AD_notes_during_education.docx

Full Transcript

**Aleksejs Desjatiks**

**notes for the BCS syllabus exam**

*v2.0*

According to the syllabus paper I will mark with percentage all areas
what has been mentioned there. This will help me to be prepared to the
exam.

**Area:** TCP/IP

**Percentage:** 100%

**Examples:**

1. **Network interface layer** manages the physical transmission of
data over the network and establishes and terminates connections
between devices.

**Examples:** Ethernet (IEEE 802.3), Wi-Fi (IEEE 802.11), Bluetooth
(IEEE 802.15)

2. **Network layer** handles routing and forwarding of data packets
across different networks.

**\
Example:** Internet Protocol (IP).

3. **Transport layer** manages end-to-end communication, ensuring data
integrity and flow control.

**\
Example:** Transmission Control Protocol (TCP), User Datagram
Protocol (UDP)

4. **Application layer** interacts with end-users, providing access to
network services and applications.\
\
**Examples** include Hypertext Transfer Protocol (HTTP), File
Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP)

**\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***

**Area:** OSI

**Percentage:** 100%

**Examples:**

1. **Physical layer** manages the physical transmission of data signals
over the network medium.

**Example:** Ethernet cables (Cat 5e, Cat 6), fibre optic cables,
Wi-Fi signals.

2. **Data link layer** handles the error-free transmission of data
frames between directly connected nodes.

**\
Example:** Ethernet (IEEE 802.3), MAC addresses (Ethernet MAC),
Point-to-Point Protocol (PPP), IEEE 802.11 (Wi-Fi), Ethernet
switches and bridges operate at this layer.

3. **Network layer** routes and forwards data packets across different
networks.

**\
Example:** Internet Protocol (IP), Routing Information Protocol
(RIP), Open Shortest Path First (OSPF), Border Gateway Protocol
(BGP), routers operate at this layer.

4. **Transport layer** manages end-to-end communication, ensuring data
integrity and flow control.

**Example:** Transmission Control Protocol (TCP), User Datagram
Protocol (UDP)

5. **Session layer** manages sessions between applications on different
devices.

**Example:** NetBIOS, Remote Procedure Call (RPC), APIs for remote
access and session management.

6. **Presentation layer** handles data translation, encryption, and
compression.

**\
Example:** encryption protocols (SSL/TLS), ASCII, JPEG, MPEG.

7. **Application layer** Interacts directly with end-users, providing
access to network services and applications.

**\
Example:** Hypertext Transfer Protocol (HTTP), File Transfer
Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Post Office
Protocol (POP).

\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

**Area:** Main routing protocols.

**Percentage:** 100%

**Examples:**

1. **OSPF** **(Open Shortest Path First)** is an Interior Gateway
Protocol (IGP) that determines the best path for data packets within
an autonomous system (AS) based on shortest path algorithms.

**Example:** Implemented in enterprise networks, OSPF dynamically
routes traffic within an organization\'s internal network.

2. **BGP (Border Gateway Protocol)** is an Exterior Gateway Protocol
(EGP) that manages routing between different autonomous systems on
the internet.

**\
Example:** Implemented by internet service providers (ISPs) and
large organizations to connect to multiple external networks.

3. **RIPng (Routing Protocol Next Generation)** is an IPv6 version of
RIP and is used for routing within small to medium-sized networks.

**\
Example**: Often used in small office or home networks to
dynamically exchange routing information.

4. **OSPFV3 (Open Shortest Path First Version 3)** is an extension of
OSPF specifically designed for IPv6 networks, facilitating routing
for the next generation IP protocol.

**Example:** Implemented in networks transitioning to IPv6 to enable
efficient routing and address assignment.

5. **EIGRP (Enhanced Interior Gateway Routing Protocol)** is a Cisco
proprietary routing protocol that offers fast convergence and
scalability in networks.

**Example:** Commonly deployed in enterprise networks using Cisco
devices for efficient route determination.

6. **EGRP for IPv6.1e** functionality to support IPv6 networks,
enabling efficient routing in the next-generation IP environment.

**Example**: Utilised in networks transitioning to IPv6, providing
enhanced routing capabilities.

\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

**Area:** Main factors affecting network performance.

**Percentage:** 100%

**Examples:**

1. **Vulnerabilities or misconfiguration of protocols** identify
weaknesses or errors in protocol implementations, potentially
allowing unauthorized access, data breaches, or service disruptions.
Vulnerabilities or misconfigurations in protocols create security
loopholes that malicious entities can exploit to gain unauthorized
access, disrupt services, or intercept sensitive data.

