• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.701 ■ Spring 2022 ■ Jose Gomez
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit 01 – Threat Environment
      • Unit 02 – System Security Plan
      • Unit 03 – Planning and Policy
      • Unit 04 – Cryptography
      • Unit 05 – Secure Networks
      • Unit 06 – Firewalls
      • Unit 07 – Mid-Term Exam
    • Second Half of the Semester
      • Unit 08 – Access Control
      • Unit 9 Host Hardening
      • Unit 10 Application Security
      • Unit 11 Data Protection
      • Unit 12 – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Equifax Data Breach
    • Participation
    • Team Project
  • Harvard Coursepack
  • Gradebook
  • Zoom

My question to discuss with my classmates

January 27, 2022 by Jose Gomez 24 Comments

Filed Under: 04 - Cryptography Tagged With:

Reader Interactions

Comments

  1. Kyuande Johnson says

    January 29, 2022 at 11:43 am

    What is the difference between a private key and a public key?

    Log in to Reply
    • zijian ou says

      February 1, 2022 at 7:59 am

      The private key is used to both encrypt and decrypt the data. This key is shared between the sender and receiver of the encrypted sensitive information. The private key is also called symmetric, being common for both parties. Private key cryptography is faster than public-key cryptography mechanisms.

      The public key is used to encrypt, and a private key is used to decrypt the data. The private key is shared between the sender and receiver of the encrypted sensitive information. The public key is also called asymmetric cryptography.

      Log in to Reply
    • Victoria Zak says

      February 1, 2022 at 9:24 pm

      Hi Kyuande!
      This is a great question… knowing the difference between a private and a public key is beneficial. A private key aka secret key is used for encryption and decryption. It is a symmetric key because the only key is to copy or share by another party to decrypt the cipher text. Private keys are a lot faster than a public key. Additionally, the sender and receiver needs to share the same key.
      A public key are two keys being used for encryption and another key is used for decryption.. The public key is used to encrypt the plain text to convert it into cipher text and the private key is used by the receiver to decrypt the cipher text to read the message. A public key is known as asymmetrical because there are 2 types of keys as described above.

      Log in to Reply
  2. Andrew Nguyen says

    January 29, 2022 at 2:32 pm

    One question that I would like to discuss with my classmates would be about the cryptography in general. What are the downsides of using cryptography?

    Log in to Reply
    • Antonio Cozza says

      January 30, 2022 at 3:50 am

      I think that the main drawback of stronger encryption methods is the time variable; the more secure a system is in almost every case, the less usable it is in general. In a similar fashion, the stronger the encryption method / the longer the key length is, the longer it will take to encrypt and decrypt the message, making a more time-dependent encryption sequence. Some major exploits have been able to capture and record data during the encryption / decryption process, so it is always something to consider.

      Log in to Reply
    • Madalyn Stiverson says

      February 1, 2022 at 4:13 pm

      Ultimately, it’s a trade off between confidentiality/integrity and availability. Cryptography will increase the confidentiality and integrity of the data, but will reduce the availability of it. Users accessing the encrypted data may need to take additional steps such as elevating privilege before being able to read the encrypted data.

      Depending on the type of encryption, there’s also the risk of a man in the middle attack.

      Log in to Reply
  3. Patrick Jurgelewicz says

    January 29, 2022 at 3:31 pm

    IPsec standards provide more security than SSL/TLS, but are also more expensive to implement. In what cases might a company decide to choose SSL/TLS protection over IPsec?

    Log in to Reply
  4. Kelly Sharadin says

    January 29, 2022 at 7:44 pm

    Im curious if anyone has any examples of utilizing cryptography in their day-to-day. I have been trying to think of examples in my own line of work. Top of my head, my firm really pushes communicating using encrypted out-of-band platforms but I personally do not work directly with cryptography and would be curious if any of my classmates do.

    Log in to Reply
    • Madalyn Stiverson says

      February 1, 2022 at 4:22 pm

      I don’t personally work with cryptography, but I do receive a lot of encrypted emails. By encrypting these emails, we’re trading availability for confidentiality and integrity.
      Opening these encrypted emails will typically take me to an online login portal. Yet ironically, this website portal is blocked by my company. Meaning I have to request the sender to provide these emails a different way… and that means they’re typically sent in plaintext. Or they’ll send a locked file and call me with the password, which is time consuming and prone to error..

      My takeaway from this is that it’s important to make sure your encryption techniques are implemented in a way that they won’t inadvertently be blocked by the recipients’ email and web filters.

      Log in to Reply
  5. Dhaval Patel says

    January 29, 2022 at 7:59 pm

    What does the process of enabling SSL/TLS look like in a Linux environment?

    Log in to Reply
  6. zijian ou says

    January 30, 2022 at 1:03 am

    How public key encryption can securely provide symmetric session keys?

    Log in to Reply
  7. Antonio Cozza says

    January 30, 2022 at 3:46 am

    Is it likely that the debate over security vs privacy will actually lead to widescale reduced usage of applications / software, etc which enforce strict data privacy and usage policies so that they can sell it recklessly to profit over the average user?

    Log in to Reply
  8. Madalyn Stiverson says

    January 30, 2022 at 10:34 am

    What are the similarities and differences between digital certificates and drivers’ licenses?

    Log in to Reply
    • Patrick Jurgelewicz says

      February 1, 2022 at 10:41 am

      Hey Madalyn, this is an interesting comparison, as both documents are issued by a trusted entity in order to verify the true identity of someone or something. One major difference is that driver licenses are typically only issued by one entity, the state government, whereas digital certificates can be issued by a number of root certificate providers. Certificate providers also need their own digital certificate, which can lead to interesting situations such as the time Google’s certificate was spoofed possibly by the Iranian government.
      https://www.computerworld.com/article/2510951/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html

      Log in to Reply
    • kofi bonsu says

      February 2, 2022 at 4:41 am

      Hi Madalyn,
      I like your question due to the fact that digital certificate and driver license have following similarities. Digital certificate and drivers’ licenses both are used for the identification of the owner. • Digital certificates ensure the identity of owner of the document and driving license ensure the identity of person

      Log in to Reply
  9. Dan Xu says

    January 30, 2022 at 11:50 am

    When organizations adopt the concept of functionality, automatic and manual assessments, will all security controls and privacy controls that constitute a security or privacy function be considered?

    Log in to Reply
  10. Vraj Patel says

    January 30, 2022 at 3:19 pm

    What is the difference between the NIST 800-53Ar4 and the NIST 800-53B?

    Log in to Reply
  11. Victoria Zak says

    January 30, 2022 at 8:23 pm

    What could create an error on a SSL/TSL Certificate?

    Log in to Reply
    • Vraj Patel says

      January 31, 2022 at 7:58 pm

      Hello Victoria,
      There are multiple things that could cause an error on the SSL/TSL certificate. However, the couple of things that could cause and error on SSL/TSL Certificate are if the time and date is not set properly on the clients system or if the server is not supporting that service.

      Log in to Reply
  12. kofi bonsu says

    January 30, 2022 at 9:01 pm

    The probable question that I would share and discuss with my classmates is stated below:
    How good are we at building privacy and ethics in using the data? And this question will be discussed thoroughly with all my classmates.

    Log in to Reply
  13. Michael Jordan says

    January 30, 2022 at 11:46 pm

    Would it be possible for an attacker to hijack or receive a duplicate of an SSL/TLS certificate for a website/organization, since (to my understanding) these certificates are provided by third parties? Isn’t the certificate only as reputable as the third party issuing it?

    Log in to Reply
  14. Olayinka Lucas says

    January 30, 2022 at 11:50 pm

    I have always wondered and would like to ask if there is any other control for ensuring access controls are more effective than encryption. Years of research point to encryption as the most secure means of access management for data at rest and in transit; however, I would like to know if there are better controls. Secondly, if not encryption, what is another alternative?

    Log in to Reply
  15. Lauren Deinhardt says

    February 1, 2022 at 10:06 pm

    My question is how would you audit a healthcare organizational system, versus a chain restaurant?

    Log in to Reply
  16. Bernard Antwi says

    February 2, 2022 at 6:32 am

    What are essential ingredients of the public key directory?

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (2)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (7)
  • 04 – Cryptography (6)
  • 05 – Secure Networks (7)
  • 06 – Firewalls (5)
  • 08 – Access Control (7)
  • 09 – Host Hardening (5)
  • 10 – Application Security (6)
  • 11 – Data Protection (4)
  • 12 – Incident and Disaster Response (5)
  • 13 – Review (1)
  • 13 – Team Project Presentations and Review for Final (1)
Fox School of Business

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in