DeutschEnglishSpanish - Español Formal Neutro Usted UTF-8German formal - Sie - Double FeatureEnglish - Double Feature
 
 
 
 
Latest stable version: 1.4.21   Download
 
 
   


 




CrypTool for Awareness PDF Print

When we talk about awareness, or security awareness, we usually mean the consciousness for general concerns of information security. Hence, awareness is not only about cryptology, e.g. the encryption of confidential data, but also about a much broader topic. The following figure aims to illustrate this fact:

 

 

IT security describes comprehensive activities which suport the operation of IT systems with security measures, to provide safeguard for the electronic data of companies as well as their clients and vendors. The aim is to protect information and processes as well as exclude IT related adverse effects of business activities as far as possible.

The measures of IT security include (besides cryptology methods) e.g. security organisation, legal aspects, security monitoring, anti virus measures, patch management, disaster recovery, business continuity, security architectures and awareness for IT security. A good overview of these measures can be found at NIST or at the German information security agency (BSI).

Risk management extents the scope of IT security and also covers the socially desirable protection of critical infrastructures.

Risk management can be defined as the consciously management of risks. This can include general operational risks or specific financial risks. Companies, organisations and individuals must deal with all sorts of risks within living memory. The origin of a systematic risk management is based in the financial industry. Today several laws contribute and aim to provide financial control and transparency for corporations (e.g. Sarbanes-Oxley Act, or Basel II).

The total risk of a company can be divided into operational risks (e.g. breakdown or limitations of IT systems) or all sorts of financial risks (credit risks, liquidity risks, market risks, liability risks etc.).

Several approaches exist to identify, measure, monitor and control risks.

Risk management does not necessarily aim at complete risk prevention. Instead it tries to identify appropriate actions under a cost and benefit perspective (appropriate measures could also include the insurance of certain risks).

A basic understanding of cryptology is necessary to take appropriate measures and controls in order to achieve the objectives of IT security (authentication, confidentiality, integrity, non-repudiation) with an optimal cost-value ratio. The following figure illustrates how Cryptool can contribute to the understanding of security awareness in this context: