IBM ICE (Innovation Centre for Education)

Welcome to:

Unit 2- Cryptography and Operations Security

© Copyright IBM Corporation 2015 9.1

Unit objectives IBM ICE (Innovation Centre for Education)
IBM Power Systems

After completing this unit, you should be able to:

• Basic understanding of Cryptography and Operations
Security
• Conceptual clarity about Cryptography and Operations
Security
• Application of techniques and controls associated to
Cryptography and Operations Security

© Copyright IBM Corporation 2015

Background of Cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Cryptography is the art of concealing information

• The field of Cryptography is very old and has existed since
the origins of humans
• Messages were translated from one language to the other
in these early efforts
• Sensitive information like the personal data of the masses
is of high priority and importance
• Different organizations need to protect trade secrets,
financial records, employee information and list of
customers

© Copyright IBM Corporation 2015

Introduction to Cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Definition
– The conversion of data into a secret code for transmission over a
public network.
• Explanation
– Cryptography is conversion of data from plaintext into an
unreadable or not understandable form. Plaintext is converted into
a ciphertext by encryption. After this, ciphertext can be converted
back to the plaintext through the process of decryption.

© Copyright IBM Corporation 2015

Encryption/Decryption process IBM ICE (Innovation Centre for Education)
IBM Power Systems

© Copyright IBM Corporation 2015

Types of Cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Non-mathematical
• Mathematical
• Quantum

© Copyright IBM Corporation 2015

Non-mathematical Cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• A method that may use a mathematical or other process but

doesn’t alter a value is in general referred as non-
mathematical type of cryptography
• There are 3 types of non-mathematical cryptography:
– Substitution
– Transposition
– Steganography

© Copyright IBM Corporation 2015

Substitution Ciphers IBM ICE (Innovation Centre for Education)
IBM Power Systems

• A system of ciphering or a coding type which changes one

symbol or character into another is known as a substitution
cipher
• Example
– Let’s imagine that you have the following message:
– ‘I work in Skillcube.’
– After encrypting the message would look something like this:
– ‘A work az Skaddcube.’
• Every instance of ‘i’ is replaced by ‘a’
• Every instance of ‘n’ is substituted by ‘z’
• Every instance of ‘l’ is substituted by ‘d’

© Copyright IBM Corporation 2015

Substitution Ciphers – Problems IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The system in use is not a highly secured system

• Confusions can be created as it cannot be determined
which character is replaced by what.
– For example: What if the s isn’t really s which has been used in the
messages

© Copyright IBM Corporation 2015

Transposition Ciphers IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The letters of the message are scrambled or transported in a certain

manner in this method to encrypt it and this method is known as a
transposition cipher
• Example
– SkillCube excels in capability building.
• Block 1: SkillCube Excels In Capability Building
• Block 2: ubeSkillC celsEx nI ilityCapab dingBuil

© Copyright IBM Corporation 2015

Steganography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Steganography is the process of hiding a message in any

other medium such as a digital image, audio file or other file
• Electronic watermarking is another name for
steganography
• For years now, artists and mapmakers have used
watermarking in order to protect the copyright
• Though this encryption type is breakable, this makes the
encoded file a little harder to detect

© Copyright IBM Corporation 2015

Hybrid Systems IBM ICE (Innovation Centre for Education)
IBM Power Systems

• This is a system in which two or more methods of

cryptography which are non-mathematical can be
combined to make a single cipher system which will be
pretty good
• The hybrid systems are very difficult to break if the manual
methods are used, thus they are used widely
• An Enigma machine is an example of the hybrid systems
which was used by the Germans to transfer encoded
messages between their U-boats and their command
during World War II

© Copyright IBM Corporation 2015

Mathematical Cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• To use the processes which are mathematical in nature on

the messages or the characters is known as mathematical
cryptography
• Hashing is the most common function which is used
– A calculation is performed on the message
– The message is then converted into a hash value which is numeric in
nature
• Example
– The hash value of ‘this’ can be computed by multiplying each character
by 6, adding those results together, and then dividing the sum by 12
which will come out to be 98

© Copyright IBM Corporation 2015

Mathematical Cryptography in passwords IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Most systems used for password-generation employs a

one-way hashing methodology
• It makes the decryption of the password harder
• It is believed by most security experts that at least a 10
character password must be used for increasing the
security
• If only the lowercase letters of alphabets are used then
there are only 26 characters to work with
• If numbers 0 to 9 are also used then the number of
characters increases by 10
• If we also add the uppercase letters then an additional 26
characters are added in the mix that will give us 62
characters for constructing a robust password
© Copyright IBM Corporation 2015
Quantum Cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Quantum cryptography is a comparatively new among the

methods of encryption
• This type of cryptography is based upon a scientific model
known as Heisenberg Uncertainty Principle for security
• Imagine that we need to find the temperature of a liquid.
So, for calculating the temperature when we put a
thermometer, we change the actual temperature of the
liquid. The thermometer will make the temperature of the
liquid to drop or rise very slightly. Specifically speaking,
trying to measure the temperature of the liquid will
somewhat change its temperature, hence, it would be
impossible to measure the actual temperature of the liquid
at that point and time

© Copyright IBM Corporation 2015

Working of Quantum Cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• In quantum cryptography, a message is sent using a series

of photons is used to send a message
• For decoding the message, the receiver must know the
sequence and polarity of the photons
• When anyone intercepts the message, some of the photons
changes its polarity, therefore, the message will be altered
• This notifies the receiver end that someone is trying to
interfere with the message
• When this is informed to the sender he can again send the
message with a new set of sequence and polarity

© Copyright IBM Corporation 2015

Objective of Cryptographic controls IBM ICE (Innovation Centre for Education)
IBM Power Systems

• To provide confidentiality
• To provide integrity
• To provide authentication
• To provide non-repudiation
• To provide access control

© Copyright IBM Corporation 2015

Maintaining Confidentiality IBM ICE (Innovation Centre for Education)
IBM Power Systems

• To make sure that the confidentiality of the used information

is maintained is one of the primary reasons for
implementing a cryptographic system
• The data should not be disclosed at any point if
confidentiality is to be maintained
• The strength of a cryptographic system is a term used to
tell its effectiveness in preventing decryption which is
unauthorized in nature

© Copyright IBM Corporation 2015

Maintaining Integrity IBM ICE (Innovation Centre for Education)
IBM Power Systems

• To give assurance that the message which was sent was

not modified when it was transmitted is the second chief
reason to implement a system of cryptography
• If a medical record which includes drug prescriptions is
modified, the consequences can be catastrophic in nature
• Redundant data can be added as extra information during
the process of decryption in order to accomplish integrity
• A message authentication code or MAC can be added to
the message in order to verify integrity

© Copyright IBM Corporation 2015

Digital Signatures for Integrity IBM ICE (Innovation Centre for Education)
IBM Power Systems

• A standard signature on a document and a digital signature

are both similar in function
• The sender's integrity and the message's integrity is
validated by the digital signature
• The digital signature which is a second piece of information
is added up to the message after encrypting the message
using a system of encryption
• The process of digital signatures provides the following:
– Integrity of the message
– Authentication of the message
– Message non-repudiation

© Copyright IBM Corporation 2015

Authentication through cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The process of verifying the identity of the sender is known

as the process of authentication
• If a message is valid but the source is invalid then the
message isn’t taken as authentic
• Secret words that has been agreed upon mutually in
advance can also be used to establish authenticity
• There are 2 basic authentication protocol:
– Password Authentication Protocol (PAP)
– Challenge Handshake Authentication Protocol (CHAP)

© Copyright IBM Corporation 2015

Non-repudiation through cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• A party can be prevented from denying the actions that they

carried out themselves by the process of non-repudiation
• By using a two-key system, a proof of similar type can be
achieved in the world of electronics
• The public keys are managed by certificate authorities
(CAs) who are third-party organizations
• When an individual is vouched by a respected third-party,
the verifying aspect serves as non-repudiation

