Encryption is one of the most important tools that modern businesses have at their disposal. Confidential information is their lifeblood, and it’s constantly flowing through their systems – between databases, removable devices, emails and suppliers.
If organisations don’t take appropriate steps to protect sensitive information, they increase the risk of it being compromised.
ISO 27001, the international standard that describes best practice for an ISMS (information security management system), covers data encryption in Annex A.10.
In this blog, we explain everything you need to know about encryption and ISO 27001’s cryptographic controls.
What is encryption?
Encryption is a mechanism that scrambles data into an unreadable code. Anyone who wishes to interpret the information needs a decryption key, which reverts the information into its original form.
A basic example of encryption would be replacing one letter with another so that, for instance, the letters of the ‘Hello’ might be transposed one letter to the left on a standard keyboard to read: “Gwkki”.
In a cyber security context, encryption is more sophisticated than that, creating a code that is complex…
