Buch, Englisch, 328 Seiten, Format (B × H): 156 mm x 234 mm
The Enterprise Guide to Post-Quantum Cryptographic Readiness
Buch, Englisch, 328 Seiten, Format (B × H): 156 mm x 234 mm
ISBN: 978-1-041-16668-9
Verlag: CRC Press
Are you ready for the day your encryption fails silently?
Quantum Ready is not just a warning, it’s a field guide for the era of quantum disruption. As quantum computing accelerates toward the threshold where today’s encryption becomes obsolete, organizations must prepare now or risk a catastrophic breakdown in digital trust.
Written by one of the world’s first Field CISOs, this book delivers a strategic, vendor-neutral roadmap for CISOs, security architects, and IT leaders responsible for protecting long-term data and infrastructure. It introduces the Q-Ready Framework, a comprehensive five-phase approach to discovering, prioritizing, migrating, validating, and sustaining quantum-safe cryptography across the enterprise.
With practical checklists, actionable advice, and insights from hundreds of field engagements, Quantum Ready goes beyond the theory and into the trenches. Whether you’re already on your migration journey or just beginning to assess the threat, this book will prepare you to lead with confidence through one of the biggest shifts in cybersecurity history.
The clock is ticking. Read it now, and be the reason your organization is still trusted tomorrow.
Zielgruppe
Professional Practice & Development, Professional Reference, and Professional Training
Autoren/Hrsg.
Fachgebiete
- Mathematik | Informatik EDV | Informatik Computerkommunikation & -vernetzung Netzwerksicherheit
- Wirtschaftswissenschaften Betriebswirtschaft Management
- Mathematik | Informatik EDV | Informatik Technische Informatik Computersicherheit Kryptographie, Datenverschlüsselung
- Mathematik | Informatik EDV | Informatik Technische Informatik Quantencomputer, DNA-Computing
Weitere Infos & Material
Forward. Acknowledgements. About the Author. AI Usage. Preface. P.1 A Brief Primer on Cryptography and Its Building Blocks. P.2 Let's Begin. Introduction: Executive Summary and Overview. I.1 Why This Matters to Executives. I.2 Understanding the Risk in Business Terms. I.3 Why Now?. I.4 What Needs to Be Done. I.5 Executive Communication Toolkit. I.6 Final Thought for the Boardroom. SECTION I – INTRO TO QUANTUM READINESS. Chapter 1 - Why Quantum Threats Can't Be Ignored. 1.1 What This Book Will and Won't Cover. 1.2 A New Kind of Computing. 1.3 What Is Q-Day?. 1.4 Harvest Now, Decrypt Later. 1.5 Reframing the Risk: It's Not Just Data, It's Trust. 1.6 Conclusion. Chapter 2: How Quantum Breaks Encryption. 2.1 Classical vs. Quantum: The Basics. 2.2 Understanding Symmetric and Asymmetric Encryption. 2.2 Shor's Algorithm: Breaking RSA and ECC. 2.3 Grover's Algorithm: Weakening Symmetric Encryption. 2.4 Real Experiments: Demonstrating the Trajectory Toward Q-Day. 2.5 Conclusion. Chapter 3 - The Mosca Model and Why Time Is Not on Your Side. 3.1 Understanding the Model. 3.2 Applying the Model in Practice. 3.3 Are You Already Vulnerable?. 3.4 Conclusion. Chapter 4 - Overview of the Q-Ready Framework and How to Use This Book. 4.1 Why a Framework Is Needed Now. 4.2 Introducing the Q-Ready Framework. 4.3 Alignment with National Standards and Best Practices. 4.4 How to Use This Book. 4.5 What to Expect Next. SECTION II Phase 1: Discovery. Chapter 5 - Inventory Your Cryptographic Assets. 5.1 The First Step: Know What You Have. 5.2 What to Look For. 5.3 Beyond the Inventory. 5.4 Conclusion. Chapter 6 - Assess Quantum Vulnerabilities. 6.1 Evaluating Algorithm Risk. 6.2 Mapping Crypto to Data and Exposure. 6.3 Understand the System Landscape. 6.4 Threat Patterns to Watch For. 6.5 Step-by-Step: How to Perform a Vulnerability Assessment. 6.6 Building a Risk Profile. 6.7 Conclusion. Chapter 7 - Prioritize Critical Systems. 7.1 What Matters Most. 7.2 Risk, Sensitivity, and Exposure. 7.3 Building a Prioritization Model. 7.4 Assigning Resources and Timelines. 