|
Security and risk are two terms that are frequently used interchangeably. Just remember; a risk does not automatically imply a security threat (a power outage is a risk, but not necessarily a security threat). However, a security threat does imply a risk.
Encryption and Decryption
- Encryption is used to provide confidentiality for data.
- Encrypted data is termed “ciphertext”.
- Ciphertext is transformed back into data using decryption.
- The mathematical process of encryption is an algorithm.
- Many common algorithms operate on blocks (chunks) of data during an encryption or decryption operation. For this reason, these algorithms are commonly referred to as block cipher algorithms.
- Data is encrypted using an algorithm in conjunction with a key, also known as a certificate.
- The key is a number.
- Data can be recovered from ciphertext only by using the same key that was used to encrypt the data.
- Unauthorized recipients of the ciphertext who know the cryptographic algorithm, but do not have the correct key, should not be able to decrypt the ciphertext.
- However, anyone who has the key and the cryptographic algorithm can easily decrypt the ciphertext and obtain the original data.
Although much has been written on this subject, a great place to start is the RSA Laboratories whitepaper "Frequently Asked Questions About Today's Cryptography".
Absolute Security
Sorry, but there is no such thing. A more practical approach is by the 80/20 rule. It is like locking your car at night. It will cause the casual opportunist to move on. Use a steering lock and it will stop the amateur thief. Install a car alarm and it will stop all but the skilled and dedicated criminals (who usually are neither). Include a tracking system, for example Lo-Jack, and you stand a good chance of recovering your vehicle after a successful theft.
There are some fundamental steps that all companies, from sole proprietor up, should have at least considered as the beginning of security strategy. A proactive approach now will reduce the impact of a violation.
Don’t let the word “strategy” put you off. As soon as you install a virus checker (and if you haven’t done that, stop reading and go do it now! Anything is better than nothing but if you pick one of the big names, Symantec, McAfee, etc. you won’t go far wrong), you have started planning your security strategy.
The categories listed on the Basics page are your starting point. If this is the first time you have been to this site, we highly recommend you scan through the sections and ensure you have hit the main points. These sections are not meant to be exhaustive, and they are dealt with in other areas in much greater detail, but if you are looking to start somewhere, this will give you an idea of what you should be considering.
Once you have scanned these sections, and you still have questions, use the links to take you to pages with more information. If you still have unanswered questions, and you know your business better than anyone, talk to a security consultant. Obviously we hope it will be C3SC, but do call someone.
Firewalls
A firewall separates one portion of a network from another and allows only authorized network traffic to pass through. A firewall typically separates the local private network from the Internet. Some firewalls examine the traffic that flows in and possibly out of the network to make sure it is legitimate. Firewalls hide the identities of computers within your private network to make it harder for criminal hackers to target individual computers. Firewalls can be combined with other devices to reduce the resource requirements.
|