Please see attachment for instructions.
In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format.
Based on the readings for chapter 3 Information Security Fundamentals and chapter 3&4 Information Security: Design, Implementation, Measurement, and Compliance, Discuss the following.
1. What are some of the cryptology methods used in my work organizations?
2. What do you find to be an advantage and disadvantage?
3. What are some things you think that may be lacking and or should be improved in the future?
400 words total, replying to the two posts below. Each reply must be 200 words for post 1 and post 2.
S.B POST 1
In my organization, which operates within the public sector, cryptology plays a central role in protecting sensitive data, particularly within our records management systems and inter-agency communications. One of the most widely used cryptographic methods is AES-256 encryption, especially for database storage and file transfer protocols. This symmetric key encryption standard provides a strong balance of speed and security, and its adoption has helped ensure compliance with CJIS and other government data protection requirements (Peltier, 2013).
For secure external communication, we also rely heavily on TLS (Transport Layer Security), particularly for web-based applications and email systems. TLS ensures data confidentiality and integrity during transmission and is integrated into many of our public-facing platforms, such as citizen complaint portals and department-wide internal communications. Additionally, SHA-2 hashing is used for data integrity checks on documents submitted through our digital evidence systems.
A clear advantage of these methods is their maturity and wide adoption, which allows for relatively seamless integration into commercial off-the-shelf software and platforms. The downside, however, is that key management—especially for encrypted backup archives—can become cumbersome. We’ve experienced issues in the past where decryption keys weren’t properly maintained or rotated, leading to accessibility problems during audits or recovery efforts. As Peltier (2013) notes, poor key management can be a critical failure point, even when robust cryptographic tools are in place.
One area I believe needs improvement is end-user awareness and handling of encrypted data. While the backend systems are fairly secure, human error remains a vulnerability. For example, employees sometimes download sensitive encrypted files to personal devices or cloud drives, defeating the purpose of organizational encryption policies. Improving this would require stronger endpoint controls and mandatory encryption for local storage (Whitman & Mattord, 2021).
Going forward, I believe we need to evaluate quantum-resistant cryptography for long-term data protection, especially as federal agencies begin laying the groundwork for post-quantum encryption standards (NIST, 2023). While this might seem premature, critical data archived for 10+ years could be at risk once quantum computing becomes mainstream.
References
National Institute of Standards and Technology. (2023). Post-quantum cryptography: NIST’s approach and latest updates.
Peltier, T. R. (2013). Information security fundamentals (2nd ed.). CRC Press.
Whitman, M. E., & Mattord, H. J. (2021). Principles of information security (7th ed.). Cengage Learning.
J.N POST 2
Currently, I am engaged in Communications Security (COMSEC) operations for the wing’s cybersecurity division, which plays a foundational role in safeguarding classified and sensitive information. This vital role requires vigilance and expertise in implementing cryptologic methods designed to secure voice, data, and network communication. These methods adherer strictly to standards approved by the National Security Agency (NSA), ensuring robust encryption and protection against potential breaches. We operate on Key Management Infrastructure (KMI), a system that centralize control over key distribution, auding, and accountability. The KMI’s integrated framework bring numerous advantages, including the enhanced security and automation of key lifecycle management processes such as distribution, revocation, and destruction. Some challenges we face in COMSEC include the complexity of KMI, which can slow down operation when agility is needed in dynamic operational environments, particularly during emergencies. KMI training is highly specialized and provided at only one location for the entire Air Force. Training takes one month to complete, creating gaps in staffing. Mastery of KMI operations takes years to fully grasp both operational and administrative to run the account effectively. This steep learning curve places additional pressure on personnel to perform flawlessly in high-stakes scenarios.
For future improvement in the administrative processes of COMSEC, unifying all documents to include digital signature would be highly beneficial. Currently, handle numerous documents, with some requiring wet signatures and others relying solely on digital ones. Standardizing this process would streamline operations and reduce complexity. Interestingly, COMSEC falls under the IT domain, yet it often feels more like an administrative role. Many of my co-workers who have spent the majority of their careers in COMSEC enjoy job security within this field but struggle to qualify for other positions in IT.
Reference:
Layton, Timothy P.. Information Security : Design, Implementation, Measurement, and Compliance, Auerbach Publishers, Incorporated, 2006. ProQuest Ebook Central,
