Cryptographic algorithms protect data at rest and during transit to some degree. By encrypting data, you are assuring that only authorized individuals or systems can read the data. Similarly by using integrity techniques such as hashing and message authentication code you are assuring no unauthorized person had made changes. In other words, you can think of cryptography as a means of access control. Cryptography alone is not sufficient for complete data protection. For example, a person can walk into your computer room and physically destroy your data in your disk and other storage medium. Your computer room can be destroyed by fire or flood. Cryptography certainly does not address availability concerns. An insider can log into your computer systems and delete files or a row of data in your database. So, you need physical security; you need authentication and authorization controls in both hard and soft forms. The questions for this part is: What methods/facilities are available to secure data in today’s systems? Have these methods proved to be adequate? So, this second part of this conference is to go beyond cryptographic techniques and think of other forms of protection information security needs.
You are encouraged to conduct research on your own and consult reputable sources.OERs:
- Kessler, G. (2020): Overview of Cryptography: Retrieved from: http://www.garykessler.net/library/crypto.html#intro Due Jun 6th