SCHOOL OF COMMERCE

BACHELOR OF APPLIED ACCOUNTING: AUDIT AND

INFORMATION SYSTEMS
INFORMATION INFRASTRUCTURE PROTECTION
(IPF400)
ASSIGNMENT 2
LECTURER: MR. W PHIRI
STUDENT EXAMINATION NUMBER:

NY 0215

SUBMISSION DATE: 23 NOVEMBER2015

TO DISCUSS ENCRYPTION AS AN INFORMATION SECURITY TOOL
Introduction
Organisations and even individuals, rely on computers to create, store, and manage critical information. It is important that
organizations and individuals must ensure that sensitive data and information is secure because a good amount of such
information is critical to their sustained existence and growth and even processing capability.
Confidential information that organizations own is exposed to computer security risk of information theft, both over the
companys network and on the internet. Information theft occurs when someone steals personal or confidential information.
Both business and individual users can fall victim to information theft. An unethical company executive may steal or buy
stolen information to learn about a competitor. A corrupt individual may steal credit card numbers to make fraudulent
purchases. Information transmitted over networks offers a higher degree of risk because unscrupulous users can intercept it
during transmission.
The importance of information and data security is such vital and does not need to be emphasised. Furthermore, data
security will ensure confidentiality, integrity, and availability of business data.
To protect information on the Internet and networks, organizations and individuals use a variety of encryption techniques.
Encryption
Encryption is an important and popular methodology for enforcing information security, which is itself an element of
cryptography. Cryptography provides a secret communication mechanism between two or more parties.
According to Gary B. Shelly & Misty E. Vermaat; Discovering Computers 2011, Encryption is a process of converting readable
data into unreadable characters to prevent unauthorized access.
Encrypted data is treated just like any other data. That is, you can store it or send it in an e-mail message. To read the data,
the recipient must decrypt, or decipher, it into a readable form. In the encryption process, the unencrypted, readable data is

called plaintext. The encrypted (scrambled) data is called cipher text. An encryption algorithm, or cipher, is a set of steps that
can convert readable plaintext into unreadable cipher text.
Encryption programs typically use more than one encryption algorithm, along with an encryption key.
Encryption Key
An encryption key is a set of characters that the originator of the data uses to encrypt the plaintext and the recipient of the
data uses to decrypt the cipher text. Two basic types of encryption are private key and public key.
Private Key Encryption
Private Key Encryption is also called symmetric key encryption. The same secret key is used by both the originator and the
recipient to encrypt and decrypt the data.
Public Key Encryption
Public Key Encryption is also called asymmetric key encryption. It uses two encryption keys: a public key and a private key.
Public key encryption software generates both the private key and the public key. A message encrypted with a public key can
be decrypted only with the corresponding private key, and vice versa. The public key is made known to message originators
and recipients. For example, public keys may be posted on a secure Web page or a public-key server, or they may be emailed. The private key must always be kept confidential. Usually extremely efficient, requiring simple processing to encrypt
or decrypt the message
Main challenge is getting a copy of the key to the receiver, a process that must be conducted out-of-band to avoid
interception
There is also a third encryption key called a Hybrid key.
Hybrid Key Encryption
Hybrid Key Encryption is a combination of symmetric and asymmetric encryption keys. For key distribution, symmetric is used
and when encrypting and decrypting the message, asymmetric is used.

Digital signature and Digital certificate

Some operating systems and e-mail programs allow you to encrypt the contents of files and messages that are stored on your
computer.
A digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to
verify the identity of the message sender. The code usually consists of the users name and a hash of all or part of the
message.
A hash is a mathematical formula that generates a code from the contents of the message. Thus, the hash differs for each
message. Receivers of the message decrypt the digital signature. The recipient generates a new hash of the received
message and compares it with one in the digital signature to ensure they match. Digital signatures often are used to ensure
that an impostor is not participating in an Internet transaction. That is, digital signatures help to prevent e-mail forgery. A
digital signature also can verify that the content of a message has not changed.
Digital Certificates
A digital certificate is a notice that guarantees a user or a Web site is legitimate. E-commerce applications commonly use
digital certificates. Web browsers, such as Internet Explorer, often display a warning message if a Web site does not have a
valid digital certificate.
A certificate authority (CA) is an authorized person or a company that issues and verifies digital certificates. Users apply for a
digital certificate from a Certificate Authority. A digital certificate typically contains information such as the users name, the
issuing CAs name and signature, and the serial number of the certificate. The information in a digital certificate is encrypted.
Conclusion
Encryption as an information security tool has been of invaluable success on the confidentiality and integrity fronts. Data
encryption has proved to be effective mechanism for enforcing information confidentiality .Whereas on the availability front,
it is known for delays on some occasions.
Encryption can also perform non-repudiation and can be used to identify individuals who have digital ID cards that include
encrypted codes.

Encryption as discussed above and as an element of cryptography is a methodology for achieving information security,
through secretive communications. Therefore, encryption is an information security tool.
REFERENCES: