CSF011G02 - Cryptograpgy & Operations Security

IBM ICE (Innovation Centre for
Unit objectives IBM ICE (Innovation Centre for Education)
Unit 2- Cryptography and Operations Security
After completing this unit, you should be able to:

• Basic understanding of Cryptography and Operations
Security
• Conceptual clarity about Cryptography and Operations
Security
• Application of techniques and controls associated to
Cryptography and Operations Security
© Copyright IBM Corporation 2015

Background of Cryptography IBM ICE (Innovation Centre for Education)
• Cryptography is the art of concealing information

• The field of Cryptography is very old and has existed since
the origins of humans
• Messages were translated from one language to the other
in these early efforts
• Sensitive information like the personal data of the masses
is of high priority and importance
• Different organizations need to protect trade secrets,
financial records, employee information and list of
customers

Introduction to Cryptography IBM ICE (Innovation Centre for Education)
• Definition
– The conversion of data
– into a secret code for
– transmission over a public network.
• Explanation
– Cryptography is conversion of data from plaintext into an
unreadable or not understandable form. Plaintext is converted
into a ciphertext by encryption. After this, ciphertext can be
converted back to the plaintext through the process of
decryption.

Encryption/Decryption process IBM ICE (Innovation Centre for Education)

Types of Cryptography IBM ICE (Innovation Centre for Education)
• Non-mathematical
• Mathematical
• Quantum

Non-mathematical Cryptography IBM ICE (Innovation Centre for Education)
• A method that may use a mathematical or other process

but doesn’t alter a value is in general referred as non-
mathematical type of cryptography
• There are 3 types of non-mathematical cryptography:
– Substitution
– Transposition
– Steganography

Substitution Ciphers IBM ICE (Innovation Centre for Education)
• A system of ciphering or a coding type which changes one

symbol or character into another is known as a substitution
cipher
• Example
– Let’s imagine that you have the following message:
– ‘I work in Skillcube.’
– After encrypting the message would look something like this:
– ‘A work az Skaddcube.’
• Every instance of ‘i’ is replaced by ‘a’
• Every instance of ‘n’ is substituted by ‘z’
• Every instance of ‘l’ is substituted by ‘d’

Substitution Ciphers – Problems IBM ICE (Innovation Centre for Education)
• The system in use is not a highly secured system

• Confusions can be created as it cannot be determined
which character is replaced by what.
– For example: What if the s isn’t really s which has been used in
the messages

Transposition Ciphers IBM ICE (Innovation Centre for Education)
 Transposition Cipher is a cryptographic algorithm where the order

of alphabets in the plaintext is rearranged to form a cipher text. In
this process, the actual plain text alphabets are not included.
Example
– SkillCube excels in capability building.
• Block 1: SkillCube Excels In Capability Building
• Block 2: UBESKILLC CELSEX NIILITYCAPAB DINGBUIL

Steganography IBM ICE (Innovation Centre for Education)
• Steganography is the process of hiding a message in any

other medium such as a digital image, audio file or other file
• Electronic watermarking is another name for
steganography
• For years now, artists and mapmakers have used
watermarking in order to protect the copyright
• Though this encryption type is breakable, this makes the
encoded file a little harder to detect

Hybrid Systems IBM ICE (Innovation Centre for Education)
• This is a system in which two or more methods of

cryptography which are non-mathematical can be
combined to make a single cipher system which will be
pretty good
• The hybrid systems are very difficult to break if the manual
methods are used, thus they are used widely
• An Enigma machine is an example of the hybrid systems
which was used by the Germans to transfer encoded
messages between their U-boats and their command
during World War II

Mathematical Cryptography IBM ICE (Innovation Centre for Education)
• To use the processes which are mathematical in nature on

the messages or the characters is known as mathematical
cryptography
• Hashing is the most common function which is used
– A calculation is performed on the message
– The message is then converted into a hash value which is numeric
in nature
• Example
– The hash value of ‘this’ can be computed by multiplying each
character by 6, adding those results together, and then dividing the
sum by 12 which will come out to be 98

