Part 2: Information Protection at Large
Cryptographic algorithms protect data at rest and during transit to some degree. By encrypting data, you are assuring that only authorized individuals or systems can read the data. Similarly by using integrity techniques such as hashing and message authentication code you are assuring no unauthorized person had made changes. In other words, you can think of cryptography as a means of access control. Cryptography alone is not sufficient for complete data protection. For example, a person can walk into your computer room and physically destroy your data in your disk and other storage medium. Your computer room can be destroyed by fire or flood. Cryptography certainly does not address availability concerns. An insider can log into your computer systems and delete files or a row of data in your database. So, you need physical security; you need authentication and authorization controls in both hard and soft forms. The questions for this second part of the conference then: What methods/facilities are available to secure data in today’s systems? Have these methods proved to be adequate? So, this second part of this conference is to go beyond cryptographic techniques and think of other forms of protection information security needs.
You are encouraged to conduct research on your own and consult reputable sources.
Post your concise answers (in your own words) one for Part 1 and one or Part 2. as a reply to this conference topic. Don’t forget to list your sources. Also, respond in a few sentences to at least two of your colleagues’ responses either for Part 1 or Part 2 or both.