Another way to attack cryptosystems is to find mathematical
            weaknesses in the algorithm, such as algebraic flaws that may
            allow a person to manipulate the cryptographic operation.

            A cryptanalyst may make a cipher-text only attack that examines
            samples of ciphertext and attempts to decode the messages.
            They may also measure the exact timing and power used by the
            cryptosystem to do the encryption or decryption process and
            learn information about the behaviors of the system from that
            data.




            Summary of Cryptography
            The security manager should know the strengths and
            weaknesses of symmetric and asymmetric algorithms, the
            methods of message integrity, the purpose of certificates, and
            how the various components of cryptography are used and work
            together.



            Access Controls
            Access control can be described as the heartbeat of information
            security.  It  is  through  controlling  access  to  our  networks,
            facilities,  equipment,  and  administrative  functions  that  an
            organization  is  best  able  to  preserve  the  security  of  its
            information.

            Access  control  is  usually  divided  into  four  sections;
            identification,  authentication,  authorization,  and  accounting
            (sometimes also called auditing). Each of these plays an important