The main idea of cryptography is that a group of people can use private knowledge to keep written messages secret from everyone else.

The original message sent is called PLAINTEXT. The message encrypted is called the CIPHERTEXT . In both encryption and decryption process, we need a KEY to be incorporated into the process.
What is KEY?

Your own door lock is mass-produced by a company. The point is that you own a key which is different from the others who also own a door lock from the same company (the same model). Therefore, even though the mechanism to build the door lock and the internal structure of the door lock is well known to the others, your own house is secured for you own the door lock with the specific key combination design in it that only you in the World who owns the particular key can open it (theoretically !).

This is the security concept that Leon Battista Alberti, the famous Italian Renaissance architect, brought to cryptography in 1466 where he invented the cryptographic key. Everyone can have the same brand lock but with different key.

KEY solves the problem of moving in and out of a private group. If Tom and May share a key, they want to let Philip to join their conversation, they can simply pass the key to him. If later on, they find Philip is un-trustworthy, they can simply change the key without telling Philip and Philip would be immediately out of the subsequent conversation.

Technorati Tags: Cryptographic Key, Information Security

Availability is a complete different concern from Confidentiality and Integrity. It focuses on the data’s availability when a user needs it. Its aim is easy to understand but the measures to achieve availability could be very costly.

Since the September 11th attack, organizations tend to pay more effort and investment in maintaining the continuation of the business operation after unexpected incidents. It is now commonly named as Business Continuity Planning (BCP). BCP is not only about the Availability of the information system (what we used to name it as Diaster Recovery Planning) but also the ability to keep the whole business operation run without interruption.

In information system management, to achieve Availability requires an organization to impose security measures like redundant IT infrastructure, proper information backup, data protection policy and many Internet security defenses particularly to fight against the Denial of Service (DOS) Attack and Distributed Denial of Service (DDOS)Attack, etc.

The measures of redundant infrastructure could be particularly costly if it involves the setup of a ‘warm site’ -  the site with complete duplicated IT installations ready to be put into operation once the main site is in jeopardy.Technorati Tags: Information System Availability, Information Security

When people talk about information security or computer security, they usually refer to Confidentiality.

In deed, the origin of information security comes from the need of this in military and polictical area. Countries worry about their confidential information leaks to emeny countries. That threatens their security and standing positions in the World.

If you are new to security history, read the book by Simon Singh called “The Code book -Science of Secrecy from Ancient Egypt to Quantum Cryptography“

Technorati Tags: information security, computer security, Confidentiality