Security Architecture and Policy && Cryptography..
1. Security Architecture and policy
:- A security architecture policy is a formal statement of the rules that govern an organization’s security architecture and the roles that have access and responsibility in maintaining its information and technology.
These policies aren’t one-size-fits-all and are most effective when they’re custom-tailored for each organization. Security architecture policy comes from assessing the entire environment to determine applicable risks and vulnerabilities as well as what countermeasures should be taken in order to mitigate and contain these risks.
Endorsing and enforcing security architecture policy is essential, starting at the top of the organization and moving down through every person who interacts with the environment. This includes non-employees, as well as those who work for the organization. In order to help everyone adhere to the policies that have been put forth, the security architecture team will develop a set of security architecture standards.
• Security Architecture Standards:-
If security architecture policy describes what needs to happen, then security architecture standards explain how it will happen. Security architecture standards are based on the policy statements and they lay out a set of requirements that show how the organization implements these policies. The standards help create mechanisms by which the policies are enacted in order to avoid risks, identify threats, and take action in the event of an incident.
2. Cryptography:-
• What is cryptography?
Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
In computer science, cryptography refers to secure information and communication techniques derived from mathematical concepts and a set of rule-based calculations called algorithms, to transform messages in ways that are hard to decipher. These deterministic algorithms are used for cryptographic key generation, digital signing, verification to protect data privacy, web browsing on the internet and confidential communications such as credit card transactions and email.
1. Cryptology
3. Plaintext
4. Ciphertext
5. encryption
• Modern cryptography concerns itself with the following four objectives:-
1. Confidentiality. The information cannot be understood by anyone for. whom it was unintended
2. Integrity.The information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected.
3. Non-repudiation. The creator/sender of the information cannot deny at a later stage their intentions in the creation or transmission of the information.
4. Authentication. The sender and receiver can confirm each other's identity and the origin/destination of the information.
• Cryptographic algorithms
:- Cryptosystems use a set of procedures known as cryptographic algorithms, or ciphers to encrypt and decrypt messages to secure communications among computer systems, devices and applications.
A cipher suite uses one algorithm for encryption, another algorithm for message authentication and another for key exchange. This process, embedded in protocols and written in software that runs on operating systems (OSes) and networked computer systems, involves:
• Public and private key generation for data encryption/decryption.
Comments
Post a Comment