Definition

Cryptography

Cryptography is the set of techniques protecting confidentiality, integrity and authenticity of information through mathematical algorithms.

In ISO 27001 context, cryptography (ISO 27002:2022 control A.8.24) covers policies for cryptographic controls and key management. It includes encryption at rest and in transit, digital signatures, hashing and key lifecycle management.

Key aspects

Encryption at rest and in transit

Sensitive data must be encrypted when stored and transmitted, using current algorithms like AES-256.

Key management

The policy must cover generation, distribution, storage, rotation, revocation and secure destruction of cryptographic keys.

Regulatory compliance

GDPR, PCI DSS and local data protection laws require encryption as mandatory technical measure for personal and financial data.

Frequently asked questions

ISO 27002 requires recognized, current algorithms. AES-256 for symmetric and RSA-2048+ for asymmetric are current standards.

Not by itself. Must be complemented with access controls, monitoring, incident management and staff awareness.

Comparison

Ready to act on these findings?

Need an assessment in this area?

Request diagnosis→View research→

Loading content…

Cryptography

Key aspects

Encryption at rest and in transit

Key management

Regulatory compliance

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

Cryptography

Key aspects

Encryption at rest and in transit

Key management

Regulatory compliance

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

Cryptography

Key aspects

Encryption at rest and in transit

Key management

Regulatory compliance

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

Cryptography

Key aspects

Encryption at rest and in transit

Key management

Regulatory compliance

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?