge Of 2% on Late Remittance of Pension Contributions

Where an employer fails to deduct or remit the contributions within the stipulated time frame of 7 working days from the day salaries are paid, they shall in addition to making the remittances already due, be liable to a penalty, which shall not be less than 2 percent of the total contributions that remain unpaid for each month or part of each month the default continues. This amount of the penalty will be recovered as a debt owed and paid into the employee’s RSA.

Right to Receive RSA Statement of Account

The contributor has the right to receive an RSA statement from their PFA at least once every quarter. The RSA statement has some minimum information and disclosure requirements mandated by the Commission. PFAs may also send RSA balances via text messages and the contributor has the option of checking the performance of their RSA online or by physically visiting the nearest branch of their PFA to obtain a hard copy of the RSA statement.

Right to Receive Up To 25% of RSA Balance Upon Temporary Loss Of Employment

In the event of temporary loss of employment, a contributor may fall back on their RSA balance to tide them over till they are able to secure another job. This is in line with Section 7 (2) of the PRA 2014 which states that “where an employee voluntarily retires, disengages or is disengaged from employment as provided for under section 16 (2) and (5) of the PRA 2014, the employee may with the approval of the National Pension Commission (PenCom), withdraw an amount of money not exceeding 25% of the total amount credited to their retirement savings account. Such withdrawals can be made if the employee is unable to secure another employment after 4 months of such retirement or cessation of employment.

Right to Insurance Cover

All employees in the Public Service of the Federation, Federal Capital Territory, and States that have implemented the Contributory Pension Scheme as well as the private sector, have the right under Section 4(5) of the PRA 2014 to have a Life Insurance policy taken on their behalf by their employers for an insured amount of not less than three times their annual total emolument.” The annual total emolument is the total sum of basic salary and all allowances payable as their remuneration for one year, as may be provided under the salary structure or terms and conditions of his/her employment. The policy which ensures that dependents of a deceased employee receive three times his total annual emolument is meant to cushion the effect of death on a deceased worker’s family.

Right to Choose Mode of Exit from the CPS

Upon retirement, the contributor has the right to choose the mode of accessing their retirement benefits. The PFA is to provide information in this regard.

The responsibilities of the contributors are to ensure that they,

  1. Provide updates to their PFA in cases of change of employment, personal details, or contact information.
  2. Ensure that they receive their quarterly RSA statements from their PFA and review them in order to identify any irregularities.
  3. Confirm that their employer is making timely, complete monthly remittances to their RSA i.e. both employee and employer portion as stipulated by the PRA 2014.
  4. Verify that their employer has subscribed to a Group Life Insurance policy for them and the premium is being paid annually, consistent with relevant laws

It is in the interest of employees covered to ensure that the aforementioned are implemented and report any breaches via PenCom’s reporting channels in order to have them addressed.

Fri, 05 Aug 2022 12:00:00 -0500 en-US text/html https://www.thisdaylive.com/index.php/2022/07/11/rights-responsibilities-of-contributors-under-the-contributory-pension-scheme/
Killexams : Accessing Retirement Benefits Under Contributory Pension Ssheme

In line with the provisions of the Pension Reform Act, 2014 (PRA, 2014), the National Pension Commission (PenCom) has established procedures and requirements for Retirement Savings Account (RSA) holders to access their retirement benefits as and when due. PenCom also has guidelines and regulations explaining the procedures for administering and accessing retirement benefits under the Contributory Pension Scheme (CPS).

Section 7(1) of the PRA 2014 states that an RSA holder shall, upon retirement or attaining the age of 50 years, whichever is later, utilise the amount credited to his RSA upon retirement.

The two modes of accessing retirement benefits under the CPS are Programmed Withdrawal (PW) and Life Annuity. Programmed Withdrawal is a method by which the employee collects his retirement benefits in periodic monthly or quarterly sums spread throughout an estimated life span. The benefits paid under PW can be accessed monthly, quarterly or as a one-off lump-sum payment, depending RSA balance. PenCom approved 8,528 retirees’ requests to draw pension through the PW mode during the first quarter of 2022. These retirees received a lump sum of N36.25 billion while their aggregate monthly pensions amounted to N470.13 million.

On the other hand, a Retiree Life Annuity is an income purchased from an approved life insurance company licensed by the National Insurance Commission, which provides monthly or quarterly payments to the retiree during his/her lifetime. During the first quarter of 2022, PenCom granted approval to 3,264 retirees under the Retiree Life Annuity. The sum of N22.69 billion was paid to 14 Retiree Life Annuity Providers as premiums for total monthly/quarterly annuities of N231.93 million.