© Copyright IBM Corporation 2015

Access Control through cryptography IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The systems that perform cryptography are secured from

unauthorized access by controlling the access
• Operational and physical security of these resources is a
key component of access control
• It should be made sure that all the devices of security are
always kept under tight physical control whenever they are
not being used

© Copyright IBM Corporation 2015

Benefits of cryptography 1 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Encryption can protect communications and stored

information from unauthorized access and disclosure
• Other cryptographic techniques, including methods of
authentication and digital signatures, can protect against
spoofing and message forgeries
• It can be used to sign documents and even software to
confirm that the contents had not been tampered with
• Public key systems are often used to transmit private keys
between users so they can initiate communications using a
private key system

© Copyright IBM Corporation 2015

Benefits of cryptography 2 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Help in video/audio encryption to stop piracy:

– Songs are stored encrypted on disk
– Decryption keys stored within player
– Keys shared with a limited number of trusted devices
– The players share a common symmetric key with the controller
– Each movie is encrypted with the shared key and broadcast to all the
devices

© Copyright IBM Corporation 2015

Types of Cryptographic Algorithms IBM ICE (Innovation Centre for Education)
IBM Power Systems

• There are 3 methods for encoding the message including

hashing, using symmetric algorithms and using asymmetric
algorithms
– Hashing
– Symmetric algorithms
– Asymmetric algorithms

© Copyright IBM Corporation 2015

Hashing IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The process of converting a message, or data, into a

numeric value is called hashing
• There are 2 types of hashing functions available, one way
and two way
• A one-way hash doesn’t allow the result to be decoded
back to its original message
• However in a two-way hash, the hash value can be
converted back to its original value

© Copyright IBM Corporation 2015

Hashing types IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Secure Hash Algorithm

• Message Digest Algorithm
• RIPEMD
• LANMAN
• NTLM

© Copyright IBM Corporation 2015

Symmetric Algorithms IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Symmetric algorithms require both sender and receiver to

have the same key for encrypting and decrypting a
message
• In this, sender encrypts the data using a secret key and
sends the message to the receiver who then decrypts the
message by using the same secret key that was used for
encryption
• A symmetric key, sometimes referred to as a secret key, is
a key that shouldn’t be disclosed to people who are
unauthorized to utilize this encryption system
• Symmetric encryption methods utilizes a stream or block
cipher
• A strong symmetric algorithm can be complex enough to
break © Copyright IBM Corporation 2015
Types of Symmetric Algorithms IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Data Encryption Standard (DES)

• Triple-DES
• Advanced Encryption Standard
• AES256
• CAST
• Rivest’s Cipher
• Blowfish and Twofish
• International Data Encryption Algorithm

© Copyright IBM Corporation 2015

Asymmetric Algorithms IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Asymmetric algorithms utilizes 2 keys for encrypting and

decrypting the data
• There are 2 keys used in asymmetric algorithms, i.e.,
private key and public key
• One key can be used by the sender to encrypt a message
and the other key can be used by the receiver to decrypt
the message
• The private key is kept private and is known only by the
owner
• key may be shared with the intended users with whom the
owner wants to communicate

© Copyright IBM Corporation 2015

Types of Asymmetric algorithms IBM ICE (Innovation Centre for Education)
IBM Power Systems

• RSA
• Diffie-Hellman
• Elliptic Curve Cryptography
• El Gamal

© Copyright IBM Corporation 2015

Techniques for cryptography 1 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• TLS and SSL

– SSL stands for Secure Sockets Layer. Connection which is secure is
established between two machines which are TCP-based by using
Secure Sockets Layer.
– TLS stands for Transport Layer Security. It is a protocol of security that
expands upon Secure Sockets Layer
• Secure Multipurpose Internet Mail Extensions
– Secure Multipurpose Internet Mail Extensions (S/MIME) is a standard
used for encrypting email. Signature data is contained by S/MIME
• Secure Electronic Transaction
– Encryption for the numbers of the credit card that can be transmitted
over the internet is provided by SET or Secure Electronic Transaction.
MasterCard and Visa were the developers of SET

© Copyright IBM Corporation 2015

Techniques for cryptography 2 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Secure Shell
– SSH or Secure Shell which was originally used on the UNIX systems is
a tunneling protocol. SSH is now available for Windows as well
• Pretty Good Privacy
– PGP or Pretty Good Privacy is a system to encrypt the email. It was in
the 1990s that PGP was introduced and was considered to be a very
good system. Now-a-days, PGP is used widely for securing the email
• HTTP Secure
– Hypertext Transport Protocol Secure is also known as Hypertext
Transport Protocol over SSL (HTTPS). It is the secure version of
HTTP. Hypertext Transport Protocol Secure is also the World Wide
Web’s language

© Copyright IBM Corporation 2015

Techniques for cryptography 3 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• IP Security
– Encryption and authentication is provided by IP Security across the
internet. IPSec is becoming a standard for encrypting virtual private
network (VPN) channels and is built into IPv6
• Tunneling Protocols
– The sensitive information is contained in other packets and then sent
across the public network. The sensitive data which has been received
at the other end is stripped from the other packets
• Public Key Infrastructure
– The Public Key Infrastructure (PKI) is intended to offer a means of
providing security to messages and transactions on a grand scale

© Copyright IBM Corporation 2015

Attacks on cryptographic techniques IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Attacking the Key

– The Keys are attacked directly in this type of attack and the value of a
key is discovered. The keys can be the following:
• Key based encryption information
• Encrypted messages
• Passwords
• Attacking the Algorithm
– Not only the keys but the algorithms and the programming instructions
that are used for data encryption are at risk as well. An algorithm might
not be able to make a program secure if discovery and correction of an
error is not done by the developers of a program
• Intercepting the Transmission
– The attackers may over a period of time gain information inadvertently
about the systems of encryption that are used by an organization due
to the process of intercepting a transmission
© Copyright IBM Corporation 2015
Techniques of Code-breaking IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Frequency Analysis
– It is determined whether any patterns which are common exist in
frequency analysis by looking at blocks of an encrypted message
• Algorithm Errors
– Unpredictable results are sometimes produced by complex algorithms.
The entire system of encryption can be compromised if the results are
discovered
• Exploiting Human Error
– One of the major reasons of occurrence of vulnerabilities is human
error. Someone can send an email in the unencrypted or clear form
even if an email is sent using a scheme of encryption

© Copyright IBM Corporation 2015

Cryptographic attacks IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Birthday Attack
– An attack which is targeted at a key is an example of a birthday attack.
This attack is just an attack on the results and not on the algorithm
itself.
• Weak Key Attack
– The premise that many common passwords are used by various
numbers of people is the basis on which weak key attacks are based.
The hash value resulting from the key will be very easy to guess if the
length of the key is short.
• Mathematical Attack
– These kinds of attacks are basically focused on the following things:
• The algorithm of encryption
• Any potential weakness area or the key mechanism

© Copyright IBM Corporation 2015

Cryptography – Cost Categories 1 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Exposure assessment: The security team of an

organization needs to assess the exposure effect due to the
release of organization’s sensitive information which is of
potential nature
• Account changes: Exposure of personally identifiable
information can require a company to transfer customers to
new accounts, which can trigger large administrative
charges for incidents involving thousands of customers
• Credit checks: A company responsible for a breach of
personally identifiable information may have to pay for
personal credit checks and thwart identity theft with ongoing
monitoring of credit for customers affected by the disclosure
of data

© Copyright IBM Corporation 2015

Cryptography – Cost Categories 2 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Customer support: A data breach can trigger extensive new

demands on customer support staff responding to phone
calls, email and letters about the incident
• Competitive advantage: News of lost, stolen or breached
customer data may translate into success for the
competitors. It gives them the ammunition they need to
tarnish a company’s reputation and could result in a
customer migration to them
• Security of employees/customers: Exposure of personally
identifiable information can reveal home addresses of
employees and customers, which could lead to personal
harassment or possible physical harm. Obviously, lawsuits
are potential fallout due to data loss

