1 / 28

Fundamentals of Information Systems Security Chapter 9 Cryptography

Fundamentals of Information Systems Security Chapter 9 Cryptography. Learning Objective. Explain how businesses apply cryptography in maintaining information security. Key Concepts. History of cryptography Secret key and public key cryptography Encryption mechanisms and techniques

tameka
Download Presentation

Fundamentals of Information Systems Security Chapter 9 Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fundamentals of Information Systems Security Chapter 9 Cryptography

  2. Learning Objective • Explain how businesses apply cryptography in maintaining information security.

  3. Key Concepts • History of cryptography • Secret key and public key cryptography • Encryption mechanisms and techniques • Business applications of cryptography • Impact of compliance laws on maintaining confidentiality of privacy data

  4. DISCOVER: CONCEPTS

  5. Cryptography History • People have used cryptography to protect information for at least 4,000 years. • Early information security was as simple as hiding it. This is known as steganography. • Steganography is not the same as cryptography.

  6. Cryptography History Examples • Histiaeus sent a message tattooed on the scalp of his slave. • Cryptography altered thecourse of English history. • World War I • World War II

  7. Current-Day Cryptography

  8. Cryptography in Business • Increasing concern about the security of data • More sophisticated attacks • Tremendous growthof computer-relatedfraud and data theft • Data protection as a business priority

  9. Cryptography in Business (Continued)

  10. Applications and Uses • Cryptography uses can be found in categories, such as: • Anti-malware • Compliance or auditing • Forensics • Transaction security • Wireless security

  11. DISCOVER: PROCESS

  12. Secure Sockets Layer (SSL) • Ad-hoc secure communications are basis of Internet e-commerce. • One of the most frequently used forms of cryptography today. • With an asymmetric key, ad-hoc communications are straightforward. • SSL is one of the most commonly used cryptographic protocols for managing secure communication between a client and server over the Web.

  13. SSL Encryption • It is also known as Hypertext Transfer Protocol Secure (HTTPS) encryption. • It is shown in the address bar of Web browsers as https://. • A lock icon is also displayed. • SSL handshake creates first secure session between a client and server.

  14. SSL Handshake Process • Server authentication • Server sends its certificate. • Encrypted master key is then sent to the server. • Optional client authentication • Server sends a challenge to the client.

  15. SSL Handshake Process (Continued)

  16. DISCOVER: ROLES

  17. Symmetric Key Standards

  18. Symmetric Key Standards (Continued)

  19. Symmetric Key Principles • The same key encrypts and decrypts. • Symmetric algorithms can be fast and are well suited to encrypting lots of data. • They are often used once and then discarded.

  20. Asymmetric Key Standards

  21. Asymmetric Key Principles

  22. Business Implementations • Classifications of products and services: • Authentication/access control/authorization • Security management products • Perimeter/network security/availability • Encryption • Administration/education/outsource services/consultants

  23. Business Implications: Q&A Considering the information security objectives, which business tools and services satisfy which security objectives? Which of these can be addressed with cryptography?

  24. DISCOVER: RATIONALE

  25. Public Key Infrastructure (PKI) Terms

  26. PKI Components • Certification authority(CA) • Registration authority(RA) • Certificates and policies

  27. PKI Components (Continued) • Certificate practicestatement (CPS) • Revocation • Trust mode

  28. Summary • People have used cryptography to protect information for at least 4,000 years. • Businesses apply cryptography in maintaining information security. • SSL is one of the most frequently used forms of cryptography today.

More Related