Security Architecture and Policy && Cryptography..

-
1. Security Architecture and policy
  :- A security architecture policy is a           formal statement of the rules that govern an organization’s security architecture and the roles that have access and responsibility in maintaining its information and technology.
These policies aren’t one-size-fits-all and are most effective when they’re custom-tailored for each organization. Security architecture policy comes from assessing the entire environment to determine applicable risks and vulnerabilities as well as what countermeasures should be taken in order to mitigate and contain these risks.
Endorsing and enforcing security architecture policy is essential, starting at the top of the organization and moving down through every person who interacts with the environment. This includes non-employees, as well as those who work for the organization. In order to help everyone adhere to the policies that have been put forth, the security architecture team will develop a set of security architecture standards.
• Security Architecture Standards:-
  If security architecture policy describes what needs to happen, then security architecture standards explain how it will happen. Security architecture standards are based on the policy statements and they lay out a set of requirements that show how the organization implements these policies. The standards help create mechanisms by which the policies are enacted in order to avoid risks, identify threats, and take action in the event of an incident.
2. Cryptography:-
    • What is cryptography?
 Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
In computer science, cryptography refers to secure information and communication techniques derived from mathematical concepts and a set of rule-based calculations called algorithms, to transform messages in ways that are hard to decipher. These deterministic algorithms are used for cryptographic key generation, digital signing, verification to protect data privacy, web browsing on the internet and confidential communications such as credit card transactions and email.
• Cryptography techniques :-
   1. Cryptology
   2. Cryptanalysis
   3. Plaintext
   4. Ciphertext
   5. encryption
• Modern cryptography concerns itself with the following four objectives:-

 1. Confidentiality. The information cannot be understood by anyone for. whom it was unintended
2. Integrity.The information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected.
3. Non-repudiation. The creator/sender of the information cannot deny at a later stage their intentions in the creation or transmission of the information.
4. Authentication. The sender and receiver can confirm each other's identity and the origin/destination of the information.
               • Cryptographic algorithms
:- Cryptosystems use a set of procedures known as cryptographic algorithms, or ciphers to encrypt and decrypt messages to secure communications among computer systems, devices and applications.

A cipher suite uses one algorithm for encryption, another algorithm for message authentication and another for key exchange. This process, embedded in protocols and written in software that runs on operating systems (OSes) and networked computer systems, involves:

Public and private key generation for data encryption/decryption.

Comments

Post a Comment

Popular posts from this blog

Splunk Command's/Queries & Basic Structure/Components &More...

-
Image
What is Splunk_? • Splunk is a software platform to search, analyze and visualize the  machine-generated data gathered from the websites, applications,  sensors, devices etc.. •  Why we use Splunk__? :-  Splunk is widely used for its ability to analyze and visualize large amounts of machine-generated data in real-time. It helps organizations gain insights into their data, troubleshoot issues, monitor systems, detect anomalies, and improve security. Its versatility makes it valuable across various industries for IT operations, security, business analytics, and more. •  Splunk Architecture .. Splunk's architecture typically consists of the following components: 👇🏻 1. Forwarders : These are lightweight agents installed on data sources like servers, applications, or devices. They collect data and forward it to the Splunk indexer. 2. Indexers: Indexers receive data from forwarders, index it, and store it in searchable indexes. They handle search requests and provide data querying capa
Read more

Information Security👽

-
Image
• Information Security   Information security protects sensitive information from unauthorized activities, including inspection, modification, recording, and any disruption or destruction. The goal is to ensure the safety and privacy of critical data such as customer account details, financial data or intellectual property. The consequences of security incidents include theft of private information, data tampering, and data deletion. Attacks can disrupt work processes and damage a company’s reputation, and also have a tangible cost. Organizations must allocate funds for security and ensure that they are ready to detect, respond to, and proactively prevent, attacks such as  phishing ,  malware , viruses, malicious insiders, and  ransomware •  What are the 3 Principles of Information Security? The basic tenets of information security are confidentiality, integrity and availability. Every element of the information security program must be designed to implement one or more of
Read more