**Example:** A misconfigured Border Gateway Protocol (BGP) might
inadvertently advertise incorrect routes, leading to traffic
interception or rerouting through unauthorized networks (BGP
hijacking).

2. **Faults (e.g., single point of failure)** identify weaknesses in
network design or configuration that may lead to service
interruptions or complete network failure. A single point of failure
refers to any component in a network that, if it malfunctions or
goes offline, can cause significant downtime or complete disruption
of services.

**\
Example:** A core switch that, if it malfunctions, disconnects
multiple departments in an organization, rendering them unable to
communicate.

3. **Approaches to error control** detect and correct errors that occur
during data transmission to ensure accurate and reliable
communication. Error control mechanisms identify and rectify
transmission errors, ensuring data integrity by validating the
accuracy of transmitted information.

**\
Example**: The use of parity bits in RAID configurations to identify
and rectify data corruption in storage systems.

4. **Capacity** determines the maximum load a network or its components
can handle without compromising performance. Capacity planning
involves analysing network resources to ensure they can handle
expected loads and scalability requirements.

**Example:** Analysing a server\'s CPU and memory usage to ensure it
can handle the expected increase in user demand during peak hours.

5. **Attacks (e.g., DDoS)** identify and mitigate malicious activities
targeting the network, such as flooding it with excessive traffic to
disrupt services (DDoS). Attacks on networks aim to disrupt
services, steal information, or compromise system integrity,
necessitating robust security measures for prevention and
mitigation.

**Example:** A web server overwhelmed by millions of connection
requests per second, causing it to crash and deny service to genuine
users.

6. **Available bandwidth** it's a measure the amount of data that can
be transmitted over a network in each time. Available bandwidth
indicates the capacity for data transmission, impacting the speed
and efficiency of network communication.

**Example**: Consider a fiber-optic connection rated at 1 Gbps
(Gigabit per second). If multiple users simultaneously stream
high-definition videos, the available bandwidth might decrease,
affecting the streaming quality due to bandwidth contention.

7. **Applications in use** being used on a network can impact
bandwidth, security, and overall network performance. The variety
and volume of applications running on a network influence traffic
pattern, resource allocation, and security measures required to
manage and optimize network performance.

**Example:** In an office environment, simultaneous use of
bandwidth-intensive applications like video conferencing tools
(Zoom), file-sharing services (Dropbox), and cloud-based CRM systems
(Salesforce) strains the network bandwidth. This leads to latency in
critical business applications like customer databases or enterprise
resource planning (ERP) software, affecting productivity.

8. **WAN connection** arises when multiple users or devices compete for
bandwidth on a shared WAN link, impacting performance. contention
arises when multiple users or devices compete for bandwidth on a
shared WAN link, impacting performance.

**\
Example:** In a multi-site retail chain, during peak hours, the
central warehouse conducts data-heavy operations, causing WAN
contention. As a result, real-time inventory updates at individual
stores slow down due to limited bandwidth availability on the shared
WAN, impacting sales and inventory management.

9. **Using VLANs/Network Segmentation** and network segmentation
separate network traffic into distinct segments to enhance security,
manageability, and performance. VLANs (Virtual Local Area Networks)
and network segmentation separate network traffic into distinct
segments to enhance security, manageability, and performance.

**\
Example**: In a university, VLANs segment student, faculty, and
administrative networks. This isolation prevents unauthorized access
to sensitive administrative data, optimizes network performance for
academic research conducted by faculty, and segregates student
activities, ensuring security and efficient resource allocation.

10. **Restricting application use** limits and their usage, helping
manage bandwidth, security risks, or compliance requirements.
Organizations often employ application restrictions to enforce
policies, prevent security threats, optimize network resources, and
comply with regulatory standards.

**Example:** A healthcare organization restricts access to social
media platforms on work devices to comply with patient privacy
regulations (HIPAA). This restriction prevents accidental exposure
of sensitive patient information and preserves network bandwidth for
critical healthcare applications.

11. **Restricting traffic at the border** involves controlling inbound
and outbound data flows for security, compliance, or performance
reasons. Controlling traffic at the network border involves
implementing security measures to filter and manage incoming and
outgoing data to protect against threats and enforce network
policies.

**Example:** An e-commerce company employs border traffic
restrictions, filtering inbound traffic for potential DDoS attacks
and restricting outbound traffic to block unauthorized access to
internal systems. This ensures customer data protection and prevents
cyber threats from entering or exiting the network.

12. **Firewall Misconfiguration** refers to incorrect settings or rules
in firewalls, potentially leading to security vulnerabilities or
disruptions in network traffic. refers to incorrect settings or
rules in firewalls, potentially leading to security vulnerabilities
or disruptions in network traffic.

**Example**: A financial institution misconfigures its firewall
rules, unintentionally allowing external access to sensitive
financial data servers. This misconfiguration exposes critical data
to potential cyber threats, leading to a breach and financial loss.

**\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***

**Area:** Principles and application of virtual networking.

**Percentage:** 100%

**Examples:**

1. **Implications of Virtual and Physical.** Virtual is refers to
resources simulated by software, allowing flexibility, scalability,
and resource optimization without physical hardware constraints. But
physical involves tangible hardware, providing dedicated resources
but often with limitations on scalability and flexibility.

**Example:** Virtual is running multiple operating systems on a
single physical server using virtualization software like VMware or
Hyper-V. Physical having a dedicated server in an office to store
files, limiting scalability compared to virtualised environments.

2. **Cloud-based Infrastructure (e.g., AWS, Azure, GCP)** AWS or Amazon
Web Services offers a vast array of cloud computing services like
storage, computing power, and databases. Azure is other case is a
Microsoft cloud platform and providing services such as virtual
machines, app services, and AI capabilities. The last one is a
Google Cloud Platform, and he is offering computing, storage, and
machine learning services.

3. **Infrastructure as a Service (IaaS)** renting virtual machines from
a cloud provider like DigitalOcean to host websites or databases. In
this list includes virtualised computing resources over the
internet, providing virtualised computing hardware (servers,
storage, networking) on a pay-as-you-go basis.

4. **Concept of Containerisation** is running multiple isolated
applications, each within its container using Docker, ensuring
consistency across various environments.

5. **Shared Responsibility Model** defines the division of security
responsibilities between a cloud service provider and its users. The
provider secures the infrastructure, while users are responsible for
their data and application security.

**Example**: AWS is securing its cloud infrastructure while
customers encrypt their data before storing it in S3 to maintain
data security.

6. **Networking within a Hypervisor** involves managing and configuring
networking resources (virtual switches, routers) within a
hypervisor, enabling communication between virtual machines (VMs)
and the external network.

**Example:** Configuring virtual switches within VMware to connect
multiple virtual machines to the same network.

7. **Virtual Servers as Opposed to Multiple Physical Devices** emulate
physical servers, allowing multiple instances to run on a single
physical machine, optimizing resources and reducing hardware costs
while maintaining functionalities similar to physical servers.

**\
Example:** Hosting ten different websites on a single server using
virtualization instead of deploying each website on its dedicated
physical machine.

**\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***

**Area:** Fundamentals of cryptography.

**Percentage:** 100%

**Examples:**

1. **Confidentiality** is protecting sensitive information from
unauthorised access by encrypting data, ensuring that only
authorized users can access the encrypted content.

**Example:** Encrypting email contents using PGP (Pretty Good
Privacy) before sending it to ensure only the intended recipient can
decrypt and read the message.

2. **Integrity** is verifying that data remains unchanged and unaltered
during transmission or storage by using hashing algorithms or
digital signatures.

**Example:** Using digital signatures to verify the integrity of
software downloads, ensuring the downloaded file hasn\'t been
tampered with.

3. **Authentication** is verifying the identity of users or entities
involved in communication or data exchange, ensuring that parties
are who they claim to be.

**Example:** Logging into a secure system by providing a username
and password, with the system validating the credentials before
granting access.

4. **Non-repudiation** is ensuring that a sender cannot deny the
authenticity of a message or transaction, providing evidence to
prove the origin or receipt of data.

**Example:** Digitally signing a legal document, making it
impossible for the signer to later deny their signature or the
content of the document.

**\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***

**Area:** Concepts of cryptography.

**Percentage:** 100%

**Examples:**

1. **Data at rest** is refers to data stored on devices or physical
media. In the same time **data in transit** moving data across
networks or between systems.

**Example:** Data at rest store files on a hard drive or database
records. Data in transit is sending information over a network
during online transactions.

2. **Hashing (e.g., MD5, SHA, Application of a Salt)** is a process of
converting data into a fixed-size string (and adding unique data to
hashes to enhance security -- application of a salt).

**Example:** As an example, here will be mentioned MD5, which is
generating checksums for file integrity verification and a SHA-256
which is storing passwords securely by hashing them before storage.

3. **PKI and digital signatures** need to establish the infrastructure
for secure communication (PKI) and ensure data integrity,
authentication, and non-repudiation in electronic communications and
transactions (Digital signatures).

**Example:** PKI issuing SSL/TLS certificates for secure websites.
Digital signatures are signing contracts or documents digitally to
ensure authenticity.

4. **Algorithms (e.g., AES, RSA)** the primary purpose to revolving
around securing sensitive information and communications. In
essence, AES focuses on symmetric encryption for secure data
transmission and confidentiality, while RSA, as an asymmetric
algorithm, supports encryption, digital signatures, and secure key
exchange, contributing to secure communication and authentication in
various systems and protocols.

**Example:** AES is encrypting data for secure transmission over
networks. RSA is creating digital signatures to authenticate
messages.

5. **Encryption methods (Block vs. Stream, Stream Ciphers, Block
Ciphers)** offer different approaches to securing data. For example,
**Block encryption** deals with fixed-size blocks, offering robust
security but requiring padding for uneven blocks.

In the same time **Stream encryption** operates continuously, suited
for real-time encryption but with potential vulnerabilities. They're
both is playing crucial roles in securing data in various
applications, each with its advantages and considerations.

**Example:** AES, DES, Blowfish, 3DES, RC5 are related to the block
ciphers. RC4, ChaCha, Salsa20 are related to the stream ciphers.

6. **Key lifecycle** can be divided on the three stage -- **key
generation** (creating keys for encryption/decryption), **key
usage** (applying keys for secure data handling), and **key
disposal** (safely eliminating keys when no longer needed).

**Example:** As an example, here can be mentioned generation keys
for the new secure communication channels and destroying keys after
data retention periods expire.

7. **Symmetric and asymmetric encryption (e.g., RSA, Diffie-Hellman,
PGP, Elliptic curve ciphers).** Symmetric encryption uses single key
for encryption and decryption, focusing on efficiency, while
asymmetric encryption relies on key pairs for heightened security,
facilitating secure communication, digital signatures, and key
exchange. These encryption methods play vital roles in safeguarding
data across various digital environments. Below it will be shown in
details.

**Symmetric encryption**:

**Purpose** - single key encryption which is using a single secret key
for both encryption and decryption.

**Example**: AES, DES, 3DES.

**Efficiency:** Faster than asymmetric encryption due to simpler
algorithms and operations.

**Usage**: Commonly employed in securing data-at-rest, where speed and
efficiency are crucial.

**Asymmetric encryption:**

**Purpose** - utilises a pair of keys (public and private) for
encryption and decryption.

**Example**: RSA, Diffie-Hellman, Elliptic Curve Cryptography (ECC).

**Security**: Offers robust security due to the complexity of
mathematical algorithms.

**Key exchange**: Facilitates secure key exchange and digital
signatures.

**Usage**: Primarily used in secure communication, digital signatures,
and key exchange protocols.

**Specific Algorithms**:

**RSA** - an asymmetric encryption algorithm for secure communication,
digital signatures, and key exchange.

**Diffie-Hellman** - a key exchange protocol enabling secure
communication by sharing cryptographic keys over an insecure channel.

**PGP (Pretty Good Privacy)** - combines symmetric-key encryption and
asymmetric-key encryption for secure messaging and data transmission.

**Elliptic Curve Cryptography (ECC)** - an asymmetric encryption method
offering high security with shorter key lengths, suitable for
constrained environments like IoT devices.

8. **Key exchange** secure transmission of cryptographic keys between
communicating parties.

**Example:** Diffie-Hellman who establishing a secure shared secret
over an insecure channel.

9. **File and disk encryption** are **s**ecuring data at storage levels
using encryption methods. Each of encryption methods caters to
specific needs, ensuring data confidentiality and security across
different devices and storage mediums.

**Example:** For the USB drives, external hard disks, or other
removable media to prevent unauthorised access in case of loss or
theft will be used BitLocker (Windows). For the WDE (Whole disk
encryption) will be used BitLocker (Windows), FileVault (macOS),
LUKS (Linux). But in the same time mobile phones (iOS and Android)
have their own built-in encryption features. But if somebody needs
to encrypt their documents, this person can use Microsoft Office,
Adobe Acrobat, or third-party encryption tools.

