Cryptography is an essential toolkit for today's CISSP. It applies across all three components of the CIA model:

  • Confidentiality - Cryptology protects the confidentiality of data via encryption (both in transit and at rest)
  • Integrity - Cryptology supports the integrity of data via hashes and message digests (MDs) that insure the accuracy of the data
  • Availability- Cryptology is used heavily in the authentication arena via digital signatures, certificates and PKI used to verify the authenticity of the players.

Key concepts in Cryptology:

  • Non-repudiation: Undeniably asserting who did something (sent an email, was logged in, accessed a dataset, etc.)
  • Hashes are used for integrity checking not confidentiality protection
  • Digital Signatures are not scanned images of real signatures (thank you playing, Fox News)