Technology of Information Security
As our society grows comfortable and dependent to technology, particularly on the matter of formulating or designing, transferring or receiving, decoding, and storing information, the security of this information also becomes one of the major concerns. This is especially true for organizations that rely on Information Technology or IT systems to manage information utilized by their company to make informed decisions that will contribute to their success in goal or objective accomplishment. Even individuals or private users of computers for that matter, share the need for privacy and security of information since they also create, obtain, and disseminate sensitive information for other authorized individuals.
Due to this particular demand, various companies and individuals who focus on software developing have designed and established programs or applications that allow individuals and organizations to afford information security at their fingertips. One of these programs and applications include Pretty Good Privacy of PGP. The remainder of this text will discuss the definition of PGP, its benefits and advantages, as well as its efficiency and appropriateness for the security needs and demands of organizations and individuals alike.
Zimmermann developed PGP in 1991. As a means to develop the commercial value of the system, it was allowed to be managed by Network Associates or NAI in 1998. Although handling PGP was done in good faith, NAI was unable to manage the system well, limiting the access of online users to the said product. NAI disabled the ability of online users to utilize, test, and review the strengths and advantages of PGP. This slowly caused the demise of PGP. However, in 2002, PGP was transferred under the management of PGP Corporation. PGP Corporation decided that in order to continually improve PGP they should allow the program to peer reviewed as a freeware. Now, PGP is made available by PGP Corporation in various sites and sources such as the company itself and Zimmermann. (Zimmermann, N.D.)
PGP was designed to be installed to computer operating systems. The main purpose of PGP is to provide its users with privacy and another service which allows authentication to ensure that information is handled securely by authorized individuals. Initially, it was designed by Philip Zimmermann in order to protect electronic mailboxes by overseeing the process of signing in, the encoding of electronic messages being sent, and the decoding of electronic messages being received. Since then PGP has evolved to various encryption systems incorporating new systems or services that improves security of information for e-mail users. (Wikipedia, 2009)
PGP works as an encryption system, allowing users to be able to utilize the technology of cryptography and another system or technology which ties up usernames to e-mail addresses for recognition or authentication. Another method or technique utilized by PGP to authenticate the information presented by online users wishing to sign in to their e-mail boxes includes the requirement of digital signatures for each time. The digital signature is created every time a user sends an electronic message. In the process, PGP allows the identification of hacking or tampering to e-mail messages being sent or received just in case they were intercepted during transmission. In addition, the technology of PGP initiates the creation of various systems or technologies that help in securing information such as certificates from the OpenPGP system which identifies keys to its genuine owner. (Wikipedia, 2009)
The conditions initiated and presented by PGP is equally beneficial to individuals and organizations alike, but reviewing the benefits and advantages of PGP and cryptography as a technology suggest that organizations are more likely to benefit greatly from it as compared to the activities conducted by individuals over IT systems such as personal e-mails, etc. Apparently, cryptography, which comprises majority of the services that PGP provides for its users, weakens the ability of external parties to violate IT system security and obtain valuable data in the process. Although it will not be able to prevent external parties from going over one’s files, and such, it does prevent that obtainment of valuable and significant information. Another good thing about it is that it is able to assess the condition of the IT system security and determine what users should do in order to improve security. (Schneier, 1997)
Although the benefits and advantages of PGP have been clearly presented, individuals should understand that utilizing PGP requires knowledge and expertise on the system. This lessens the efficiency and appropriateness of PGP as a security system for individuals since not everyone has the capacity to understand the commands or protocols that make PGP work. This will require time and effort for learning the language of PGP, which is easily facilitated by organizations. Organizations have enough time and resources for one or more of the members of their organizations to learn the codes to make PGP work which will make the system work to their advantage. (Schneier, 1997) Another thing that makes PGP more suitable for the use of organizations is that it was clearly designed to oversee the security flaws and deficiencies of a large system, analyzing and evaluating the system, the implementation of software and hardware, etc. PGP was meant to oversee a large-scale security system which complicates its structure and dimensions. For these reasons, we realize that PGP is clearly beneficial to organizations as compared to the possible contributions that it might provide for individuals in terms of the commonly much needed e-mail security, and nothing else.
Schneier, B. (1997). Why Cryptography Is Harder Than It Looks. Retrieved January 4,
2009, from Schneier. Website: http://www.schneier.com/essay-037.html
Wikipedia. (2009). Pretty Good Privacy. Retrieved January 4, 2009, from Wikimedia Foundation, Inc. Website: http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Zimmermanns, P. (N.D.) Where to Get PGP. Retrieved January 4, 2009, from Phil Zimmermann & Associates LLC. Website: http://philzimmermann.com/EN/findpgp/