What’s new in Cryptography

ISC2 published the 3rd edition of their CISSP CBK in late 2012.  I ordered my copy in December 2012 and said, “So what’s new in Crypto?”

First, let me say that all quoted material in this article is from the “Official (ISC)2 Guide to the CISSP® CBK Third Edition.”

Generally, with respect to all the domains, ISC2 and the authors of the 3rd Edition have placed emphasis (by bolding, bullet-pointing, or indenting) on some of the material that was in the 2nd Edition.  You can take that for what it is worth.  For example, in the section on “Key Concepts and Definitions”, the 2nd Edition simply had them listed as:

Key Clustering –

Where the 3rd Edition has them listed as:

  • Key Clustering

As I said, you can take that for what it is worth; the information remains the same.

Here are the things that I found different in Cryptography.

  • Preceding the section on “Issues Surrounding Cryptography” they’ve added a section on “The Cryptographic Lifecycle” and a section on “Algorithm/Protocol Governance.”
  • They added a single page on “Non-Repudiation,” no make that 2/3 of a page, sort of as an after-thought to Digital Signatures.  The bulk of this short page is the definition from NIST SP 800-57.  The rest is 7 lines of how to accomplish non-repudiation which is almost the same as the last paragraph of the section on digital signatures.
  • One typo of note – a known plaintext attack is listed as “Know plaintext.”
  • Checksums got dropped from 2nd Edition, or at least I couldn’t find it in 3rd Edition.

As always, InfoSec is updating the courseware to reflect this new re-sequencing of the Cryptography domain.