Mathematical Cryptography in IBM ICE (Innovation Centre for Education)
passwords
• Most systems used for password-generation employs a
one-way hashing methodology
• It makes the decryption of the password harder
• It is believed by most security experts that at least a 10
character password must be used for increasing the
security
• If only the lowercase letters of alphabets are used then
there are only 26 characters to work with
• If numbers 0 to 9 are also used then the number of
characters increases by 10
• If we also add the uppercase letters then an additional 26
characters are added in the mix that will give us 62
characters for constructing a robust password
Quantum Cryptography IBM ICE (Innovation Centre for Education)
• Quantum cryptography is a comparatively new among the

methods of encryption
• This type of cryptography is based upon a scientific model
known as Heisenberg Uncertainty Principle for security
• Imagine that we need to find the temperature of a liquid.
So, for calculating the temperature when we put a
thermometer, we change the actual temperature of the
liquid. The thermometer will make the temperature of the
liquid to drop or rise very slightly. Specifically speaking,
trying to measure the temperature of the liquid will
somewhat change its temperature, hence, it would be
impossible to measure the actual temperature of the liquid
at that point and time

Working of Quantum Cryptography IBM ICE (Innovation Centre for Education)
• In quantum cryptography, a message is sent using a series

of photons is used to send a message
• For decoding the message, the receiver must know the
sequence and polarity of the photons
• When anyone intercepts the message, some of the photons
changes its polarity, therefore, the message will be altered
• This notifies the receiver end that someone is trying to
interfere with the message
• When this is informed to the sender he can again send the
message with a new set of sequence and polarity
. © Copyright IBM Corporation 2015

Objective of Cryptographic
IBM ICE (Innovation Centre for Education)
controls
• To provide confidentiality
• To provide integrity
• To provide authentication
• To provide non-repudiation
• To provide access control

Maintaining Confidentiality IBM ICE (Innovation Centre for Education)
• To make sure that the confidentiality of the used information

is maintained is one of the primary reasons for
implementing a cryptographic system
• The data should not be disclosed at any point if
confidentiality is to be maintained
• The strength of a cryptographic system is the
effectiveness of that system in preventing unauthorized
decryption

Maintaining Integrity IBM ICE (Innovation Centre for Education)
• To give assurance that the message sent was

unmodified when transmitted is the second chief reason
to implement a system of cryptography
• If a medical record which includes drug prescriptions is
modified, the consequences can be catastrophic in nature
• Redundant data can be added as extra information during
the process of decryption in order to accomplish integrity
• A message authentication code or MAC can be added
to the message in order to verify integrity

Digital Signatures for Integrity IBM ICE (Innovation Centre for Education)
• A standard signature on a document and a digital

signature are both similar in function
• The sender's integrity and the message's integrity is
validated by the digital signature
• The digital signature which is a second piece of information
is added up to the message after encrypting the message
using a system of encryption
• The process of digital signatures provides the following:
– Integrity of the message
– Authentication of the message
– Message non-repudiation

Authentication through IBM ICE (Innovation Centre for Education)
cryptography
• The process of verifying the identity of the sender is known
as the process of authentication
• If a message is valid but the source is invalid then the
message isn’t taken as authentic
• Secret words that has been agreed upon mutually in
advance can also be used to establish authenticity
• There are 2 basic authentication protocol:
– Password Authentication Protocol (PAP)
– Challenge Handshake Authentication Protocol (CHAP)

Non-repudiation through IBM ICE (Innovation Centre for Education)
cryptography
• A party can be prevented from denying the actions that
they carried out themselves by the process of non-
repudiation
• By using a two-key system, a proof of similar type can be
achieved in the world of electronics
• The public keys are managed by certificate authorities
(CAs) who are third-party organizations
• When an individual is vouched by a respected third-party,
the verifying aspect serves as non-repudiation
• Non-repudiation is the assurance that someone cannot
deny the validity of something. Non-repudiation is a legal
concept that is widely used in information security and
refers to a service, which provides proof of the origin of
Non-repudiation through IBM ICE (Innovation Centre for Education)
cryptography
data and the integrity of the data.

Access Control through cryptography IBM ICE (Innovation Centre for Education)
• The systems that perform cryptography are secured from

unauthorized access by controlling the access
• Operational and physical security of these resources is a
key component of access control
• It should be made sure that all the devices of security are
always kept under tight physical control whenever they are
not being used

Benefits of cryptography 1
• Encryption can protect communications and stored

information from unauthorized access and disclosure
• Other cryptographic techniques, including methods of
authentication and digital signatures, can protect against
spoofing and message forgeries
• It can be used to sign documents and even software to
confirm that the contents had not been tampered with
• Public key systems are often used to transmit private keys
between users so they can initiate communications using a
private key system

• Help in video/audio encryption to stop piracy:
– Songs are stored encrypted on disk
– Decryption keys stored within player
– Keys shared with a limited number of trusted devices
– The players share a common symmetric key with the controller
– Each movie is encrypted with the shared key and broadcast to all
the devices
Types of Cryptographic IBM ICE (Innovation Centre for Education)
Algorithms
• There are 3 methods for encoding the message including
hashing, using symmetric algorithms and using asymmetric
algorithms
– Hashing
– Symmetric algorithms
– Asymmetric algorithms

Hashing IBM ICE (Innovation Centre for Education)
• The process of converting a message, or data, into a

numeric value is called hashing
• There are 2 types of hashing functions available, one way
and two way
• In one-way hash result can’t be decoded back to its
original message
• However in a two-way hash, the hash value can be
converted back to its original value

Hashing types IBM ICE (Innovation Centre for Education)
• Secure Hash Algorithm

• Message Digest Algorithm
• RIPEMD
• LANMAN
• NTLM

Symmetric IBM ICE (Innovation Centre for Education)
Algorithms
• Symmetric algorithms require both sender and receiver to
have the same secret key for encrypting and decrypting a
message
• In this, sender encrypts the data using a secret key and
sends the message to the receiver who then decrypts the
message by using the same secret key that was used for
encryption
• A symmetric key, sometimes referred to as a secret key,
is a key that shouldn’t be disclosed to unauthorized
people.
• Symmetric encryption methods utilizes a stream or block
cipher
• A strong symmetric algorithm can be complex enough
to break
Types of Symmetric IBM ICE (Innovation Centre for Education)
Algorithms
• Data Encryption Standard (DES)
• Triple-DES
• Advanced Encryption Standard
• AES256
• CAST
• Rivest’s Cipher
• Blowfish and Twofish
• International Data Encryption Algorithm

Asymmetric IBM ICE (Innovation Centre for Education)
Algorithms
• Asymmetric algorithms utilizes 2 keys for encrypting and
decrypting the data
• There are 2 keys used in asymmetric algorithms, i.e.,
private key and public key
• One key can be used by the sender to encrypt a message
and the other key can be used by the receiver to decrypt
the message
• The private key is kept private and is known only by the
owner
• key may be shared with the intended users with whom the
owner wants to communicate

Types of Asymmetric IBM ICE (Innovation Centre for Education)
algorithms
• RSA
• Diffie-Hellman
• Elliptic Curve Cryptography
• El Gamal

Techniques for cryptography 1
• TLS and SSL

– SSL stands for Secure Sockets Layer. for establishing an encrypted
link between a server and a client—typically a web server (website)
and a browser; or a mail server and a mail client
– TLS stands for Transport Layer Security. TLS is a cryptographic protocol
that provides end-to-end communications security over networks and is widely used for internet
communications and online transactions.
• Secure Multipurpose Internet Mail Extensions

– Secure Multipurpose Internet Mail Extensions (S/MIME) is a
standard used for encrypting email. Signature data is contained by
S/MIME
• Secure Electronic Transaction
– Encryption for the numbers of the credit card that can be transmitted
over the internet is provided by SET or Secure Electronic
Transaction. MasterCard and Visa were the developers of SET

• Secure Shell
– SSH or Secure Shell which was originally used on the UNIX systems
is a tunneling protocol. SSH is now available for Windows as well.
– allows two computers to communicate and share the data over an
insecure network such as the internet. It is used to login to a remote
server to execute commands and data transfer from one machine to
another machine.
 Pretty Good Privacy
– PGP or Pretty Good Privacy is a system to encrypt the email. It was
in the 1990s that PGP was introduced and was considered to be a
very good system. Now-a-days, PGP is used widely for securing the
email
• HTTP Secure
– Hypertext Transport Protocol Secure is also known as Hypertext
Transport Protocol over SSL (HTTPS). It is the secure version of
HTTP. Hypertext Transport Protocol Secure is also the World
Wide Web’s language
• IP Security
– Encryption and authentication is provided by IP Security across
the internet. IPSec is becoming a standard for encrypting virtual
private network (VPN) channels and is built into IPv6
• Tunneling Protocols
– The sensitive information is contained in other packets and then sent
across the public network. The sensitive data which has been
received at the other end is stripped from the other packets
• Public Key Infrastructure
– The Public Key Infrastructure (PKI) is intended to offer a means
of providing security to messages and transactions on a grand
scale
Attacks on cryptographic IBM ICE (Innovation Centre for Education)
techniques
• Attacking the Key
– The Keys are attacked directly in this type of attack and the value of
a key is discovered. The keys can be the following:
• Key based encryption information
• Encrypted messages
• Passwords
• Attacking the Algorithm
– Not only the keys but the algorithms and the programming
instructions that are used for data encryption are at risk as well. An
algorithm might not be able to make a program secure if discovery
and correction of an error is not done by the developers of a program
• Intercepting the Transmission
– The attackers may over a period of time gain information
inadvertently about the systems of encryption that are used by an
organization due to the process of intercepting a transmission
Techniques of Code-breaking IBM ICE (Innovation Centre for Education)
• Frequency Analysis
– It is determined whether any patterns which are common exist
in frequency analysis by looking at blocks of an encrypted
message
• Algorithm Errors
– Unpredictable results are sometimes produced by complex
algorithms. The entire system of encryption can be compromised if
the results are discovered
• Exploiting Human Error
– One of the major reasons of occurrence of vulnerabilities is
human error. Someone can send an email in the unencrypted or
clear form even if an email is sent using a scheme of encryption

Cryptographic attacks IBM ICE (Innovation Centre for Education)
• Birthday Attack
– An attack which is targeted at a key is an example of a birthday attack.
This attack is just an attack on the results and not on the algorithm
itself.
• Weak Key Attack
– The premise that many common passwords are used by various
numbers of people is the basis on which weak key attacks are
based. The hash value resulting from the key will be very easy to
guess if the length of the key is short.
• Mathematical Attack
– These kinds of attacks are basically focused on the following things:
• The algorithm of encryption
• Any potential weakness area or the key mechanism

Cryptography – Cost Categories 1
• Exposure assessment: The security team of an

organization needs to assess the exposure effect due to the
release of organization’s sensitive information which is of
potential nature
• Account changes: Exposure of personally identifiable
information can require a company to transfer customers to
new accounts, which can trigger large administrative
charges for incidents involving thousands of customers
• Credit checks: A company responsible for a breach of
personally identifiable information may have to pay for
personal credit checks and thwart identity theft with ongoing
monitoring of credit for customers affected by the disclosure
of data

• Customer support: A data breach can trigger extensive
new demands on customer support staff responding to
phone calls, email and letters about the incident
• Competitive advantage: News of lost, stolen or breached
customer data may translate into success for the
competitors. It gives them the ammunition they need to
tarnish a company’s reputation and could result in a
customer migration to them
• Security of employees/customers: Exposure of personally
identifiable information can reveal home addresses of
employees and customers, which could lead to personal
harassment or possible physical harm. Obviously, lawsuits
are potential fallout due to data loss
Cryptography Cost benefits IBM ICE (Innovation Centre for Education)
• As the data which has been encrypted cannot be accessed

by the people who are unauthorized thus most of the
requirement for assessment is eliminated by encryption.
Thus if a loss takes place in an organization then only a
loss will pertain to the equipment which is lost and not an
organization’s intellectual property or its brand
• The unauthorized people are prevented from having an
access to the data as encryption eliminates all effects of
loss of information

