CISSP Need Help

dpathidpathi Posts: 23Member ■□□□□□□□□□
Hi All,

Can someone help me with the following?

1) Even though Availability is not a goal of Cryptography, does it indirectly ensure availability ?

2) What is the primary goal of change Management? Is it "Ensuring changes doesn't affect security of a system" or "Preventing unauthorized changes"?

Thx

Comments

  • shiju_vshiju_v Posts: 8Member ■□□□□□□□□□
    I do not think Cryptography indirectly ensures availability. When we say availability, it means legitimate users should be able to access the data as and when required. The data should be available. For this the servers and services should be up and running, host resources should be free to accept the request and provide the data requested, the network connecting the server and client should be up, etc. Redundant networks, fail-over clusters, data backup, DRP, etc supports availability.

    When we talk about Cryptography,it deals with ensuring the data sent across the network, or when data stored in a location, it is encrypted so that only legitimate users who has the decryption key or knowledge to decrypt it can view it.

    Cryptography can ensure Confidentiality for sure, and support Integrity as the data will not be tampered during the communication process.
  • dpathidpathi Posts: 23Member ■□□□□□□□□□
    Thx. So u mean to say that since cryptography ensures legitimate users can access data when they need it, cryptography provides availability?
  • shiju_vshiju_v Posts: 8Member ■□□□□□□□□□
    The primary goal of change Management is not "Ensuring changes doesn't affect security of a system" or "Preventing unauthorized changes". However these goals too will be accomplished when following Change Management process. Change Management process ensures changes happens in a controlled and structured manner, where all other aspects such as documentation, communication to stakeholders, security concerns, proper planning, etc are handled properly.
  • shiju_vshiju_v Posts: 8Member ■□□□□□□□□□
    There is a small difference in my opinion. Cryptography ensures ONLY legitimate users can understand or get the meaning out of the encrypted data. The data may be available to all weather the user is legitimate or not, but only legitimate users can make use of it.
  • dpathidpathi Posts: 23Member ■□□□□□□□□□
    Thx. Its more clear now.
  • dontstopdontstop Posts: 569Member ■■■■□□□□□□
    These questions smell of homework.
Sign In or Register to comment.