Foregenix Blog

A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a nation state. Given the nature of the business being assessed wasn't involved in, or related to critical infrastructure, and the IP wasn't such that it was of national or military importance to gain leverage, we gave the risk a low rating. In recent months, due to the leaking of custom malware developed by the NSA, the tools considered available only to nation states are now available to everyone. Where the internet democratised the attack vectors employable against entities with an online presence, the leak of custom, targeted malware, has lowered the barrier to entry such that even non-sophisticated malicious actors can leverage the experience, expertise and destructive force of a nation state.

To begin, we'll take the following definitions of 'privacy' and 'information privacy' from the International Association of Privacy Professionals:

Following on from Encryption 101, this post will focus on different methods of Encryption, when they're applicable and why they are important. 

When it comes to talking about encryption, it’s important to ensure we’re speaking about the same thing – and to clarify and simplify some of the different implementations we see. Sometimes these are implemented for security and best practice, while other times they are implemented to tick a box. It's important to know the difference between encryption mechanisms, know when to use what and be able to identify and judge the security of particular implementations. This is the first of 2 or more posts.