Cryptography in information security

von Désirée Eder

For many laypeople in information security, the term cryptography is exactly one thing: namely, cryptic. Very few people know what to do with the term immediately, let alone why this term is central in the context of information security and data protection. In the following, the basics of cryptography are to be presented briefly and clearly, even for laypeople.

What is cryptography?

In IT security, cryptography is an essential component in ensuring the confidentiality of information both when it is transmitted and when it is stored. The word has its origin in Greek and means something like “secret writing”. Encryption is also used colloquially. This is due to the fact that information is falsified with the help of a certain procedure in such a way that it can only be deciphered again with a key.

Why is cryptography used in information security?

Information is kept secret using cryptography. The objectives pursued are in information security: Confidentiality, i.e. only authorized persons should be able to read the information. Integrity, i.e. Unauthorized persons should not be able to change information. Authenticity, i.e. the author of the information should be clearly identifiable as such.

Proper use of cryptography

A cryptographic method should be selected depending on the protection requirements of information and communication channels.

When choosing the right cryptography method, it is important that it is appropriate in terms of protection requirements. If processes and tools that are too complex are selected in everyday work, there is a risk that users will take the easier route and not even use them.

Before introducing encryption, companies should develop a cryptography concept in which they regulate their requirements, applications and responsibilities with regard to encryption.

U.a. it should include effective key management. It must be clarified how cryptographic keys are stored and how they are protected against attack and loss, and who monitors the key runtime. The archiving of expired keys must not be forgotten either.

Dangers when using cryptography

Under no circumstances should cryptography be introduced rashly. It is essential in advance to clarify responsibilities and regulate all aspects in a corresponding cryptography concept. In the worst case, data is irretrievably lost, for example for the banal reason because the key was not stored correctly. Such cases can be avoided by careful planning.

By the way: not every country allows cryptography in all forms. As an international company, you are well advised to find out about the legal regulations in your country in advance!

We are happy to support you in all matters relating to information security and data protection in your company. Just talk to us! Use our contact form or give us a call on 08505 91927-0.

assets/images/0/k-Desiree-Eder-8be89466.jpg
Désirée Eder

Die Diplomjuristin Désirée Eder studierte Rechtswissenschaften an der Universität Passau und war mehrere Jahre in Berlin in einem landeseigenen Unternehmen für Immobilienprojekte als Projektmanagerin Recht und Datenschutzbeauftragte tätig. Désirée Eder bereichert das Team nicht nur mit ihrem juristischen Know-How sondern ist auch im Bereich der Organisation und Dokumentation, sowie im Rahmen der immer wichtiger werdenden DIN-ISO Normen und für Zertifizierungsprozesse erste Ansprechpartnerin. „Für das Wohl unserer Kunden sind mir offene Kommunikation sowie eine strukturierte, effiziente und gründliche Arbeitsweise wichtig.“

Schlagworte: IT security