Cryptography Policy

Table of Contents

    The principles, means, and methods for data transformation to ensure confidentiality and authenticity is known as Cryptography. It conceals the data from unauthorized access and verifies its integrity when necessary. 

    A uniform cryptography policy is essential for protecting highly confidential organizational data, preventing misuse, and ensuring its safety and integrity from illegal use. 

     

    Cryptography Policy Sample

    Purpose 

    [Organization’s Name] places the integrity, confidentiality, and authenticity of information at its heart. Along similar lines, the cryptography policy ensures that data is protected from unauthorized inception and aligns every employee with the organization’s security and data governance objectives. 

     

    Objective 

    The key objectives of this policy include: 

    • Safeguarding the confidentiality and integrity of assets, services, and data registered under [Organization’s Name]. 
    • Securely storing information to avoid unauthorized access or accidental loss. 
    • Ensuring smooth, secure data transfer among software devices. 
    • Aligning with the key themes of Cyber Resilience Framework: Identify, Protect, Detect, Respond, and Recover. 
    • Establishing encryption standards for digital assets. 
    • Assuring protection of sensitive information to senior management, clients, partners, and employees. 

     

    Cryptographic Roles and Responsibilities 

    • All employees, partners, and support staff are responsible for adhering to the policy guidelines and ensuring information protection at all levels. 
    • The Internal Committee established under the policy is responsible for ensuring smooth implementation of this policy. 
    • Every departmental head and team manager will ensure teams adhere to basic guidelines and mitigate any risk from external sources. 
    • The Internal Governance Committee (IGC) oversees the management of common threats and will present an annual report of their work at the yearly conferences. 
    • The Internal Committee is also responsible for conducting quarterly seminars, advising on risk treatment efforts, and ensuring consistent policy implementation. 
    • The Information Security Manager is responsible for reviewing and incorporating improvements with the latest trends in the policy.
       

    Cryptography Usage 

    Cryptographic keys are crucial for accessing encrypted data and systems. Our organization uses the following approaches to manage these keys: 

    • Storing cryptographic keys in MS Azure Active Directory, with access restricted to authorized staff. 
    • Implementing safety protocols for authorization requests. 
    • Ensuring cryptographic key protection from theft, loss, and unauthorized access throughout their lifecycle. 
    • Physically protecting equipment generating, storing, and archiving keys with appropriate security controls. 
    • Here are the list of risks and threats: 

    Commonly Identified Threats

     

    Threat No.Commonly Identified Threats
    A1Unauthorized access by outsider
    A2Unauthorized access by insider 
    A3Theft of information or data by insider
    A4Theft of information or data by outsider
    A5User error or unintentional change of data 
    A6Sharing of accounts by authorized users 
    A7Theft of information or data by hackers 
    A8Communications intercepted
    A9Introduction of Malware
    A10Phishing/Social Engineering
    A11Breach of Privacy
    A12Accidentally misrouting information or data 
    A13Inadequate audit report
    A14Network connectivity failure
    A15Infrastructure technical failure 
    A16Environmental failure
    A17System software failure 
    A18End of life of a key 
    A19Supply chain cyber attack 
    A20Act of Terrorism

    Digital Signatures 

    A digital signature is an electronic signature used to authenticate the message’s sender and to ensure the message remains unchanged.  

    Our organization mandates the following rules under the Digital Signature Policy: 

    • Adherence to criteria mentioned on the website for acquiring digital signatures. 
    • Use digital signatures only in official documents and secure environments. 
    • Quarterly policy reviews for legal compliance. 
    • Strict actions, including termination, for unauthorized access. 

     

    Encryption Standards

    The Cryptographic keys must be handled with the utmost security, and [Organization’s Name] takes the following steps: 

    • Securely storing cryptographic keys in MS Azure AD, accessible only to authorized personnel. 
    • Pre-defined procedures for granting temporary access permissions, recorded for accountability. 
    • Strict penalties for incidents of modification, loss, tampering, or unauthorized access. 
    • Physical storage of key-generating equipment in secure environments. 
    • Revoking compromised keys and generating new ones. 
    • Installing TPM chips in laptops and desktops and six-character passwords for mobiles. 
    • Allowing only password-protected Portable Storage Devices. 
    • Using MS Intune to implement and manage encryption standards. 
    • Using the Organization’s SharePoint Directory while sharing important business information via emails. 

     

    Appendix

    Table 1 – Definitions 

    Term Definition 
    Application encryption Application-level encryption of files. 
    Cryptography Technique of protecting data by converting it into secure format. 
    Cryptographic keys A key used to unlock or access encrypted data. 
    Encryption algorithms Uses encryption key to convert data to plaintext. 

     

    Table 2 – Key roles and responsibilities

    Role Responsibility 
    Chief Digital and Information Officer (CDIO) One who approves of any exemptions to the policy. 
    Digital and Information Officer (DIO) One who implements and notifies any changes to the policy. 
    Chief Information Security Officer (CISO) One who develops, improves, monitors, and reviews the exemptions to the policy. 

     

    cookie image

    By clicking “Accept", you consent to our website's use of cookies to give you the most relevant experience by remembering your preferences and repeat visits. You may visit "cookie policy” to know more about cookies we use.