EMC's Interpretation - “At most companies today, security projects are being driven by compliance and audit, so what a surprise that they don’t have alignment with the business! Security practitioners are not working on business problems; they are working on regulatory issues.”Now I’m not going to suggest that all regulation is unjustified and that businesses can’t profit from the level playing field that regulation can create. While effective attacks against 1024-bit RSA keys appear unlikely to emerge in the near term, the community has for some years suggested the prudence of a movement away from 1024-bit key lengths by the end of 2010. The U.S. National Institute of Standards (NIST) recommends in its special publication 800-57, "Recommendation for Key Management--Part I: General http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf " (p. 66), that 1024-bit RSA be used to confer data protection only through 2010. Similarly, in May 2003, RSA Labs publishe...