© Copyright IBM Corporation 2015

Cryptography Cost benefits IBM ICE (Innovation Centre for Education)
IBM Power Systems

• As the data which has been encrypted cannot be accessed

by the people who are unauthorized thus most of the
requirement for assessment is eliminated by encryption.
Thus if a loss takes place in an organization then only a
loss will pertain to the equipment which is lost and not an
organization’s intellectual property or its brand
• The unauthorized people are prevented from having an
access to the data as encryption eliminates all effects of
loss of information

© Copyright IBM Corporation 2015

Scenario based annual costs IBM ICE (Innovation Centre for Education)
IBM Power Systems

• The annual costs are shown in two scenarios. They are:

– When encryption is used by an organization(Protected)
– When encryption is not used by an organization(Unprotected)

Cost element Cost range per  Protected  Unprotected 

incident scenario scenario

(in INR) (in INR) (in INR)

For recovery (in  1.3 Lakhs – 6.3  64K 3.8 Lakhs

INR) Lakhs
For effect (in INR) 9.5 Lakhs – 65  0 14 Lakhs
Cr
Annual cost of  3.8 Lakhs – 1.6 Lakhs 19 Lakhs
every lost  2100 Cr +
incident (in INR)
© Copyright IBM Corporation 2015
Data Classification IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Data at rest
– All data in computer storage while excluding data that is in a network
or temporarily residing in computer memory to be read or updated is
the data which is at rest
• Data in motion
– Data in Motion is the term used for data which is in the network and
moving. It is the process of the transfer of the data between all of the
versions of the original file, especially when data may be in movement
on the Internet
• Data in use
– “Data in Use” is all data not in a rest state and is being used in
processing, or stored for being processed (for example, in resident
memory, or swap, or processor cache or disk cache, etc. Memory)

© Copyright IBM Corporation 2015

Protecting data at rest IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Data at Rest is an IT term referring to inactive data which is

stored physically in any digital form (e.g. databases, data
warehouses, spreadsheets, archives, tapes, off-site
backups, mobile devices etc.)
• Data at rest can be saved by following ways:
– Encrypting the entire contents of the storage media
– Encrypting the data that needs to be protected
– Enforcing strong keys/passwords
– Preventing the user from storing the password on the media

© Copyright IBM Corporation 2015

Protecting data in use IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Data in Use is an IT term referring to achieve data which is

stored in a non-persistent digital state typically computer
RAM, CPU caches or CPU registers
• Solutions to protect the data in use are:
– Encryption solutions protect sensitive data as it is accessed, shared
and stored beyond the traditional data center
– Several cryptographic tools, including secure multi-party computation
and homomorphic encryption, allow for the private computation of data
on untrusted systems
– Tokenization solutions to ensure the security of sensitive and regulated
data residing in databases and applications, throughout its lifecycle

© Copyright IBM Corporation 2015

Protecting data in motion IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Data-in-motion is data being transmitted within a device or

between devices by any means or data-in-motion is
transmission of data via mobile media (e.g. flash drives,
portable hard drives, laptops, etc.)
• Solution to protect data in motion are:
– SSH Client/Server, SSL, VPN and SSL/VPN are effective in securing
data in motion
– Using encrypted connection or file encryption
– Using digital signature to ensure non-repudiation

© Copyright IBM Corporation 2015

Introduction to Operations Security IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Definition
– The process by which a user can deny the access of critical
information to potential adversaries (opponents) by identifying,
controlling and protecting the critical information is known as the
Operations Security Process.
• There are mainly fives principles of OPSEC:
– What data needs to be protected?
– Who wants the data about the organization?
– How is the organization’s data vulnerable to attacks?
– What is the risk associated with the data?
– How can the data be protected?

