Chapter 11. Encryption and Cryptography

Encryption is the ultimate means of information asset protection. If properly implemented, encryption will foil almost any attack short of a nationally sponsored effort. Encryption can be used to protect any information asset, whether stored on tape or disk, or while in transit on a communications link.[]

Prior to the 1990s, national governments, government contractors, and private banking systems were the primary users of encryption technology. With the proliferation of the Internet and electronic commerce, however, the need for secure exchanges of electronic information has now also become of significant importance to commercial entities and the consumer public in general. There appears to be global concurrence that cryptography is the strongest means for securing electronic information against theft or compromise. However, cryptography can be both an ally and an adversary of secure electronic information exchange. On one hand, encryption technology can protect information from unauthorized viewing or attack. On the other hand, dishonest or devious persons can employ cryptanalysis techniques to divulge, alter, steal, divert, or otherwise disrupt electronic information exchanges. The following discussion provides a series of references and quotes that help put into perspective the need for deployment of strong encryption techniques.

In 1997, Ian Goldberg, a University of California–Berkeley graduate student, linked together 250 idle workstations ...

Get Auditing Information Systems, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.