Encryption – CISSP Domain 3

We’re circling back to some more CISSP-related materials.  Today’s topic will be encryption, which can be found in CISSP Domain 3.

By its very nature, encryption is meant to hide the meaning or intent of a communication from unintended recipients.  This process takes place when a message is converted from plain text (text that is readable) to cipher text (text that has been encrypted and is unreadable).  Encryption provides a high measure of confidentiality since it prevents or minimizes the chance of data being accessed without the proper authorization to do so.

In a nutshell, an algorithm is used to encrypt the data using a key (typically a very large binary number), which also provides a way of later unlocking or decrypting the data.  The same principle is applied whether using symmetric or asymmetric encryption methodologies.

Also, since the main purpose of encryption is to hide the meaning or intent of a communication from unauthorized or unintended recipients, it can be used in many ways and take on different forms.  For example, encryption can be applied to any type of electronic communication, such as text, audio, video, applications, etc., and the algorithms used are usually available in various encryption strengths.

Using strong encryption algorithms helps protect data when it is at-rest (stored), in-transit (traveling across the network), or in-use (existing in system memory).  However, weak or poor encryption algorithms should be avoided since it opens up the possibility that the encryption can be broken due to flaws discovered in the algorithm or using keys of an insufficient length.

This has been a quick look at encryption.  There is an audio/video version of this material here, for anyone who prefers that format.  If you’re interested in security fundamentals, we have a Professionally Evil Fundamentals (PEF) channel that covers a variety of technology topics.  We also answer general basic questions in our Knowledge Center.  Finally, if you’re looking for a penetration test, training for your organization, or just have general security questions please Contact Us.

*** This is a Security Bloggers Network syndicated blog from Professionally Evil Insights authored by Bill McCauley. Read the original post at: