Encryption and ISO27001

Computer/Internet/Software Articles
Submit Articles Back to Articles
What is encryption?
Encryption is a method of scrambling a message or other data so that is
cannot be read by an unauthorised person. Sadly it has become too easy to
intercept messages and use them for illegal purposes. Encryption protects that
data.
A simple encryption might be to use the alphabet in reverse:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Z Y X W V U T S R Q P O N M L K J I H G F E D C B A
'Please reply to this message' becomes KOVZHV IVKOB GL NVHHZV
Unfortunately this code would be broken very easily. A more secure system
would use the shift method where the table is used but each letter is shifted to
the right by 3 boxes.
'Please reply to this message' Now becomes SOSWVS FSHLE DI DPOE KSEEWQS. This
is better but relies on the person receiving the message knowing the key (what
method was used). This type of encryption would be broken in second by an
experienced cracker.
Modern computers rely on even more secure methods:
The first of these is the SYMMETRIC KEY where the sender and the receiver
know the key and the message is decrypted. Anyone else will see a jumble of
letters.
The second method is known as PUBLIC KEY, a typical system uses PGP (pretty
good privacy) and relies on a public key which is available in the message and a
private key which is know to only to the sender and the receiver. Again anyone
else will see gibberish.
The third method is known as DIGITAL CERTIFICATE where the certificate acts
as a middleman, checking the identity of both the sender and the receiver; if
both are genuine the certificate allows the message to be decrypted.
Additionally financial transactions use a secure system know as SSL (Secure
Sockets Layer) the user will notice that the usual http:// is replaced by
https:// and a small padlock is normally present on the web-site to show that
SSL is in use. Credit Card transactions use this very secure method of
encryption.
The Information Security Standard ISO27001 recommends the user of encryption
to protect data.
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an
established independent management consultancy based in Essex, UK which
specialises in
ISO27001
Information Security Management consultancy.
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2008-04-19 14:54:52 in Computer Articles