Many products feature secure encryption, but Great Wall Information Security (GWIS) does more! GWIS builds a wall around your computer systems, protecting your sensitive data. You can never wipe out risk completely. It has always been part of doing business. However, as any productive executive knows, only when you can describe and measure risk you will be free to make the decisions that bring large returns on your investment. It is just the same with your network and IT infrastructure. With new technologies and new ways of working, there are naturally new sources of risk. With new technologies such as our patented encryption ciphers such as Polymorphic and Metamorphic Ciphers, a company can protect its valuable data. You can predict risk before you have to react to it, making you more competitive. That is why we want you to rely on GWIS for secure, risk-resilient IT and communication services. Our data security experts will help you utilize the state-of-the-art cryptography algorithms to encrypt and decrypt your files.
ISO/IEC 19790:2012 the security requirements for a cryptographic module utilized within a security system protecting sensitive information in computer and telecommunication systems. This International Standard defines four security levels for cryptographic modules to provide for a wide spectrum of data sensitivity (e.g. low value administrative data, million dollar funds transfers, life-protecting data, personal identity information, and sensitive information used by government) and a diversity of application environments (e.g. a guarded facility, an office, removable media, and a completely unprotected location). This International Standard specifies four security levels for each of 11 requirement areas with each security level increasing security over the preceding level. ISO/IEC 19790:2012 specifies security requirements specified intended to maintain the security provided by a cryptographic module and compliance to this International Standard is not sufficient to ensure that a particular module is secure or that the security provided by the module is sufficient and acceptable to the owner of the information that is being protected.
The ISO 27001 standard was first published in October 2005, to replace the old BS7799-2 standard. It is the specification for ISMS, an Information Security Management System. BS7799 itself was a long-standing standard, first published in the nineties as a code of practice. As this has matured, a second part emerged to cover management systems. Today in excess of a thousand certificates are in place, across the world. On publication, ISO 27001 enhanced the content of BS7799-2 and reconciled it with other standards. A scheme has been introduced by various certification bodies for conversion from BS7799 certification to ISO27001 certification. The objective of the standard itself is to "provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS)". Regarding its adoption, this should be a strategic decision. Further, "The design and implementation of an organization's information security management system are influenced by the organization's needs and objectives, security requirements, the organizational processes used and the size and structure of the organization". GWIS can help, through our partner ISO 27001 auditors, to provide you with the necessary certification.
Cryptographic Key Management
The National Institute of Standards and Technology has issued new guidance for designing cryptographic key management systems. NIST Special Publication 800-130, A Framework for Designing Cryptographic Key Management Systems, describes topics that designers should consider when developing specifications. The NIST says that the goal of the framework is to guide designers in creating a complete, uniform specification to build, procure and evaluate the desired cryptographic key management system. The framework helps define the design task by requiring the specification of significant capabilities. It encourages designers to consider the factors needed in a comprehensive cryptographic key management system. It encourages designers to consider factors and mechanisms that, if properly addressed, can provide security to the system. The publication compares different compliant cryptographic key management system systems and their capabilities. It performs a security assessment by requiring the specification of implemented and supported cryptographic key management system capabilities and Forms the basis for a federal cryptographic key management system profile. This Framework for Designing Cryptographic Key Management Systems (CKMS) is a description of the topics and the documentation requirements when designing a CKMS. The CKMS designer should satisfy the requirements by selecting the policies, procedures, components (hardware, software, and firmware), and devices to be incorporated into the recommendations, and then specify how these items are employed to meet the requirements of this Framework. The CKMS comprises of policies, procedures, components, and devices used to protect, manage and distribute cryptographic keys and certain specific information, called metadata. The framework includes all devices or sub-systems that can access an unencrypted key or its metadata. Encrypted keys and their cryptographically protected metadata can be handled by computers, and transmitted through communications systems and stored in media that are not considered part of the specified framework. This CKMS framework provides the guidelines for designing documentation requirements. In other words, it describes what needs the documentation in the CKMS design. The goal of the Framework is to guide the CKMS designer in creating a complete uniform specification of the CKMS to build, procure, and evaluate the desired security system. GWIS can help in designing your CKMS .