Encryption, however, is only one part of Information Security. The hallmarks of Information Security are Confidentiality, Integrity and Authenticity (some also say Availability). Encryption falls into the Confidentiality category – making sure that the information being transmitted stays private. Integrity means that the message itself hasn’t been altered in any way during the communication. Things like hashes and message digest ensure the communication stays intact. And Authenticity &/or Availability. Authenticity is the verification process that ensures all participants ‘are who they say they are’ and the guarantee that all parties are real. Authenticity is usually achieved with the use of digital certificates. Availability of the data, sort of speaks for itself :-)
There are many opinions & challenges when considering end-to-end encryption & I wasn’t necessarily commenting on the blogs mentioned but they did get me thinking about the basic pillars of Information Security.
- Credit Card Processors Launch A New Strategy To Defeat Theft
- Security breach cost Heartland $12.6 million so far
- Beware Using Internal Encryption as an IT Security Blanket
- PCI Standard or Not, Encrypting Internal PCI Network Traffic is a Good Thing