The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

 ISACA Instructs Basic Cryptographic Adoption in Four Phases 

Rolling Meadows, IL, USA (13 October 2017) – Auditors are faced with rigorous tasks that require mathematical, science and technical skills that should familiarize them with the cryptographic concepts associated with auditing. However, that isn’t always the case.


In a recent white paper issued by global technology association ISACA, research found that most auditors may not possess the more technical skillset but are still able to assess cryptographic systems. Assessing Cryptographic Systems includes a four-phase process that can be tailored based on auditor skillset, culture, regulatory requirements and other context. The model consists of the following phases, which can be conducted in any order:


  • Inventory and discovery

  • Risk-based shakeout

  • Evaluation of implementation details

  • Hands-on testing


“Cryptographic assessment can be difficult, with a need for deeper understanding of mathematics and engineering involved in system protocols,” said Rob Clyde, CISM, vice-chair of ISACA’s board of directors and managing director of Clyde Consulting LLC. “However, with proper implementation of basic practices like the ones reflected in the white paper, it is achievable.”


Familiarity with cryptographic concepts, applications, potential vulnerabilities and threats can enhance an auditor’s skillset, making it applicable in all environments. The new ISACA guidance also provides auditors with a general overview of cryptography, including:


  • Terminology, concepts and components

  • Cryptosystem fundamentals

  • Cryptosystem applications and assessment in context

  • Cryptosystem assessment in practice

  • Ongoing monitoring


Assessing Cryptographic Systems is available as a free download. Additionally, a free Sample Policy on the Use of Cryptographic Controls has also been created for use in the enterprise in an effort to enforce a uniform company-wide policy.



Nearing its 50th year, ISACA ( is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 215 chapters and offices in both the United States and China.