Module 9.5- Encryption & Data Protection

Question 1

Encryption Fundamentals: Securing Sensitive Information

Answer 1

• at its core, encryption is the process of converting readable data (plaintext) into an unreadable format (ciphertext)
• this ensures that only authorised parties can access the information
• it’s like locking your data in a vault- only those with the right key can open it
• encryption works by using mathematical algorithms and keys to scramble data, making it inaccessible to anyone who doesn’t have the correct key to decrypt it
• this process protects your data from unauthorised access, even if it’s intercepted or stolen

Question 2

Symmetric Encryption

Answer 2

• in symmetric encryption, the same key is used for both encryption and decryption
• this means that both the sender and the receiver must have the same key
• symmetric encryption is fast and efficient, making it ideal for encrypting large amounts of data, and is often used for file encryption and securing data at rest e.g. on hard drives or cloud storage
• AES (Advanced Encryption Standard) is one of the most widely used symmetric encryption algorithms due to its high performance and security

Question 3

Asymmetric Encryption

Answer 3

• asymmetric encryption uses two different keys- a public key and a private key
• commonly used for secure communications e.g. sending encrypted emails or establishing SSL/TLS connections in web browsers
• RSA (Rivest-Shamir-Adleman) is a popular asymmetric algorithm, often used in digital signatures and secure key exchange

Question 4

When to use Symmetric & Asymmetric Encryption

Answer 4

• use symmetric encryption when speed is essential, like encrypting large files or data stored on servers
• use asymmetric encryption when secure communication or identity verification is necessary e.g. in digital certificates or sending sensitive information over the internet

Question 5

Common Encryption Algorithm

Answer 5

• AES (Advanced Encryption Standard)
• RSA (Rivest-Shamir-Adleman)
• ECC (Elliptic Curve Cryptography)

Question 6

AES

Answer 6

• AES is the go-to algorithm for symmetric encryption
• it’s highly secure, fast, and widely adopted across industries
• AES supports key sizes of 128, 192, or 256 bits, with AES-256 being the most secure
• often used for encrypting data in storage e.g. files, hard drives, cloud storage and for securing communications in VPNs (Virtual Private Networks)

Question 7

RSA

Answer 7

• RSA is one of the most commonly used algorithms for asymmetric encryption
• slower than AES but provides a secure method for encrypting small amounts of data, such as encryption keys or digital signatures
• frequently used in SSL/TLS certificates for securing websites and encrypting sensitive emails

Question 8

ECC

Answer 8

• another form of asymmetric encryption that provides the same level of security as RSA but with smaller key sizes
• this makes ECC faster and more efficient, especially in environments with limited resources, like mobile devices
• ECC is increasingly used in mobile encryption, securing blockchain transactions, and in loT (Internet of Things) devices where processing power and bandwidth are limited

Question 9

Applying Encryption in the Real World
(Emails)

Answer 9

• when sending sensitive information via email, encryption ensures that only the intended recipient can read the message
• PGP (Pretty Good Privacy) and S/MIME are commonly used email encryption standards
• these methods use asymmetric encryption to encrypt the email and symmetric encryption for the actual content
• e.g. if you’re sending personal details or confidential business information over email, encrypting the message ensures that even if someone intercepts it, they can’t read it without the decryption key

Question 10

Applying Encryption in the Real World
(VPNs)

Answer 10

• VPNs use encryption to secure all the data traveling between your device and the internet, protecting your online activities from eavesdroppers
• most VPNs use combination of AES for encryption and RSA for key exchange
• e.g. when working remotely or using public Wi-Fi, a VPN ensures that your internet traffic is encrypted, preventing hackers from intercepting sensitive data like passwords or credit card numbers

Question 11

Applying Encryption in the Real World
(File Storage)

Answer 11

• whether data is stored locally or in the cloud, encryption protects it from unauthorised access
• full disk encryption (like BitLocker on Windows or FileVault on macOS) ensures that even if someone steals your device, they won’t be able to access the files without the encryption key
• e.g. if you store sensitive client information or personal data on your laptop, full disk encryption keeps that data safe, even if the laptop is lost or stolen

Question 12

Applying Encryption in the Real World
(Secure Communications (SSL/TLS))

Answer 12

• when you visit a secure website (with “https” in the URL), your browser is using SSL/LS encryption to protect the data being exchanged between you and the website
• this ensures that sensitive data, like login credentials or payment information, is encrypted during transit
• e.g. when shopping online, SSL/TLS encryption ensures that your credit card information is encrypted before it’s transmitted to the retailer’s website
• by encrypting data at every stage, whether it’s being stored, transmitted, or processed, you can significantly reduce the risk of data breaches and unauthorised access

Question 13

Combining Encryption with Other Security Measures

Answer 13

• while encryption is a powerful tool, it’s even more effective when used in combination with other data protection strategies

Question 14

How does Encryption fit into a broader Security Framework?

Answer 14

• MFA- adding MFA to your systems ensures that even if encrypted data is somehow compromised, attackers still need an additional factor
• e.g. a fingerprint or SMS code, to access sensitive information; MA adds an extra layer of security to systems that use encryption
• Backups- regular backups are critical, but they should also be encrypted to protect sensitive data in case your backup storage is compromised
• this is especially important for businesses that store large amounts of customer data or intellectual property
• Access Control- encryption is most effective when combined with strict access control policies
• limiting who has access to encrypted data reduces the chances of insider threats or accidental exposure
• Regular Audits- conduct regular security audits to ensure that encryption standards are being followed and that data protection strategies are working as expected
• audits help identify gaps in your encryption policies and ensure compliance with regulatory standards

Question 15

Summary

Answer 15

• Encryption Fundamentals- encryption scrambles data so only authorised parties can access it
• symmetric encryption is fast and efficient for large data sets, while asymmetric encryption is ideal for secure communication
• Common Algorithms- AES, RSA, and ECC are widely used encryption algorithms, each with different strengths
• AES is used for high-speed data encryption, while RSA and ECC are common in secure communications
• Encryption Use Cases- encryption is used in emails, VPNs, file storage, and website security (SSL/TLS)
• each use case applies encryption to protect data in transit and at rest
• Data Protection Strategies- encryption is most effective when combined with other security measures like multi-factor authentication, regular backups, access control, and security audits