ABSTRACT
Applying encryption is not easy. False confidence placed in improperly applied security mechanisms can leave an organization at greater risk than before the flawed encryption project was started. It is also possible to err in the opposite direction. Overbuilt security systems cost too much money upfront, and the ongoing expense from unneeded maintenance and lost productivity continues forever. To help avoid costly misapplications of security technology, this chapter provides guidance in matching encryption implementations to security requirements. It assumes a basic understanding of cryptological concepts, and is intended for security officers, programmers, network integrators, system managers, Web architects, and other technology decisionmakers involved with the creation of secure systems.
