Click the banner for the site map of NoticeBored.com, the information security awareness service
NoticeBored this month

Cryptography demystified

Introduction and scope of the topic

Click the enigma machine to see more new posters availalble this monthCryptography is often considered in relation to privacy and hiding information, which is really about encryption, just one albeit important aspect of cryptography.  In fact cryptography supports all three classical pillars of information security, namely confidentiality, integrity and availability.

  • Confidentiality: strong encryption of data offers arguably the best possible protection against unauthorized disclosure to third parties.  Encryption helps maintain the privacy of data in all its varied forms, whether at rest in storage or in transit (particularly over insecure networks). 
  • Integrity: many cryptographic algorithms are designed to both ensure and assure the integrity of encrypted data and data that is transmitted between systems.  Hashing algorithms, in particular, are useful to assure that data has not been accidentally, or for that matter deliberately altered.  If we suspect intentional, perhaps fraudulent modification, we can protect the data using symmetric encryption or digital signatures.  Cryptographic authentication of systems, programs and people (for example using digital certificates, smart cards and of course passwords) is a type of integrity control. 
  • Availability: cryptography supports availability through its rôle, for example, in the authentication part of access control that locks unauthorized hackers out of the systems while allowing legitimate users in.  Encryption restricts the availability of information to authorized users, and therefore we can make copies more widely available, knowing that the encryption protects against unauthorized disclosure.  Cryptographic integrity controls (such as those in Tripwire and similar products) help to identify and block unauthorized modifications to programs and data files, including transmission errors on network links, which would otherwise make those systems or data unavailable.

In Roman times, the level of illiteracy was such that a message written in ordinary Latin was almost as secure as if it had been encrypted.  Caesar’s cipher was ‘good enough’ at the time.  Fast forward 2,000 years to find both literacy and cryptography much more commonplace.  Security awareness very definitely has a rôle to play in modern cryptography.  It wasn’t hard to think of awareness angles to cryptography for IT users, managers and IT professionals – the hard part was to explain the key issues in plain English.

When we log on to a typical transactional website for, say, online banking or shopping, we are using several different cryptographic implementations for confidentiality (such as encryption) and integrity (such as authentication using digital certificates).  

But what’s the connection with availability?  Imagine a world in which there was no cryptography.  Shops and banks would not provide their services online if there was no way to keep information confidential, accurate and complete, and no way to guarantee that customers really were who they claimed to be?

Find out more about the topic in the latest NoticeBored security awareness newsletter, including our analysis of the risks.  Find out through the awareness materials how cryptography addresses the risks outlined in the newsletter.

Outline of the awareness module’s content

Plaintext outline of the crypto module

 

February’s NoticeBored security awareness module is delivered to customers as a single Zip file of about 50Mb containing the original Word, PowerPoint, Visio and JPG files described above and listed below. 

Unlike many of our competitors, we don’t just deliver encrypted/read-only Adobe Acrobat files or charge a premium to customize the materials for you.  We deliver electronically at the speed of light, rather than pre-printed materials that take forever to arrive in the post.  Our customers can choose which items to use, customize them to their hearts’ content and distribute them freely to their employees.

Files included in the module

File listing of this module

NoticeBored is for you, yes you!

If this brief outline of our latest awareness module intrigues you, why not contact us to evaluate NoticeBored?  We’ll send you the contents of a complete module, plus an evaluation license for you to try them out.  There’s no commitment or charge to evaluate.  Find out what makes NoticeBored different and discover what led ENISA to describe us as “best practice experts” in security awareness.  We can even help you build a budget proposal to invest in a security awareness program.  When finances are tight, remember that awareness is the most cost-effective form of security.  A dollar spent on security awareness achieves much more than a dollar spent on security technologies such as firewalls, antivirus controls and suchlike.  Alert, security-aware employees who appreciate the symptoms of security attacks or incidents and know how to respond are far less likely to succumb.  Make security everyone’s business with NoticeBored.
NB home > NB this month >

Copyright © 2010  IsecT Ltd.