10. **Database encryption** can be applied at different levels for
enhanced security. One method is selective encryption, but second
one is a comprehensive data protection. Both methods serve distinct
encryption needs within a database environment. Field-level
encryption allows for targeted protection of sensitive data, while
transparent whole database encryption ensures comprehensive security
for the entire database, safeguarding against unauthorized access to
data-at-rest.

**Example:** As an example, for the individual fields or records
encryption can be mentioned a column-level encryption in databases
such as Microsoft SQL Server, Oracle, or MySQL, where sensitive data
like credit card numbers or personal information is encrypted. For
the whole database encryption can be mentioned technologies such as
Oracle Transparent Data Encryption (TDE), SQL Server Always
Encrypted, or MySQL Enterprise Encryption.

11. **Digital Rights Management (DRM)** involves various techniques to
protect intellectual property and control access to digital content.
It can be a product keys, copy protection for the electronic media
or online activation. The last option has been used very often in
modern world, for example for the different games distribution.

**Example:** Product keys or software activation keys provided
during product purchase or software installation. Copy protection
for electronic media it's a DRM technologies in music, movies, or
software that employ encryption or access controls to prevent piracy
or unauthorized distribution. And for the online activation license
verification starts when device is accessing to the copyrighter
website or service.

12. **Ransomware** is a malicious software that restricts access to
files or systems until a ransom is paid.

**Example:** Attempting to recover encryption keys to unlock
affected files.

13. **E-commerce** is secure online transactions using cryptographic
protocols.

**Example:** TLS/SSL: Securing online transactions via encrypted
connections.

14. **Wireless Communications** it's a communication without physical
connections, includes WLANs (Wireless Local Area Networks) and WAN
backhaul (Wireless Wide Area Network).

**Example:** WLAN as a wireless access points providing internet
connectivity in offices or homes. WAN Backhaul as a wireless
connections between remote locations and central networks.

15. **Data Destruction** involves permanently erasing data by
eliminating associated cryptographic keys, rendering encrypted data
inaccessible. This process ensures secure data disposal.

16. **Blockchain** a decentralized and immutable ledger technology is
the backbone of cryptocurrencies like Bitcoin. It offers secure and
transparent record-keeping across a distributed network.

17. **Protecting passwords and authentication mechanisms** means to
safeguard passwords mechanisms which are involves various methods
such as hashing, storing encrypted credentials, and utilizing
password managers. These measures enhance security by protecting
user authentication details. Some of them will be mentioned below.

**Hashing passwords**:

**Purpose** - converts plain-text passwords into irreversible hash
values, ensuring that even if the stored data is compromised, passwords
cannot be easily deciphered.

**Example**: Algorithms like bcrypt, SHA-256, or Argon2 used to hash
passwords in databases.

**Password managers:**

**Purpose** - offers a secure repository to store and manage complex
passwords, reducing the need for users to remember multiple passwords.

**Example:** Applications like LastPass, Dashlane, or built-in browser
password managers that securely store and generate passwords.

**Protecting biometrics**:

**Purpose** - utilises unique physical characteristics (fingerprint,
facial recognition, etc.) for user authentication, enhancing security.

**Example:** biometric authentication features in devices like
smartphones or systems that require unique biometric markers for access.

**Smart cards:**

**Purpose** - Smart cards are physical devices that store authentication
data or cryptographic keys, providing an additional layer of security
beyond traditional passwords.

**Example:** Integrated circuit cards (ICCs) embedded with chips that
securely store credentials or perform cryptographic operations for user
authentication.

18. **VPN** create encrypted and secure connections, commonly used for
various purposes such as:

1. **User authentication**, that allows remote users to securely
access a private network by verifying their identity through
credentials or certificates.

2. **Network-to-Network authentication**, that establishes secure
connections between separate networks or branches, ensuring
authenticated and encrypted data exchange.

3. **Traffic encryption**, that encrypts internet traffic flowing
through VPN connections, safeguarding data from unauthorized
access or eavesdropping. This encryption ensures data
confidentiality and integrity, especially in public or unsecured
networks. VPNs play a vital role in secure remote access,
protecting sensitive data during transmission.

**\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***

**Area:** Common cryptography techniques

**Percentage:** 100%

**Examples:**

1. **Encryption.** Converts plain-text data into ciphertext using
encryption algorithms, ensuring confidentiality during transmission.

**Example:** AES (Advanced Encryption Standard), encrypts sensitive
data for secure transmission over networks.

2. **Hashing.** Converts data into a fixed-length hash value, ensuring
data integrity and detecting any alterations.

