Types of Cryptography

         No matter what efforts an organization may make to provide the best security possible, and all of the technologies and tools they might invest in, there are always security risks involved. Risk management is the process of identifying, assessing, and prioritizing the security risks an organization may face. As a result of this process, organizations may decide to accept the risks, try to mitigate or prevent those risks by investing in security protections, or share the security risks with another organization, for example by buying insurance. Organizations can refer to different standards for risk management that are available from organizations like the Project Management Institute, the National Institute of Science and Technology, and the International Standards Organization.

Most medium to large organizations today have security policies, which describe what the general security guidelines are for an organization. Security policies tend to be for internal use. The policies include a number of security procedures, which are specific statements describing how to implement the security policies. For example, a security policy could be “All users must change their passwords every two months.” One of its related security procedures could then describe steps to be taken to change one's password. Another procedure could involve an automated system to force users to change their password every two months, while an additional one could include actions that should happen if a user attempts to enter an unacceptable (not strong) password. A security policy should have clear goals and objectives, a detailed list of security policies and procedures, and also a list of actions for the enforcement of procedures.

         There are two main types of cryptographic system used today: asymmetric or symmetric. This is based on whether the same key is issued to encrypt and decrypt the data or not. In asymmetric encryption, two keys are used. The public key is used to encrypt messages. It is sent to any person or system with which one wishes to exchange encrypted messages. Using the public key, anyone can encrypt messages for the intended recipient, who will then use their private key to decrypt those messages. The public key and the private key are linked (forming a key pair), but only the recipient has the private key. This is also called public key cryptography since one of the keys can be shared with anyone (public).