Information theft and cryptographic attacks

When sensitive information is transmitted outside of trusted systems, it should be encrypted to preserve confidentiality. Few consumers would want their credit card information transmitted through the Internet as plain text. Even when data is stored on an organization's own devices, it is sometimes encrypted to prevent information theft. Several high-profile laptop thefts have raised awareness about the dangers of storing large quantities of personally identifying information on mobile devices.

Even when encryption is used, threats to confidentiality still exist. Two such threats are cryptographic attacks, or attempts to break the encryption code, and the loss of a private key in a public key cryptography system. The best method for countering cryptographic attacks is to use strong cryptography and properly manage the private key. Strong cryptography is based on sound encryption algorithms and long keys. For example, the Advanced Encryption Standard (AES), adopted as a standard by the U.S. government, can use 256-bit keys. Although in theory, a brute force search of all possible keys could be used to break this encryption, the time required to conduct such a search is so long as to be impractical. Of course, anyone in possession of the private key can decrypt even the most strongly encrypted message. It is imperative that private keys be securely distributed and stored to ensure that security is not compromised.

An important factor in the use of cryptography is that information should be encrypted only as long as that information is useful or not publicly available. Documents detailing a merger negotiation would be kept confidential during the negotiations, but once the deal is finalized and announced, the contents of those documents are far less valuable.

How to Assess and Mitigate Information Security Threats
  Introduction
  Malware: The ever-evolving threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

BROWSE BY TAG Enterprise Data Protection,   Identity Theft and Data Security Breaches,   Application and Platform Security,   Database Security Management,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Chip and PIN adoption serves lesson for U.S. payment industry Group to shed light on secure identity management threats Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection University data breach exposes 163,000 women to identity theft TJX thrives following breach, bucks sour economy Database Security Management What is the best database patch management process? Unpatched vulnerability discovered in Microsoft SQL Server SQL injection continues to trouble firms, lead to breaches Oracle issues quarterly patches, fixes database flaws Database monitoring, encryption vital in tight economy, Forrester says Oracle to buy Sun Microsystems for $7.4 billion Oracle issues 43 updates, fixes serious database flaws Imperva assigns security risk levels to databases How to create configuration management plans to install DLP Information security book excerpts and reviews Database Security Management Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary