All businesses need to be able to securely store and transmit sensitive data. Cryptography is the process by which data is encrypted using techniques that protect it from unauthorized access, theft, modification, and non-repudiation. This article will discuss the fifth domain of SSCP, Cryptography, and what you can expect from the SSCP exam.
Domains of SSCP
These are the seven SSCP domains:
Domain 1: Access Controls (16%)
Domain 2: Security Operations and Administration (15%)
Domain 3: Risk Identification Monitoring and Analysis (15%)
Domain 4: Incident Response and Recovery (13%).
Domain 5: Cryptography (10%)
Domain 6: Network and Communications Security (16%)
Domain 7: Systems and Application Security (15%)
Domain 5: Cryptography
Domain 5 is Cryptography in the SSCP certification exam. The Cryptography domain has a 10% weightage in the Systems Security Certified Practitioners (SSCP) certification exam. This domain will provide an overview of the concepts and requirements for confidentiality and how cryptographic methods can achieve it. All IT security personnel must ensure confidentiality. This section will cover cryptographic techniques, key usage and the various types of cryptographic system. Public-key infrastructure is used every single time an individual logs in to an e-commerce website. It will explain how to use digital certificates and ensure data integrity. It will also teach you how to use cryptographic methods to provide authentication. It will also cover nonrepudiation, which ensures that the sender cannot deny they sent the message. The Cryptography domain covers the following subtopics:
Learn the fundamental concepts of cryptography
Learn the reasons and requirements of cryptography
Secure protocols: Understand and support
Understanding Public Key Infrastructure (PKI), systems
1. Understanding the Fundamental Concepts of CryptographyThis section will give an overview of the basic terms and concepts of cryptography. Cryptography is the study and practice of encryption techniques that can be used to secure communications when third parties are present. It will cover encryption techniques to secure sensitive data, authenticate data, and establish non-repudiation as well as proof of message origin. It will discuss the differences between encryption and hashing, as well as symmetric and unsymmetric cryptography. It covers both symmetric and unsymmetric encryption. It will explain how RSA works and the various cryptographic algorithms they use. It will also include multiple terms like non-repudiation and digital signatures, digital certificates, as well as proof of origin. This section will also cover cryptographic attacks, concepts and cryptanalysis as well as countermeasures to protect sensitive information from unauthorized access.
2. Understanding the Reasons and Requirements of CryptographyThis section will cover data confidentiality and integrity, availability, authenticity, and non-repudiation. These should be guaranteed by a secure system. When used effectively, cryptography can provide these assurances. Cryptography protects data in transit and at rest, assuring their integrity and confidentiality. It will also discuss how cryptography can be used to prevent repudiation by establishing trust among senders and receivers. This section will explain how unauthorized exposure could affect an organization’s confidentiality and integrity as well as availability. Sensitive data refers to confidential data that must be kept safe from anyone who doesn’t have the authorization. This section will also discuss cryptography regulations that protect individuals and organisations from having their data stolen.