Scenario based annual costs IBM ICE (Innovation Centre for Education)
• The annual costs are shown in two scenarios. They are:

– When encryption is used by an organization(Protected)
– When encryption is not used by an organization(Unprotected)
Cost element Cost range per Protected Unprotected

incident scenario scenario
(in INR) (in INR) (in INR)
For recovery (in 1.3 Lakhs – 6.3 64K 3.8 Lakhs

INR) Lakhs
For effect (in INR) 9.5 Lakhs – 65 0 14 Lakhs
Cr
Annual cost of 3.8 Lakhs – 1.6 Lakhs 19 Lakhs
every lost 2100 Cr +
incident (in
Scenario based annual costs IBM ICE (Innovation Centre for Education)
INR)

Data Classification IBM ICE (Innovation Centre for Education)
• Data at rest
– All data in computer storage while excluding data that is in a
network or temporarily residing in computer memory to be read or
updated is the data which is at rest
• Data in motion
– Data in Motion is the term used for data which is in the network and
moving. It is the process of the transfer of the data between all of the
versions of the original file, especially when data may be in
movement on the Internet
• Data in use
– “Data in Use” is all data not in a rest state and is being used in
processing, or stored for being processed (for example, in
resident memory, or swap, or processor cache or disk cache, etc.
Memory)

Protecting data at rest IBM ICE (Innovation Centre for Education)
• Data at Rest is an IT term referring to inactive data which

is stored physically in any digital form (e.g. databases, data
warehouses, spreadsheets, archives, tapes, off-site
backups, mobile devices etc.)
• Data at rest can be saved by following ways:
– Encrypting the entire contents of the storage media
– Encrypting the data that needs to be protected
– Enforcing strong keys/passwords
– Preventing the user from storing the password on the media

Protecting data in use IBM ICE (Innovation Centre for Education)
• Data in Use is an IT term referring to achieve data which is

stored in a non-persistent digital state typically computer
RAM, CPU caches or CPU registers
• Solutions to protect the data in use are:
– Encryption solutions protect sensitive data as it is accessed,
shared and stored beyond the traditional data center
– Several cryptographic tools, including secure multi-party computation
and homomorphic encryption, allow for the private computation of
data on untrusted systems
– Tokenization solutions to ensure the security of sensitive and
regulated data residing in databases and applications, throughout its
lifecycle

Protecting data in motion IBM ICE (Innovation Centre for Education)
• Data-in-motion is data being transmitted within a device or

between devices by any means or data-in-motion is
transmission of data via mobile media (e.g. flash drives,
portable hard drives, laptops, etc.)
• Solution to protect data in motion are:
– SSH Client/Server, SSL, VPN and SSL/VPN are effective in
securing data in motion
– Using encrypted connection or file encryption
– Using digital signature to ensure non-repudiation

Introduction to Operations Security IBM ICE (Innovation Centre for Education)
• Definition
– The process by which a user can deny the access of critical
information to potential adversaries (opponents) by identifying,
controlling and protecting the critical information is known as
the Operations Security Process.
• There are mainly fives principles of OPSEC:
– What data needs to be protected?
– Who wants the data about the organization?
– How is the organization’s data vulnerable to attacks?
– What is the risk associated with the data?
– How can the data be protected?

Benefits of Operations IBM ICE (Innovation Centre for Education)
Security
• Keeps confidential information secure
• Allows for secure exchange of information
• Allows an organization to ensure that they are meeting their
legal obligations
• Enhanced customer satisfaction that improves client
retention
• Consistency in the delivery of organization's service or
product
• Manages and minimizes risk exposure
• Builds a culture of security
• Protects the company, assets, shareholders and directors

Process of Operations Security IBM ICE (Innovation Centre for Education)
• Identification of critical information

• Analysis of threats
• Analysis of vulnerabilities
• Assessment of risk
• Application of appropriate countermeasures to mitigate the
risks

Types of IBM ICE (Innovation Centre for Education)
Assets
• Information assets
• Software assets
• Physical assets
• Services

Threat IBM ICE (Innovation Centre for Education)
Analysis
• Threat analysis is a procedure through which data
regarding a potential threat is collected and analyzed.
Threat is subjected to thorough and systematic examination
for identifying facts that are significant together with
deriving conclusions about whether excessive damage
could be realized through this threat
• Following determinations has to be made:
– Who would want to have this technology?
– Who would be benefited if the project is discredited?
– Who would like if something happens with the participants of
the project?
– Who would be benefited if the activities that are directed at the
project are corrupted?