**Example:** SHA-256 (Secure Hash Algorithm 256-bit), verifies file
integrity through hash generation.

3. **Digital signatures.** Validates the authenticity of digital
messages or documents and verifies the integrity of their content.

**Example:** RSA (Rivest-Shamir-Adleman) signatures, providing
authentication and non-repudiation of digital documents.

**\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***

**Area:** Importance of effective cryptography key management

**Percentage:** 100%

**Examples:**

1. **Creation.** Involves generating a new cryptographic key using key
generation algorithms or methods.

**Example:** Creation of a new symmetric or asymmetric cryptographic
key pair.

2. **Distribution.** Involves securely sharing or disseminating
cryptographic keys to authorized entities or devices.

**Example:** Distributing encryption keys through secure channels
like SSL/TLS or key exchange protocols like Diffie-Hellman.

3. **Archival.** Involves securely storing or archiving cryptographic
keys for potential future use or historical records.

**Example:** Archiving older cryptographic keys in secure storage
systems or databases.

4. **Revocation.** Involves invalidating or revoking keys that are
compromised, no longer needed, or considered insecure.

**Example:** Revoking a digital certificate or encryption key in
case of a security breach.

5. **Expiry.** Involves setting a predefined expiration date for
cryptographic keys to ensure regular key rotation and enhanced
security.

**Example:** Setting a validity period for digital certificates or
periodically changing encryption keys.

6. **Destruction.** Involves securely eliminating cryptographic keys
that are no longer required or have reached their end-of-life.

**Example:** Irreversibly deleting or destroying cryptographic keys
from storage devices or memory.

**\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***

**Area:** Legal, regulatory and export issues specific to use of
cryptography

**Percentage:** 100%

**Examples:**

1. **Data Protection Act 2018.** Regulates the processing and
safeguarding of personal data by organizations and ensures
individuals\' rights regarding their personal information.

**Example:** Ensures fair and lawful use of personal data by
organizations and protects individuals\' privacy rights.

2. **Regulation of Investigatory Powers Act (RIPA).** Governs the
interception of communications and provides the legal framework for
surveillance and investigation by public bodies.

**Example:** Regulates how law enforcement and intelligence agencies
can monitor communications.

3. **Freedom of Information Act 2000.** Grants public access to
information held by public authorities, promoting transparency and
accountability.

**Example:** Allows individuals to request information from public
authorities.

4. **Official Secrets Act 1989.** Protects official information and
government secrets from unauthorized disclosure.

**Example:** Governs the safeguarding of sensitive government
information and imposes legal consequences for unauthorized
disclosure.

5. **PCI-DSS (Payment Card Industry Data Security Standard).** Sets
security standards for organizations handling credit card data to
prevent fraud and ensure secure payment transactions.

**Example:** Ensures secure handling of payment card information by
businesses.

6. **GDPR (General Data Protection Regulation).** Regulates the
processing and handling of personal data of individuals within the
European Union (EU), aiming to protect data privacy and ensure
individuals\' rights.

**Example:** Mandates strict rules on data protection and privacy
practices for organizations handling personal data within the EU.

7. **NIST (National Institute of Standards and Technology).** Develops
and maintains cybersecurity and information security standards and
guidelines for federal agencies and private sectors in the U.S.

**Example:** Provides frameworks such as NIST Cybersecurity
Framework to improve cybersecurity posture.

8. **ISO 27001.** Establishes requirements and best practices for
information security management systems (ISMS) to ensure robust
security controls.

**Example:** Regulates how law enforcement and intelligence agencies
can monitor communications.

9. **Wassenaar Arrangement.** An international arrangement controlling
the export of conventional arms and dual-use goods and technologies
to ensure national security and international stability.

**Example:** Governs the export of items that have military or
security implications, preventing their misuse or diversion.

10. **Investigatory Powers Act 2016.** Regulates the powers of public
bodies to conduct surveillance and gather intelligence.

**Example:** Specifies how law enforcement and intelligence agencies
can access and monitor communications.

Here has been mentioned all notes which were related to the BCS syllabus
page and will be used for me during the apprenticeship period. Usually,
these notes as a road map for me in some difficult circumstances. Below
I have mentioned all duties what I have done and which of them need to
be done during the apprenticeship period. Some of them were combined in
one from many (because in some of them KSB's are similar).

A screenshot of a computer security system Description automatically
generated ![A screenshot of a computer program Description automatically
generated](media/image2.png) A white paper with blue text Description
automatically generated ![A screenshot of a computer program Description
automatically generated](media/image4.png)