Death benefits are paid to the legal beneficiaries of an employee who dies before his/her retirement. The employer is also obligated to pay Group Life insurance of the deceased employee, which is not less than three times the Annual Total Emolument of the dead employee, which is also paid to the legal beneficiary.

In the first quarter of 2022, the Commission approved the payment of death benefits amounting to N13.39 billion to the legal beneficiaries/administrator of 2,574 deceased employees and retirees. The amount comprised 1,923 public sector and 651 private sector employees/retirees.

PenCom allows the retiree an en-bloc payment of all the contributions and returns in the RSA. During the first quarter, PenCom approved the en-bloc payment of retirement benefits of 2,084 retirees whose RSA balances were N550,000 or below and considered insufficient to procure Programmed Withdrawal or Retiree Life Annuity of a reasonable amount for an expected life span. In this regard, N519.51 million was paid to retirees from the public and private sectors.

Significantly, the CPS allows RSA holders under 50 years who lose their jobs but are not yet entitled to a monthly pension to withdraw 25 percent of their RSA balance if they cannot secure another job after four months of such cessation of employment. In the first quarter of 2022, the Commission approved the payment of N5.66 billion to 9,517 RSA holders under 50 years who were disengaged from work and unable to secure jobs within four months.

To augment their pension at retirement, Section 4(3) of the PRA, 2014 allows contributors desirous of increasing their contributions through Voluntary Contributions (VC). In such cases, the Withdrawal of VC shall be once every two years from the last approved withdrawal date. Subsequent withdrawals shall only be on the incremental contributions from the previous withdrawal date. During the first quarter of 2022, PenCom approved the Withdrawal of voluntary contributions amounting to N1.415 billion in respect of 787 contributors.

When an employee goes missing, the employer or the missing person’s Next of Kin or Legal Beneficiary must inform the PFA. An employee is considered missing if they are not located within a year of the reported missing date, and a board of inquiry appointed by PenCom concludes that they are assumed dead based on the facts and information at hand. PenCom communicates to the PFA or MDA as the case may be. The legal beneficiary can access the benefits of the missing employee under the guidelines for death benefits.

In conclusion, accessing retirement benefits under the CPS is seamless. There are clear guidelines and regulations for the process. Pension Fund Administrators (PFAs) are also required to guide RSA holders who want to access their retirement benefits.

Fri, 05 Aug 2022 12:00:00 -0500 en-US text/html https://www.thisdaylive.com/index.php/2022/08/01/accessing-retirement-benefits-under-contributory-pension-ssheme
Killexams : Roadway Safety

Our roadway safety program is the Hazard Elimination Program for Existing Roads and Streets (HELPERS). This program is housed at Indiana LTAP and funded by INDOT.

HELPERS provides the following services, performed by a professional engineer, at no cost to local agencies:

  • Road safety audits
  • Crash data and analysis, including GIS maps
  • Federal and state funding application assistance
  • On-site training in roadway safety topics
  • On-site training on the Indiana Manual of Uniform Traffic Control Devices (MUTCD)
  • Low-cost safety improvement ideas
  • Traffic studies

Highway Safety Improvement Program 

The Federal Highway Administration provides funding for roadway safety improvements through the Highway Safety Improvement Program (HSIP). HSIP provides 90 percent of the funding for eligible safety projects. HSIP funds are administered by INDOT through its annual call for projects. For more information on HSIP, visit the INDOT website.

Assistance with the HSIP applications is available through HELPERS. To determine if your project is eligible for HSIP funding and learn what is required to apply, contact LTAP.

Road Safety Audits

A Road Safety Audit (RSA) is a formal safety/performance examination of an existing or future road or intersection by an independent, multidisciplinary team. The RSA team identifies potential road safety issues and lists opportunities for safety improvements for all road users. Improvements vary from short-term/low cost to long-term/higher cost.

An audit is required by INDOT in order to receive federal safety (HSIP) funds. The HELPERS program can lead or facilitate RSAs for local agencies.

Please see below for before and after images of RSA projects.

GIS maps and Crash Summary Reports 

Geographic Information system (GIS) shape files, GIS heat maps and crash summaries are available by request. Rural local agency personnel may request their crash data by contacting LTAP. Urban local agencies should request this information from their Metropolitan Planning Organization (MPO).

Events and Updates

Please see below for information about events, updates and upcoming calls for projects.

Sat, 06 Nov 2021 08:45:00 -0500 en text/html https://www.purdue.edu/inltap/safety/roadway.php
Killexams : Pension complaints and solutions

Why do I have to complete a CAPTCHA?

Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.

What can I do to prevent this in the future?

If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.

If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.

Another way to prevent getting this page in the future is to use Privacy Pass. Check out the browser extension in the Chrome Web Store.

Tue, 02 Aug 2022 23:56:00 -0500 en-US text/html https://thenationonlineng.net/pension-complaints-and-solutions-127/
Killexams : Balancing Computer Security and Innovation—A Talk with RSA’s Art Coviello

It’s no surprise that the president of RSA, the security division of Hopkinton, MA-based information management giant EMC (NYSE: EMC), has strong views about the need for better security practices within corporations and government agencies. But Art Coviello, who joined RSA in 1995 and helped engineer its 2006 acquisition by EMC, says the problem isn’t that companies aren’t aware of today’s cyber security challenges—it’s that they often aren’t doing the right things to address them.

Companies try too hard to protect the machines that data live on, rather than the data itself, Coviello told me during an interview earlier this month. They dive into faddish new technologies like cloud computing and social networking without investigating the new kinds of security risks they pose. And they focus too much on achieving technical compliance with government regulations, rather than on minimizing the risks those regulations are meant to address.

Coviello spoke with me shortly after RSA issued the latest report from the Security for Business Innovation Council, a group of 10 security executives from companies like Motorola, JP Morgan Chase, Time Warner, and Novartis. RSA assembled the council to draw attention to ways that businesses can continue to innovate—a process that often involves adopting untested new technologies—without exposing themselves to new waves of fraud, data breaches, and other cyber attacks.

Coviello was eager to share the recommendations in the report, which range from suggestions about specific security policies and technologies that companies can adopt to ideas for broad industry cooperation on ways to thwart cyber criminals. But I also asked him for his perspective on the recent increase in the number of New England-area companies offering so-called “governance, risk, and compliance” software, and for his views of the Obama Administration’s performance so far on cyber security issues. (See page 3. A preview: he’s reserved, but optimistic—and has some specific suggestions on who President Obama should name as the new cyber security czar.) A condensed version of our interview follows.

Xconomy: What’s the main purpose of this latest report from the Security for Business Innovation Council?

Art Coviello: One of the things we tried to establish early on is that security doesn’t have to be viewed as an inhibitor of innovation. It can be viewed as an enabler of innovation. This is the fourth in a series of reports that does just that. It gives tips and advice on how [security] can not only not get in the way, but how it should give people confidence to do more things online.

But one part of what we’re bringing out here is that when it comes to things like cloud computing and social networking, people are just jumping ahead, and saying we’ll take care of the security later. That’s a bad idea.

X: Forgive me if this question sounds cynical, but cloud computing and certain forms of social networking are among EMC’s services and software these days—and so, obviously, is security. Wouldn’t almost any report coming from a group convened by the security division of EMC be recommending more adoption of security software?

AC: I can see how you could be cynical about almost anything that gets produced by a technology company. But the guys who are part of this study are independent. We facilitate it, we don’t pay them for it. You’ve got people like Bill Boni from Motorola, Anish Bhimani from JP Morgan Chase, David Kent from Genzyme, Craig Shumard from Cigna. You have a cross section of people, and they’re not making any money from cloud computing or social networking.

Having said that, the fact is that the horse is out of the barn, and people are going to be adopting these technologies, because they Improve productivity and communication. You are not going to slow it down, but you can expose yourself to risks that you would feel fairly sorry about if you don’t … Next Page »

Wade Roush is a freelance science and technology journalist and the producer and host of the podcast Soonish.

Trending on Xconomy

Tue, 28 Jun 2022 12:00:00 -0500 Wade Roush en text/html https://xconomy.com/boston/2009/06/29/balancing-computer-security-and-innovation-a-talk-with-rsas-art-coviello/
Killexams : Cybersecurity trade show starts Monday

About 17,000 security professionals are expected to converge on Moscone Center in San Francisco today for this year's RSA Conference, one of the biggest cybersecurity trade shows in the world.

Cybersecurity "is getting worse as more and more devices go online," said Sandra Toms LaPedis, one of the conference organizers. "There's a need for the industry to come together and solve these tough problems."

Dozens of government officials and corporate executives are expected to speak, including Department of Homeland Security Secretary Michael Chertoff, Palm and Numenta founder Jeff Hawkins and New Yorker writer Malcolm Gladwell, author of "The Tipping Point." Nobel laureate and former Vice President Al Gore is scheduled to speak on Friday, but his speech is closed to the media.

Hundreds of companies will exhibit new products designed to fix security problems. In advance of the conference, some have released reports on security flaws they've ferreted out that their products intend to fix.

AirDefense and AirTight Networks, two startups that compete to secure wireless networks, released studies revealing various security flaws. AirDefense scanned wireless networks in more than 1,000 government agencies and companies in San Francisco, although it didn't name them; AirTight has scanned wireless networks in airports worldwide, including San Francisco and San Jose.

VOIPshield Systems in Ottawa said it found more than 100 security flaws in Internet telephone systems from Cisco, Nortel and Avaya. It will be demonstrating at the conference how the products were hacked.

There also will be several panel discussions on cybersecurity and the government. On Wednesday, New York Times reporter Eric Lichtblau will lead a discussion of the story the Times broke on warrantless wiretapping by the Bush administration.

As problems with cybersecurity have grown over the years, so has the conference. Organizers expect attendance this year to set a record.

Most people who attend are technologists who handle information security for companies or government agencies - RSA is a place where they can discuss problems, debate solutions and look at new technology.

Even though many of the sessions are technical, it is also a place where the public can track their progress. In 2004, for example, Microsoft Chairman Bill Gates announced a strategy to end spam.

That same year, retired Air Force Gen. John Gordon, an adviser to President Bush, said he couldn't figure out how to set up encryption on his own home wireless network and called on industry to make security products that were easier to use.

A big problem this year at the conference is data leakage - how to secure a database so information can't be stolen, how to develop software that can't be cracked, how to keep data away from outsiders and insiders who shouldn't have it.

"New classes of people are having to face these threats" without a good understanding of the problems, said Tim Mather, the conference's chief security strategist. "You have people (at companies) becoming information technology people and it's not the job description they signed up for."

Other hot subjects will be electronic voting in this election year, identity management - how can you tell if the people you're talking to online are who they say they are - and the government's role in regulating security.

Many companies feel burdened with too many conflicting regulations, Mather said, but as the economy slows, their spending on security has leveled off, according to Forrester Research.

Companies want to know: "How do we do what we've been doing already but quicker and cheaper?" said Paul Stamp, an analyst at Forrester. The answer, he said, is to focus on protecting data.

Conference info

Find the full RSA Conference schedule at www.rsaconference.com. Passes to the show floor and some of the keynotes are available for $100. A full conference pass is around $2,000.

Mon, 11 Jul 2022 12:01:00 -0500 en-US text/html https://www.sfgate.com/business/article/Cybersecurity-trade-show-starts-Monday-3288248.php Killexams : How to Request a Missing Certificate for a Web Server

Ruri Ranbe has been working as a writer since 2008. She received an A.A. in English literature from Valencia College and is completing a B.S. in computer science at the University of Central Florida. Ranbe also has more than six years of professional information-technology experience, specializing in computer architecture, operating systems, networking, server administration, virtualization and Web design.

Tue, 01 Mar 2022 13:18:00 -0600 en-US text/html https://smallbusiness.chron.com/request-missing-certificate-server-59318.html
Killexams : Understanding NIST’s Post-Quantum Encryption Standardization and Next Steps for Federal CISOs

By Duncan Jones, Head of Cybersecurity at Quantinuum

In a recent National Security Memo (NSM-10), the White House acknowledged the need for immediacy in addressing the threat of quantum computers to our current cryptographic systems and mandated agencies to comply with its initial plans to prepare. It’s the first directive that mandates specific actions for agencies as they begin a very long and complex migration to quantum-resistant cryptography. Many of the actions required of agencies depend on new cryptographic algorithms that have just been chosen by the National Institute of Standards and Technology, although final standardization will take 18 to 24 months.

What should CISOs be doing to prepare for the risks of quantum computers and to comply with NSM-10 requirements? They should start by gaining an understanding of the new algorithm standards, and from there, focus on inventorying the agency’s most important information and assets. 

NIST to the rescue

In as little as a decade, quantum computers will break many of the encryption schemes in use today, such as the popular RSA algorithm that we use for encrypting internet data and for digitally signing transactions. An attacker with a powerful quantum computer will be able to read data encrypted by an RSA public key or forge transactions signed by an RSA private key. Worse, a category of attack known as “hack now, decrypt later” may already be under way. Attackers who record data using quantum-vulnerable algorithms now can retrospectively decrypt it in the future using quantum computers. For any agency or contractor that shares data with a long sensitivity lifespan, this is a real concern.

