Describe the key differences between symmetric and asymmetric encryption technologies.
Question 1
Application of information security standards and policies can be better defined in industries and organizations that must comply with specific regulations. As more industries become regulated, and as the regulations themselves become more standardized into common practice, this puts pressure on nonregulated industries to conform their practices too. Legal theory in the United States is heavily tilted towards establishing what is “reasonable,” making the practice of all organizations best aligned in common practice where possible.
Use the study materials and engage in any additional research needed to fill in knowledge gaps. Then discuss the following:
Describe the relationship between information security standards organizations and the creation of internal information security policy within private sector organizations.
Identify how the adoption of standard and the creation of policy must be adopted within the context of the core business goals and objectives of an organization.
Explain how the information security professional can ensure that there is adequate consideration and approval for diverging from common practice in situations where that is necessary.
Must be 400 words
Question 2
Regulatory Environment Surrounding Encryption
Regulatory Environment Surrounding Encryption
Governments all over the world, including the U.S. government, have concerns about the use of encryption. This concern manifests itself in a range of regulatory challenges to the technology that limit or restrict its use. The concerns, and therefore the regulations, differ from nation to nation. One example of this comes from the early years of encryption in the United States. Diffie-Hellman and the guys at RSA came up with the mathematical foundations for today’s symmetric encryption solutions in the late 1970s. The NSA tried to block this research from being published because they felt it was a threat to their oversight of security matters. In the meantime, the barriers to research and the patent laws that favored offshore development caused a number of researchers in foreign countries to put their attention to potential technologies. Among those were PGP, or pretty good privacy. By the early 1990s the United States Congress, at the behest of the NSA and other intelligence agencies, were casting about for regulations that could restrict the impact of encryption, including a requirement that anyone manufacturing an encryption-based technology create a backdoor into their solutions or engage in ‘key escrow’ where the keys to an encryption algorithm would be held by a neutral third party. This controversy and the reaction to it is comparable to the more recent fight over the SOPA (Stop Online Piracy Act) rules, over which Internet providers and users pushed back at Congress.
Use the study materials and engage in any additional research needed to fill in knowledge gaps. Discuss the following:
Explain how society can balance the need to be able to investigate wrongdoing with the important and beneficial aspects of encryption as a security tool.
Evaluate the legal/regulatory impact for a multinational organization doing business in China, India, Ireland, and the United States that would like to implement IPSec as a component of a move to IPv6.
Describe the key differences between symmetric and asymmetric encryption technologies.
Must be 400 words
