Systems Security Certified Practitioner – SSCP – Question0671

Which of the following statements is true about data encryption as a method of protecting data?

A.
It should sometimes be used for password files
B. It is usually easily administered
C. It makes few demands on system resources
D. It requires careful key management

Correct Answer: D

Explanation:

In cryptography, you always assume the “bad guy” has the encryption algorithm (indeed, many algorithms such as DES, Triple DES, AES, etc. are public domain). What the bad guy lacks is the key used to complete that algorithm and encrypt/decrypt information. Therefore, protection of the key, controlled distribution, scheduled key change, timely destruction, and several other factors require careful consideration. All of these factors are covered under the umbrella term of “key management”.
Another significant consideration is the case of “data encryption as a method of protecting data” as the question states. If that data is to be stored over a long period of time (such as on backup), you must ensure that your key management scheme stores old keys for as long as they will be needed to decrypt the information they encrypted.
The other answers are not correct because:
“It should sometimes be used for password files.” -Encryption is often used to encrypt passwords stored within password files, but it is not typically effective for the password file itself. On most systems, if a user cannot access the contents of a password file, they cannot authenticate. Encrypting the entire file prevents that access.
“It is usually easily administered.” -Developments over the last several years have made cryptography significantly easier to manage and administer. But it remains a significant challenge. This is not a good answer.
“It makes few demands on system resources.” -Cryptography is, essentially, a large complex mathematical algorithm. In order to encrypt and decrypt information, the system must perform this algorithm hundreds, thousands, or even millions/billions/ trillions of times. This becomes system resource intensive, making this a very bad answer.
Reference: Official ISC2 Guide page: 266 (poor explanation) All in One Third Edition page: 657 (excellent explanation) Key Management -Page 732, All in One Fourth Edition