Fortunately, the academic world has not been sitting idle. Since 2016, NIST has been working with the cryptographic community to identify and standardize new quantum-proof encryption algorithms. The NIST process will help ensure that these algorithms become standardized in Federal Information Processing Standards publications and are ready for consumption by federal authorities. As such, it’s important for CISOs to familiarize themselves with the new algorithms and their properties.

Each post-quantum algorithm has three different security levels defined—SL1, SL3 and SL5. These levels are very similar to key sizes in today’s algorithms. Much like 4096-bit RSA keys are stronger than 1024-bit RSA keys, SL5 is stronger than SL3 and SL1. However, that increased security comes at a cost. SL5 keys are typically larger to store and result in slower computations. It’s also notable that post-quantum algorithms cannot be used for both encryption and data signing. Instead, they are used for only one task or the other. This means we will be replacing a single algorithm, such as RSA, with two separate algorithms.

The table below shows some of the characteristics of the selected algorithms.

Algorithm Type Family Public Key Size Ciphertext/Signature Size
CRYSTALS-KYBER Key Establishment Lattice-based 1.6KB - 3.1KB 0.8KB - 1.5 KB
CRYSTALS-Dilithium Signature Lattice-based 2.5KB - 4.8KB 2.4KB - 4.6KB
Falcon Signature Lattice-based 1.2KB - 2.3KB 0.7KB - 1.3KB
SPHINCS+ Signature Hash-based 0.03KB-0.06KB 7.7KB - 49KB

For immediate action

According to NIST’s chief of the Computer Security Division, Matt Scholl, “…don't wait for the standard to be done. Start inventorying your most important information. Ask yourself what is that data that an adversary is going to want to break into first.”

According to NSM-10, leaders from the Office of Management and Budget, the Cybersecurity and Infrastructure Security Agency, NIST and the National Security Agency will be establishing requirements for inventorying all currently deployed cryptographic systems within six months of the May 4 memo. Within a year—and on an annual basis—“…heads of all federal civilian executive branch agencies shall deliver to the director of CISA and the national cyber director an inventory of their IT systems that remain vulnerable to CRQCs.”

Agency inventory requirements will include: 

  • A list of key information technology assets to prioritize
  • Interim benchmarks
  • A common—and preferably automated—assessment process for evaluating progress on quantum-resistant cryptographic migration in IT systems

Migrating an agency or department to a fully post-quantum position is a complex process that will take many years. Although these post-quantum algorithms will not be ready for widespread production use until the standardization process finishes in 2024, considerable work—now mandated under NSM-10 directive—must be done to prepare for these changes, starting with the inventorying process. 

Next steps for federal CISOs

Identify data assets and use of cryptography. Before you can prioritize migration, you need to understand exactly what data you have, and how vulnerable it is to attack. Data that is particularly sensitive and vulnerable to the “hack-now, decrypt-later” attacks should be prioritized above less sensitive data that isn’t transmitted freely. CISOs should start cataloging where quantum-vulnerable algorithms are currently being used. For a variety of reasons, not all systems will be affected equally. CISOs need a very clear picture of the vulnerabilities present in each of their systems.

Speak with vendors. Now is the perfect time to be asking your vendors about their plans for adopting post-quantum algorithms. A good vendor should have a clear roadmap already in place and be testing the candidate algorithms in preparation for 2024.

Test algorithms for home-grown software. Post-quantum algorithms have different properties than the algorithms we use today. The only way to know how they will affect your systems is to implement them and experiment. To assist with potential compatibility issues, NSM-10 encourages agency heads to begin conducting “…tests of commercial solutions that have implemented pre-standardized quantum-resistant cryptographic algorithms.” 

A good place to start is with the Open Quantum Safe project, which provides many different implementations of post-quantum algorithms designed for experimentation. 

Quantum is not all bad news. It is worth remembering that quantum computing also offers new techniques for strengthening existing systems. Quantum computers are already being used today to generate stronger cryptographic keys. In the future, once this migration to post-quantum algorithms is behind us, we’ll view quantum as a gift to cybersecurity, not a threat.

 Duncan Jones is the head of cybersecurity at Quantinuum.

Mon, 25 Jul 2022 16:20:00 -0500 en text/html https://www.nextgov.com/ideas/2022/07/understanding-nists-post-quantum-encryption-standardization-and-next-steps-federal-cisos/374792/
050-v71-CASECURID02 exam dump and training guide direct download
Training Exams List