11.2. GOAL OF CRYPTOGRAPHIC CONTROLS
The goal of cryptographic controls is to reasonably ensure the confidentiality, integrity, and authenticity of electronic information being transmitted, while providing nonrepudiation by the sender. Encryption, coupled with hashing and digital signatures, has become the most commonly accepted solution to ensure reasonably secure electronic transmissions of information, especially with the need for electronic commerce transactions. Encryption, hashing, and digital signatures can each be thought of as one of three legs supporting a secure electronic message (see Exhibit 11.1). If any of the legs fails, the message is no longer fully secured.
Secure Electronic Messages
|
Encryption helps ensure the confidentiality of the information being transmitted. Confidentiality is achieved when only the intended recipients of transmitted information can read it. Encryption is also used to protect data stored on electronic media such as disk storage devices, magnetic tapes, and diskettes.
Hashing helps ensure message integrity. Integrity is achieved when the transmitted information has not been altered, other information has not been added to the transmission, and information has not been deleted from the transmission.
Digital signatures help ensure the authenticity of electronic transmissions and helps ensure nonrepudiation of the transmissions by their ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
