Post on 30-Dec-2015
SSD: Cryptography
Learning OutcomesAfter the scenario has been completed, you are expected to be able to:
Explain the relative strengths of encryption algorithms and the types of attack possibilities
Identify and justify the selection of appropriate encryption methods to secure stored sensitive
data
Explain good practices in relation to key management
Minimise the risk to an asset or product through the use of off-the-shelf encryption software
Explain the requirements for appropriate standards and practices
Global Company
70 Security Consultants
120,000 Employee
s
Regulatory Compliance
BusinessInformation
Systems
Information Technology
Legal
Information Security
FraudMarketing
and Branding
Telecommunication
Engineering
Accounts Finance
Wholesale Digital (Internet)
Retail in store
Telephone Sales
Company Hierarchy
EdgeWise Telecoms
200 million customers
Current Customers
Lewis
Chief Operating Officer
Mobile Applications
Mobile applications to support…
£50,000,000
Drive the Brand into New MarketsSales of ProductsCustomer
Account Enquiry
Your Role
Identifying Security Tasks
Risk Identification
Providing General Advice and Guidance
Standards Adherence
ISO/IEC 12207
Information Security Standards
ISO/IEC 27001
Why am I doing this quiz?
Quiz 1: The following quiz will test your knowledge of encryption and the related standards.
Quiz 1 Introduction
Quiz 1 Quiz
Click the Quiz button to edit this quiz
CEO Interview
Click here for Video Transcript
Quiz 2: The following quiz will test your continued knowledge on encryption and standards.
Why am I doing this quiz?
Quiz 2 Introduction
Quiz 2 Quiz
Click the Quiz button to edit this quiz
Sensitive Data
CCVPasswords and codes (secrets)
Bank account name
Bank account sort
codeBank
account number
Card number (PAN)
Text messages sent by the customer
5 30
20 6
12 16
160
Task
Your task is to write a 2,500 word paper, providing advice, guidance and alternative solutions for the developer to follow whilst creating their mobile
applications.
The identification of which information should be encrypted and why
The identification of which information must not be stored
An evaluation of the suitability of the chosen encryption algorithm for the task and where applicable, suggest an alternative
An explanation of the attacks that could be leveraged against various cryptographic algorithms
Task Continued
Your task is to write a paper, providing advice and guidance for the developer to follow while creating their mobile applications. (2500
words)
Identify the tasks required for the secure implementation of cryptography, including:
Key storageKey management (rotation, retirement).
Suggest alternatives to the developer writing the encryption routine (can this be done by an off the shelf product – for example Oracle or MS SQLServer – if so how?).
SummaryAfter the scenario has been completed, you are expected to be able to:
Explained the relative strengths of encryption algorithms and the types of attack possibilities
Identified and justified the selection of appropriate encryption methods to secure
stored sensitive data
Explained good practices in relation to key management
Minimised the risk to an asset or product through the use of off-the-shelf encryption
software
Explained the requirements for appropriate standards and practices