Cryptography is the science and practice of securing information by transforming it into an unreadable format using mathematical algorithms. It encompasses encryption (protecting confidentiality), hashing (ensuring integrity), digital signatures (providing authentication and non-repudiation) and key management (safeguarding the cryptographic keys themselves).
ISO 27001 Annex A includes specific controls for cryptographic policy and key management, requiring organisations to define rules for the use of cryptography and to protect keys throughout their lifecycle. In practice, cryptography underpins secure communications (TLS/SSL), data-at-rest protection (AES encryption), authentication systems and regulatory compliance. Organisations must stay current with evolving standards, particularly as quantum computing threatens to render current algorithms obsolete.