7.5 Step-by-Step: How to Prioritize Quantum Cryptographic Asset Vulnerabilities & Remediations. 7.6 Conclusion. SECTION III Phase 2: Planning. Chapter 8 - Develop a Migration and Testing Plan. 8.1 Creating a Post-Quantum Cryptography Policy. 8.2 Build a Migration Plan. 8.3 Define Crypto-Agility. 8.4 Key Components of a Migration Strategy. 8.5 Quantum Readiness Maturity Model. 8.6 Using Technical Readiness Levels (TRLs) to Prioritize Migration. 8.7 Develop a Testing Plan. 8.8 Conclusion. Chapter 9 - Engage Stakeholders and Secure Buy-In. 9.1 Start with Alignment, Not Awareness. 9.2 Business and Financial Planning for PQC. 9.3 Create a Post-Quantum Steering Committee. 9.4 Stand Up a Crypto Center of Excellence. 9.5 Designate a Champion: The PQC Czar. 9.6 Facilitate Cross-Functional Task Forces. 9.7 Make Quantum Readiness Part of the Culture. 9.8 Organizational Change Management for Post-Quantum Cryptography. 9.9 Conclusion. Chapter 10 - Define Success Metrics and Risk Tolerance. 10.1 Defining What Success Looks Like. 10.2 Track Progress with Metrics and KPIs. 10.3 Incorporating Key Risk Indicators (KRIs). 10.4 Establishing Risk Tolerance for PQC. 10.5 Metric Evolution. 10.6 Conclusion. SECTION IV Phase 3: Implementation. Chapter 11 - Replacing Vulnerable Algorithms. 11.1 From Classical to Quantum-Safe: What Needs Replacing. 11.2 Transport Protocol Security. 11.3 Hybrid Certificates and Dual Stacks. 11.4 Code Signing and Software Integrity. 11.5 PQC in APIs and Applications. 11.6 PQC for Data Encryption. 11.7 Shared Responsibility Model. 11.8 Conclusion. Chapter 12 - Enhance Key Distribution and Generation. 12.1 From PRNG to QRNG: Building Keys with True Entropy. 12.2 ML-KEM and the Shift in Key Exchange. 12.3 Quantum Key Distribution (QKD): Physics Over Math. 12.4 Hardware Security Modules and Key Vaults for PQC. 12.5 Conclusion. Chapter 13: Integrate PQC into IoT & Embedded Systems. 13.1 Long-Lifecycle Hardware and ICS Challenges. 13.2 Lightweight Cryptography for Constrained Devices. 13.3 PQC-Aware Firmware Updates. 13.4 Building PQC into Hardware and Software Products. 13.5 Managing Irreplaceable Legacy Systems. 13.6 Conclusion. SECTION V Phase 4 – Validation. Chapter 14: Test Deployed Solutions for Functionality. 14.1 Interoperability Testing. 14.2 Regression Testing. 14.3 Latency Testing. 14.4 Security Testing. 14.5 A Framework for Functional Testing. 14.6 Tools and Validation Suites. 14.7 Conclusion. Chapter 15: Monitor for New Threats & Issues. 15.1 Monitoring Post-Quantum Cryptography in Production. 15.2 SOC Integration and Monitoring Tools. 15.3 A Framework for PQC Monitoring. 15.4 The Evolving Role of Incident Response in a Post-Quantum World. 15.5 Conclusion. Chapter 16: Readiness Assessments and Compliance Audits. 16.1 Why Audits Matter in PQC Environments. 16.2 Aligning with NIST, CISA, and PCI DSS. 16.3 What Internal Auditors Should Review. 16.4 Preparing for the Auditor's Visit. 16.5 Conclusion. SECTION VI Phase 5: Maintenance. Chapter 17: Maintain Crypto-Agility. 17.1 What Maintenance Looks Like in a PQC Environment. 17.2 Preparing for Future Standard Changes. 17.3 Future-Proofing Beyond PQC. 17.4 Conclusion. Chapter 18: Monitor and Renew Certificates. 18.1 Why Certificate Monitoring and Renewal Matter. 18.2 The Lifecycle of a Certificate. 18.3 Managing Dual-Algorithm and Hybrid Certificates. 18.4 How Certificate Lifecycle Management and Key Management Fit Together. 18.5 Automating Certificate Lifecycle Management. 18.6 Ongoing Maintenance and Certificate Governance. 18.7 Conclusion. Chapter 19: Enhance Organizational Readiness. 19.1 Training for a Quantum-Aware Workforce. 19.2 Tabletop Exercises and Playbooks for PQC Incidents. 19.3 Appointing a Quantum Risk Owner. 19.4 Embedding PQC into Third-Party Risk Management. 19.5 Conclusion. Chapter 20 - The End Is Just the Beginning. 20.1 Looking Back on the Road We've Traveled. 20.2 Key Lessons to Carry Forward. 20.3 Preparing for What's Next. 20.4 Final Words of Guidance.
