Font Size

Encryption and ISO27001

 By

Chris Eden - Quality Matters Limited

Computer/Internet/Software Articles
Submit Articles   Back to Articles

What is encryption?

Encryption is a method of scrambling a message or other data so that is cannot be read by an unauthorised person. Sadly it has become too easy to intercept messages and use them for illegal purposes. Encryption protects that data.

A simple encryption might be to use the alphabet in reverse:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Z Y X W V U T S R Q P O N M L K J I H G F E D C B A

'Please reply to this message' becomes KOVZHV IVKOB GL NVHHZV

Unfortunately this code would be broken very easily. A more secure system would use the shift method where the table is used but each letter is shifted to the right by 3 boxes.

'Please reply to this message' Now becomes SOSWVS FSHLE DI DPOE KSEEWQS. This is better but relies on the person receiving the message knowing the key (what method was used). This type of encryption would be broken in second by an experienced cracker.

Modern computers rely on even more secure methods:

The first of these is the SYMMETRIC KEY where the sender and the receiver know the key and the message is decrypted. Anyone else will see a jumble of letters.

The second method is known as PUBLIC KEY, a typical system uses PGP (pretty good privacy) and relies on a public key which is available in the message and a private key which is know to only to the sender and the receiver. Again anyone else will see gibberish.

The third method is known as DIGITAL CERTIFICATE where the certificate acts as a middleman, checking the identity of both the sender and the receiver; if both are genuine the certificate allows the message to be decrypted.

Additionally financial transactions use a secure system know as SSL (Secure Sockets Layer) the user will notice that the usual http:// is replaced by https:// and a small padlock is normally present on the web-site to show that SSL is in use. Credit Card transactions use this very secure method of encryption.

The Information Security Standard ISO27001 recommends the user of encryption to protect data.


About the Author

Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an established independent management consultancy based in Essex, UK which specialises in ISO27001 Information Security Management consultancy.



Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2008-04-19 14:54:52 in Computer Articles

All Articles