Vulnerability IBM ICE (Innovation Centre for Education)
Analysis
• Vulnerabilities can be determined through analysis of the
operation of any project by the supporting and primary
team members working on it
• The target shall be viewed like an attacker
• The actions must be identified which can be used to derive
vital information by interpreting or piecing together other
data

Risk IBM ICE (Innovation Centre for Education)
Assessment
• This step is where a decision is made estimating the
potential effects of vulnerability on an operation/activity and
a cost-benefit analysis made of recommended correction
actions
• Following things are conducted during risk assessment:
– Determination of the information’s value
– Threat analysis
– Vulnerability determination of the information

Application of appropriate countermeasures to
mitigate the risks IBM ICE (Innovation Centre for Education)
• Avoidance of risk
• Transferring risks
• Mitigation of risks
• Deterring the risk
• Accepting the risks

Operations Security Techniques 1
• Policy for operational security

– The guidelines and the policies must be made clear about what
the operators can or cannot do
• Access control
– Access control means allowing the correct users in (those who are
authorized) and keeping the others out (those who are not
authorized)
• Authorization
– Authorization is a concept through which access is provided to
the users based on their access levels

• Dual control
– The same group must not be responsible for the network and
security controls
• Secure and verify
– Active attempts can be carried out by all the measures mentioned
above in order to detect a change which could have happened in
the network
• Automation
– Procedures and processes such as process of verification are
recommended generally to be automates. This is because of the
fact that details in log files and other processes which are similar
are overlooked by humans
Operations Security in personal life 1
• Personal life
– Thework-related and sensitive information must be kept away
from profile
– The location data, schedules and the plans must be kept secure
– The information and the names of friends, coworkers and members
of the family should be kept secure
• Posted data
– All the photos must be checked for reflective surfaces that
may indicate some critical information
– The file tags and filenames must be checked for critical information
• Passwords
– Uniqueness of the password must be there
– The passwords must be hard such that it is difficult to guess
– The passwords must not be given away or shared
• Settings and Privacy
– The access permissions should be set according to the sorted group
of friends
– Determine both the profile and search visibility
– Verify through other channels that a “friend request” was actually
from a friend
– The people who are not trustable at all must be added to the
group with the lowest accesses and permissions
• Security
– The anti-virus software must be kept updated
– The downloads, attachments and the links in e-mailsshould be
handled properly
– Third parties often use the ‘apps’ or plug-ins to get access to data.
The user should be aware of that
– Before entering sensitive data or logging in, the HTTPS must
be looked upon that indicates active security transmission
Operations Security cost vs.
benefit – Permanent
resources on
• Costs security team
for a particular
project
– Tool and
methodology
procurement
– Source
– Costs incurred
due to training
materials are
to be
purchased
• Benefits
– Operational
costs are reduced
– Capital expenses are avoided
– The efficiency of operations is increased
– Compliance is enhanced

Checkpoint (1 of 5) IBM ICE (Innovation Centre for Education)
1. Which mathematical process can be used to derive a

mathematical value?
– Symmetric
– Social engineering
– Hashing
– Asymmetric
2. An employee claims that he didn’t send a mail to the
competitors. However, it was deduced from the email logs
that the mail was sent to that particular id at a very late
hour of night. What is provided from these logs?
– Integrity
– Confidentiality
– Authentication
– Non-repudiation
Checkpoint Solutions (1 of IBM ICE (Innovation Centre for Education)
5)
1. Which mathematical process can be used to derive a
mathematical value?
– Symmetric
– Social engineering
– Hashing
– Asymmetric
2. An employee claims that he didn’t send a mail to the
competitors. However, it was deduced from the email logs
that the mail was sent to that particular id at a very late
hour of night. What is provided from these logs?
– Integrity
– Confidentiality
– Authentication
– Non-repudiation
3. In cryptography, what does MAC stands for?

– Media access control
– Mandatory access control
– Message authentication code
– Multiple advisory committees
4. Out of the following, which one is an attack against the
algorithm?
– Birthday attack
– Weak key attack
– Mathematical attack
– Registration attack

5)
3. In cryptography, what does MAC stands for?
4. Out of the following, which one is an attack against the
algorithm?
– Birthday attack
– Weak key attack
– Mathematical attack
– Registration attack

5. What does WEP stands for?

– Wi-Fi encrypted process
– Wi-Fi encrypted protection
– Wired Equivalent Protection
– Wired Equivalent Privacy
6. Which of the following is a Physical Asset?
– Database
– Router
– Application
– Data Communication

5)
5. What does WEP stands for?
– Wi-Fi encrypted process
– Wi-Fi encrypted protection
– Wired Equivalent Protection
– Wired Equivalent Privacy
6. Which of the following is a Physical Asset?
– Database
– Router
– Application

7. Which of the following is an Information Asset?

– Database
– Router
– Application
8. Which of the following is a Software Asset?
– Database
– Router
– Application

5)
7. Which of the following is an Information Asset?
– Database
– Router
– Application
8. Which of the following is a Software Asset?
– Database
– Router
– Application

9. What is MAC associated with access control?

10.Which of the following is data at rest?
– Data in RAM
– Data in hard disk
– Data in pen drive
– Data in network

5)
9. What is MAC associated with access control?
10.Which of the following is data at rest in a system?
– Data in RAM
– Data in hard disk
– Data in pen drive
– Data in network

Unit summary IBM ICE (Innovation Centre for Education)
Having completed this unit, you should be able to:

• Basic understanding of Cryptography and Operations
Security
• Conceptual clarity about Cryptography and Operations
Security
• Application of techniques and controls associated to
Cryptography and Operations Security

CSF011G02 - Cryptograpgy & Operations Security

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CSF011G02 - Cryptograpgy & Operations Security

Uploaded by

Copyright:

Available Formats

IBM ICE (Innovation Centre for

Unit objectives IBM ICE (Innovation Centre for Education)

Unit 2- Cryptography and Operations Security

After completing this unit, you should be able to:

© Copyright IBM Corporation 2015

• Cryptography is the art of concealing information

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• A method that may use a mathematical or other process

© Copyright IBM Corporation 2015

• A system of ciphering or a coding type which changes one

© Copyright IBM Corporation 2015

• The system in use is not a highly secured system

© Copyright IBM Corporation 2015

 Transposition Cipher is a cryptographic algorithm where the order

© Copyright IBM Corporation 2015

• Steganography is the process of hiding a message in any

© Copyright IBM Corporation 2015

• This is a system in which two or more methods of

© Copyright IBM Corporation 2015

• To use the processes which are mathematical in nature on

© Copyright IBM Corporation 2015

• Quantum cryptography is a comparatively new among the

© Copyright IBM Corporation 2015

• In quantum cryptography, a message is sent using a series

. © Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• To make sure that the confidentiality of the used information

© Copyright IBM Corporation 2015

• To give assurance that the message sent was

© Copyright IBM Corporation 2015

• A standard signature on a document and a digital

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• The systems that perform cryptography are secured from

© Copyright IBM Corporation 2015

• Encryption can protect communications and stored

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• The process of converting a message, or data, into a

© Copyright IBM Corporation 2015

• Secure Hash Algorithm

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• TLS and SSL

• Secure Multipurpose Internet Mail Extensions

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• Exposure assessment: The security team of an

© Copyright IBM Corporation 2015

• As the data which has been encrypted cannot be accessed

© Copyright IBM Corporation 2015

• The annual costs are shown in two scenarios. They are:

Cost element Cost range per Protected Unprotected

(in INR) (in INR) (in INR)

For recovery (in 1.3 Lakhs – 6.3 64K 3.8 Lakhs

© Copyright IBM Corporation 2015