© Copyright IBM Corporation 2015

Benefits of Operations Security IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Keeps confidential information secure

• Allows for secure exchange of information
• Allows an organization to ensure that they are meeting their
legal obligations
• Enhanced customer satisfaction that improves client
retention
• Consistency in the delivery of organization's service or
product
• Manages and minimizes risk exposure
• Builds a culture of security
• Protects the company, assets, shareholders and directors

© Copyright IBM Corporation 2015

Process of Operations Security IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Identification of critical information

• Analysis of threats
• Analysis of vulnerabilities
• Assessment of risk
• Application of appropriate countermeasures to mitigate the
risks

© Copyright IBM Corporation 2015

Types of Assets IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Information assets
• Software assets
• Physical assets
• Services

© Copyright IBM Corporation 2015

Threat Analysis IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Threat analysis is a procedure through which data

regarding a potential threat is collected and analyzed.
Threat is subjected to thorough and systematic examination
for identifying facts that are significant together with
deriving conclusions about whether excessive damage
could be realized through this threat
• Following determinations has to be made:
– Who would want to have this technology?
– Who would be benefited if the project is discredited?
– Who would like if something happens with the participants of the
project?
– Who would be benefited if the activities that are directed at the project
are corrupted?

© Copyright IBM Corporation 2015

Vulnerability Analysis IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Vulnerabilities can be determined through analysis of the

operation of any project by the supporting and primary
team members working on it
• The target shall be viewed like an attacker
• The actions must be identified which can be used to derive
vital information by interpreting or piecing together other
data

© Copyright IBM Corporation 2015

Risk Assessment IBM ICE (Innovation Centre for Education)
IBM Power Systems

• This step is where a decision is made estimating the

potential effects of vulnerability on an operation/activity and
a cost-benefit analysis made of recommended correction
actions
• Following things are conducted during risk assessment:
– Determination of the information’s value
– Threat analysis
– Vulnerability determination of the information

© Copyright IBM Corporation 2015

Application of appropriate countermeasures to
mitigate the risks IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Avoidance of risk
• Transferring risks
• Mitigation of risks
• Deterring the risk
• Accepting the risks

© Copyright IBM Corporation 2015

Operations Security Techniques 1 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Policy for operational security

– The guidelines and the policies must be made clear about what the
operators can or cannot do
• Access control
– Access control means allowing the correct users in (those who are
authorized) and keeping the others out (those who are not authorized)
• Authorization
– Authorization is a concept through which access is provided to the
users based on their access levels

© Copyright IBM Corporation 2015

Operations Security Techniques 2 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Dual control
– The same group must not be responsible for the network and security
controls
• Secure and verify
– Active attempts can be carried out by all the measures mentioned
above in order to detect a change which could have happened in the
network
• Automation
– Procedures and processes such as process of verification are
recommended generally to be automates. This is because of the fact
that details in log files and other processes which are similar are
overlooked by humans

© Copyright IBM Corporation 2015

Operations Security in personal life 1 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Personal life
– The work-related and sensitive information must be kept away from
profile
– The location data, schedules and the plans must be kept secure
– The information and the names of friends, coworkers and members of
the family should be kept secure
• Posted data
– All the photos must be checked for reflective surfaces that may
indicate some critical information
– The file tags and filenames must be checked for critical information
• Passwords
– Uniqueness of the password must be there
– The passwords must be hard such that it is difficult to guess
– The passwords must not be given away or shared
© Copyright IBM Corporation 2015
Operations Security in personal life 2 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Settings and Privacy

– The access permissions should be set according to the sorted group of
friends
– Determine both the profile and search visibility
– Verify through other channels that a “friend request” was actually from
a friend
– The people who are not trustable at all must be added to the group
with the lowest accesses and permissions

© Copyright IBM Corporation 2015

Operations Security in personal life 3 IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Security
– The anti-virus software must be kept updated
– The downloads, attachments and the links in e-mails should be
handled properly
– Third parties often use the ‘apps’ or plug-ins to get access to data. The
user should be aware of that
– Before entering sensitive data or logging in, the HTTPS must be
looked upon that indicates active security transmission

© Copyright IBM Corporation 2015

Operations Security cost vs. benefit IBM ICE (Innovation Centre for Education)
IBM Power Systems

