Hi @benjaminb

 

There is a stack of resources available on this subject:  Just doing an Amazon.com look for books on cryptography for instance will turn up: 

 

Serious Cryptography:  A Practical Introduction to Modern Encryption - November 2017

 

https://www.amazon.com/gp/product/1593278268/ref=s9_acsd_zwish_hd_bw_b10V_c_x_2_w/143-9844400-565591...

 

Applied Cryptography:  Protocols, Algorithms and Source Code in C - 20th edition

 

https://www.amazon.com/dp/1119096723/ref=rdr_ext_tmb#reader_1119096723

 

But if you have access to University or IEEE resources, they have plenty of resources open to you to study with the appropriate level of mathematics.

 

Regards

 

Cautim_Cautim

 

But whilst you at it, I suggest you also look at Quantum Cryptography, which will make most of the traditional algorithms redundant. 

 

 

Is a good rabbit hole to go into. I have worked both offensive and defensive security in my 15 yrs. Currently focusing on Cryptographic solutions for a financial services organization. I recommend further reading as suggested, but to also follow what some of the vendors are doing. 

 

https://software.microfocus.com/en-us/products/voltage-data-encryption-security/overview

https://www.pkware.com/

https://www.ibm.com/us-en/marketplace/guardium-file-and-database-encryption

 

In the grand scheme of things it is all about data protection. Protecting data at rest, data in use, data in transit. Congrats on passing your exam and welcome to the ISC2 family....

> benjaminb (Viewer) posted a new topic in Tech Talk on 08-05-2018 04:56 PM in the

> My dear fellow colleagues,   After having passed CISSP last year I would like
> to get more knowledge on cryptography.

OK, since you've already passed, I won't recommend "Internet Cryptography" by
Richard E. Smith and "Cryptography Decrypted" by H. X. Mel and Doris Baker.

> Practical stuff like lifecycle, key
> management, crypto-period, best type of algo for specific usage, cloud &
> in-house HSM for keygen and signing etc...   The intro in CISSP was great but
> I want more hands on, use-case knowledge etc... Any books or online courses that
> you could recommend me ? Fyi, I'm less interested in the mathematical side of
> things.

Ah, it's always the implementation details. Sadly, those are not one-size-fits-all,
so you won't find them directly in the literature. But:

"Applied Cryptography" by Bruce Schneier is an excellent and thorough text,
intro or reference for professional or serious hobbyist. And *I* say it's readable,
too, as is pretty much anything Schneier writes. (I find the simpler texts do not
have sufficient depth in one area or another.) Yes, it has a lot of math, but it also
has explanations of the math, so, if you don't like math, just read the
explanations. You will find that anyone who is into programming of crypto hates
Schneier, and says that his code is crap, which is true. Depends on if you just want
to steal someone's code, or actually understand crypto.
http://victoria.tc.ca/int-grps/books/techrev/bkapcryp.rvw

"Decrypted Secrets", F. L. Bauer
good general coverage.
http://victoria.tc.ca/int-grps/books/techrev/bkdecsec.rvw

One general cryptography textbook, "The Handbook of Applied Cryptography,"
by Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, is available
online, but it is heavily into mathematics, with very little in the way of general
explanations.
http://www.cacr.math.uwaterloo.ca/hac/

"Information Security: Principles and Practice" by Mark Stamp is solid.

"The Codebreakers" by David Kahn, will give you nothing about the technology,
but, being a history, will give you pointers to the implementation dangers you
want.

For more specialized areas:

"Cryptography and Network Security", William Stallings
able reference and tutorial, also:
http://victoria.tc.ca/int-grps/books/techrev/bkcrntsc.rvw

"Network and Internetwork Security", William Stallings
another classic from Stallings, primarily on encryption.
http://victoria.tc.ca/int-grps/books/techrev/bkntinsc.rvw

"SSL and TLS: Theory and Practice", Rolf Oppliger
SSL is a bit specialized, but it is widely used and important. More significantly,
however, Oppliger's work is exemplary in both explaining the technology, and
dealing with the practicalities and implementations. (In fact, I'm not sure whether
this should be here or in telecom.)
http://victoria.tc.ca/int-grps/books/techrev/bksslttp.rvw

"Cryptanalysis", Helen Fouche Gaines
was written in 1939, so it will NOT help you through the exam, but it's an
intriguing look at the various ciphers developed over the years, and the great ways
people have created to break them. Again, implementation details.
http://victoria.tc.ca/int-grps/books/techrev/bkcrptan.rvw

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
If men use their liberty in such a way as to surrender their
liberty, are they thereafter any the less slaves? If people by a
plebiscite elect a man despot over them, do they remain free
because the despotism was of their own making? Are the coercive
edicts issued by him to be regarded as legitimate because they
are the ultimate outcome of their own votes?
- Herbert Spencer (1820-1903), The Man versus the State (1884)
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade