| π Back to Exam Syllabus | πΊ RooCloud on YouTube | π RooCloud Practice Exams |
Data Encryption (Part 2 of 2)
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series continues from Part 1 and shows how cryptographic theory is applied in the real world. The session covers at a topic level how symmetric and asymmetric encryption are combined for efficiency, the key protocols that secure web traffic and network connections, how Kerberos handles authentication, how email is protected, and what an IS auditor checks during an encryption review.
What this episode covers
- Combining symmetric and asymmetric encryption β the digital envelope approach that delivers both speed and safe key delivery, used by major privacy tools.
- Transport layer security (TLS) β how TLS secures internet traffic through a negotiation, key exchange, and encryption sequence, and why auditors must confirm the older flawed protocol is retired.
- Internet protocol security (IPSec) β transport mode versus tunnel mode, security associations, and automated key management using asymmetric cryptography.
- Kerberos β ticket-based single sign-on via a trusted third party, with end-to-end protection against eavesdropping and replay attacks.
- Secure shell (SSH) and DNS security extensions β encrypted remote access and digital signatures on domain records to prevent cache poisoning.
- Email security β common email attacks (bombing, spamming, spoofing, business email compromise) and the layered defenses including spam filters, encryption, secure gateways, and attachment control.
- Encryption audit checklist β governance, design, and key management review areas, and the sharp rule that private keys for digital signatures should never be backed up.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
Why combine symmetric and asymmetric encryption, and what is a digital envelope?
Combining both approaches solves each oneβs weakness: data is encrypted with a fast symmetric key, then that key is encrypted using asymmetric encryption for safe delivery, giving the speed of symmetric and the easy key distribution of asymmetric. When a message and its encrypted symmetric key are wrapped together the result is called a digital envelope. This combined approach powers the main security protocols used on the internet every day.
What is transport layer security and what should an auditor check about it?
Transport layer security is the protocol that secures communication on the internet, turning ordinary web browsing into the secure version. It works in phases: the client and server negotiate algorithms, exchange keys and authenticate, then encrypt the actual traffic using a handshake protocol and a record protocol. An important audit note is that it replaced an older protocol with a serious flaw, so auditors should confirm that the older protocol is not still in use when they see the old name mentioned.
What is Kerberos and how does it work?
Kerberos is a ticket-based authentication mechanism that uses a trusted third party to provide single sign-on while protecting login credentials. A user proves their identity once to receive a ticket, which is then used to gain access to services without re-proving identity each time, similar to using an entrance ticket to reach each ride at a theme park. Its main advantage is end-to-end protection against eavesdropping and replay attacks.
What does an encryption audit examine and what is the sharp rule about private keys?
An encryption audit examines governance such as written policies, data classification, and separation of duties; design to confirm the chosen algorithm gives adequate protection; and key management covering how keys are created, distributed, rotated, and destroyed. Auditors also confirm that users and operators do not handle keys directly. The sharp rule for digital signatures is that private keys should never be backed up because doing so increases the exposure of the key.
π Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in Data Encryption (Part 2 of 2).