SSD: Cryptography. Learning Outcomes After the scenario has been completed, you are expected to be able to: Explain the relative strengths of encryption.

Slides:

Advertisements

Similar presentations

BUSINESS PLAN Project Brief: Facilitating general public to have Cash-in-hand by converting mobile phone credit to cash. And transfering the credit to.

Advertisements

An Introduction to professional services. The professional services The professional services support businesses of all sizes across the economy, providing.

Chapter 1 Business Driven Technology

Lesson 1: Introduction to IT Business and Careers

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Security and Personnel

Electronic payment Methods: Defined: It is alternative payment mechanism for electronic transactions instead of traditional payment methods like cheque,cash,

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Security Controls – What Works

Chapter 1 INTRODUCTION TO ACCOUNTING INFORMATION SYSTEMS

WHAT… Myrket is a B2B online advertising agency focused on e-marketing services; Main Services: e-marketing strategies; website development; search engine.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

ICAICT202A - Work and communicate effectively in an IT environment

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

SOFTWARE SOLUTIONS INC. Financial Technology Outsourcing.

By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.

Systems Analysis and Design in a Changing World, 6th Edition

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

SecureAware Building an Information Security Management System.

Smart Card Application. Smart-card is a plastic card, the size of a standard credit card, with one or several integrated circuits (chips) capable to store.

Principles of Information Systems Eighth Edition

Company LOGO Computer Security and Forensics By Kim Cassinelli, Eriko Yamaguce and Stefan Schuebel.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Presentation Path  Introduction to Ved Consultancy and OpenText  Current Challenges  The Valued Customers and Sectors  Our Solutions  Demo. Together,

SME Security. Articulate the major security risks and legal compliance issues for an SME.Explain and justify approaches of investment on InfoSec controls,

Encryption and Security Dylan Anderson Michael Huffman Julie Rothacher Dylan Anderson Michael Huffman Julie Rothacher.

3.06 Data Encryption Unit 3 Internet Basics. Introduction In May of 2006, an analyst with the U.S. Department of Veterans Affairs was robbed of his notebook.

SPAM Settings. The ExchangeDefender Admin Site is a powerful tool that gives you access to all of the benefits ExchangeDefender has to offer, from the.

Information Systems Security

FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.

TransArmorSM A Secure Transaction ManagementSM Solution

1- 1 Irwin/McGraw-Hill © The McGraw-Hill Companies, Inc., 1998 James A. O'Brien Fourth Edition Management Information Systems Managing Information Technology.

OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.

Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Forensics Jeff Wang Code Mentor: John Zhu (IT Support)

Presented By: Luis (Lead) Sonal Aniruddha Manjil.

Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.

Risks and Protection. What are the risks of shopping online? Spend 2 minutes identifying risks associated with shopping online card details could be stolen.

Adopt a large-scale Organisation – Research activity Westpac.

BIS 320 Academic professor/tutorialrank.com For more course Tutorials

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Policies and Security for Internet Access

Security risks in a network. Remote access  When you connect a computer to a network it is visible to all other computers on the network. When you connect.

Strathclyde Business School MBA Course Presentation on Careers & How to Get a Job By Peter Hardy of PSD.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Principles of Information Systems Eighth Edition Chapter 1 An Introduction to Information Systems.

Computer Security Course Syllabus 1 Computer Security Lecturer : H.Ben Othmen.

LOGO OF COMPANY Developing Partnerships between hungarian SME & french firms and investors IT Services and Consulting.

CompTIA Security+ Certification Exam SY COMPTIA SECURITY+SY0-401 Q&A is a straight forward,efficient,and effective method of preparing for the new.

PV204 Security technologies Team projects Petr Švenda Faculty of Informatics, Masaryk University, Brno, CZ | PV204 - Security technologies.

FIN 419 HELP Learn by Doing / fin419help.com. FIN 419 HELP Learn by Doing FIN 419 Entire Course FOR MORE CLASSES VISIT FIN 419 Week.

Lecturer – Md Shahedur Rahman Chapter – 3 (Three) Part 2 Buyer Behaviors.

On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically.

Articulate the major security risks and legal compliance issues for a Fire and Rescue Service. Identify and justify technical controls for securing remote.

Database Encryption Market to Global Analysis and Forecasts by Types, End User and Deployment Type No of Pages: 150 Publishing Date: Jan 2017 Single.

Database Encryption Market to Global Analysis and Forecasts by Types, End User and Deployment Type No of Pages: 150 Publishing Date: Feb 2017 Single.

Internal Control Principles

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.

Wirepayer INNOVATE, PARTNER, DELIVER

Information Security based on International Standard ISO 27001

APPLE TWO STEP VERIFICATION CHANGE PHONE NUMBER Please read the following presentation on any help on Apple two step verification change phone number.

BIS 320 NERD Education for Service-- bis320nerd.com.

SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Presentation transcript:

SSD: Cryptography

Learning Outcomes After the scenario has been completed, you are expected to be able to: Explain the relative strengths of encryption algorithms and the types of attack possibilities Identify and justify the selection of appropriate encryption methods to secure stored sensitive data Explain good practices in relation to key management Minimise the risk to an asset or product through the use of off-the-shelf encryption software Explain the requirements for appropriate standards and practices

Global Company 70 Security Consultants 120,000 Employees

Regulatory Compliance Business Information Systems Information Technology Legal Information Security Fraud Marketing and Branding Telecommunication Engineering Accounts Finance Wholesale Digital (Internet) Retail in store Telephone Sales Company Hierarchy EdgeWise Telecoms

200 million customers Current Customers

Mobile Applications Mobile applications to support… £50,000,000 Drive the Brand into New Markets Sales of Products Customer Account Enquiry

Your Role Identifying Security Tasks Risk Identification Providing General Advice and Guidance Standards Adherence

Information Security Standards

Why am I doing this quiz? Quiz 1: The following quiz will test your knowledge of encryption and the related standards. Quiz 1 Introduction

Quiz 1 Quiz Click the Quiz button to edit this quiz

CEO Interview

Quiz 2: The following quiz will test your continued knowledge on encryption and standards. Why am I doing this quiz? Quiz 2 Introduction

Quiz 2 Quiz Click the Quiz button to edit this quiz

Sensitive Data CCV Passwords and codes (secrets) Bank account name Bank account sort code Bank account number Card number (PAN) Text messages sent by the customer

Task Your task is to write a 2,500 word paper, providing advice, guidance and alternative solutions for the developer to follow whilst creating their mobile applications. The identification of which information should be encrypted and why The identification of which information must not be stored An evaluation of the suitability of the chosen encryption algorithm for the task and where applicable, suggest an alternative An explanation of the attacks that could be leveraged against various cryptographic algorithms

Task Continued Your task is to write a paper, providing advice and guidance for the developer to follow while creating their mobile applications. (2500 words) Identify the tasks required for the secure implementation of cryptography, including: Key storage Key management (rotation, retirement). Suggest alternatives to the developer writing the encryption routine (can this be done by an off the shelf product – for example Oracle or MS SQLServer – if so how?).

Summary After the scenario has been completed, you are expected to be able to: Explained the relative strengths of encryption algorithms and the types of attack possibilities Identified and justified the selection of appropriate encryption methods to secure stored sensitive data Explained good practices in relation to key management Minimised the risk to an asset or product through the use of off-the-shelf encryption software Explained the requirements for appropriate standards and practices