Which of the following statements is true about data encryption as a method of protecting data?
A.
It should sometimes be used for password files
B.
It is usually easily administered
C.
It makes few demands on system resources
D.
It requires careful key Management
Explanation:
“Cryptography can be used as a security mechanism to provide confidentiality, integrity, and
authentication, but not if the keys are compromised in any way. The keys can be captured, modified,
corrupted, or disclosed to unauthorized individuals. Cryptography is based on a trust mode.
Individuals trust each other to protect their own keys, they trust the administrator who is
maintaining the keys, and they trust a server that holds, maintains and distributes the keys. Many
administrators know that key management causes one of the biggest headaches in cryptographic
implementation. There is more to key maintenance than using them to encrypt messages. The keys
have to be distributed securely to the right entities and updated continuously. The keys need to be
protected as they are being transmitted and while they are being stored on each workstation and
server. The keys need to be generated, destroyed, and recovered properly, Key management can be
handled through manual or automatic processes. Unfortunately, many companies use cryptographic
keys, but rarely if ever change them. This is because of the hassle of key management and because
the network administrator is already overtaxed with other tasks or does not realize the task actually
needs to take place. The frequency of use of a cryptographic key can have a direct correlation to
often the key should be changed. The more a key is used, the more likely it is to be captured and
compromised. If a key is used infrequently, then this risk drops dramatically. The necessary level of
security and the frequency of use can dictate the frequency of the key updates. Key management is
the most challenging part of cryptography and also the most crucial. It is one thing to develop a very
complicated and complex algorithm and key method, but if the keys are not securely stored and
transmitted, it does not really matter how strong the algorithm is. Keeping keys secret is a
challenging task.” Pg 512-513 Shon Harris CISSP Certification All-In-One Exam Guide