• Costs
– Permanent resources on security team for a particular project
– Tool and methodology procurement
– Source
– Costs incurred due to training materials are to be purchased
• Benefits
– Operational costs are reduced
– Capital expenses are avoided
– The efficiency of operations is increased
– Compliance is enhanced

© Copyright IBM Corporation 2015

Checkpoint (1 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

1. Which mathematical process can be used to derive a

mathematical value?
– Symmetric
– Social engineering
– Hashing
– Asymmetric
2. An employee claims that he didn’t send a mail to the
competitors. However, it was deduced from the email logs
that the mail was sent to that particular id at a very late
hour of night. What is provided from these logs?
– Integrity
– Confidentiality
– Authentication
– Non-repudiation
© Copyright IBM Corporation 2015
Checkpoint Solutions (1 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

1. Which mathematical process can be used to derive a

mathematical value?
– Symmetric
– Social engineering
– Hashing
– Asymmetric
2. An employee claims that he didn’t send a mail to the
competitors. However, it was deduced from the email logs
that the mail was sent to that particular id at a very late
hour of night. What is provided from these logs?
– Integrity
– Confidentiality
– Authentication
– Non-repudiation
© Copyright IBM Corporation 2015
Checkpoint (2 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

3. In cryptography, what does MAC stands for?

– Media access control
– Mandatory access control
– Message authentication code
– Multiple advisory committees
4. Out of the following, which one is an attack against the
algorithm?
– Birthday attack
– Weak key attack
– Mathematical attack
– Registration attack

© Copyright IBM Corporation 2015

Checkpoint Solutions (2 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

3. In cryptography, what does MAC stands for?

– Media access control
– Mandatory access control
– Message authentication code
– Multiple advisory committees
4. Out of the following, which one is an attack against the
algorithm?
– Birthday attack
– Weak key attack
– Mathematical attack
– Registration attack

© Copyright IBM Corporation 2015

Checkpoint (3 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

5. What does WEP stands for?

– Wi-Fi encrypted process
– Wi-Fi encrypted protection
– Wired Equivalent Protection
– Wired Equivalent Privacy
6. Which of the following is a Physical Asset?
– Database
– Router
– Application
– Data Communication

© Copyright IBM Corporation 2015

Checkpoint Solutions (3 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

5. What does WEP stands for?

– Wi-Fi encrypted process
– Wi-Fi encrypted protection
– Wired Equivalent Protection
– Wired Equivalent Privacy
6. Which of the following is a Physical Asset?
– Database
– Router
– Application
– Data Communication

© Copyright IBM Corporation 2015

Checkpoint (4 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

7. Which of the following is an Information Asset?

– Database
– Router
– Application
– Data Communication
8. Which of the following is a Software Asset?
– Database
– Router
– Application
– Data Communication

© Copyright IBM Corporation 2015

Checkpoint Solutions (4 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

7. Which of the following is an Information Asset?

– Database
– Router
– Application
– Data Communication
8. Which of the following is a Software Asset?
– Database
– Router
– Application
– Data Communication

© Copyright IBM Corporation 2015

Checkpoint (5 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

9. What is MAC associated with access control?

– Media access control
– Mandatory access control
– Message authentication code
– Multiple advisory committees
10.Which of the following is data at rest?
– Data in RAM
– Data in hard disk
– Data in pen drive
– Data in network

© Copyright IBM Corporation 2015

Checkpoint Solutions (5 of 5) IBM ICE (Innovation Centre for Education)
IBM Power Systems

9. What is MAC associated with access control?

– Media access control
– Mandatory access control
– Message authentication code
– Multiple advisory committees
10.Which of the following is data at rest in a system?
– Data in RAM
– Data in hard disk
– Data in pen drive
– Data in network

© Copyright IBM Corporation 2015

Unit summary IBM ICE (Innovation Centre for Education)
IBM Power Systems

Having completed this unit, you should be able to:

• Basic understanding of Cryptography and Operations
Security
• Conceptual clarity about Cryptography and Operations
Security
• Application of techniques and controls associated to
Cryptography and Operations Security

© Copyright IBM Corporation 2015