Quantum computing is a revolutionary area of computing that leverages the principles of quantum mechanics to perform computations. Unlike classical computers, which use bits to represent information as either 0s or 1s, quantum computers use quantum bits, or qubits. Qubits can exist in multiple states simultaneously, thanks to the phenomena of superposition and entanglement.

Quantum computing, with its unique properties, has the potential to revolutionize many fields. One of the key areas where quantum computing can make a significant impact is Cryptography. Quantum computers could potentially break many of the cryptographic systems currently in use by solving complex mathematical problems quickly. On the flip side, quantum mechanics can be used to create secure cryptographic methods, such as quantum key distribution, which are theoretically unbreakable.

The clause in ISO 27001:2022 that talks about encryption is 'Annex A, Control 8.24: Use of Cryptography'. This control outlines how organizations should use cryptographic methods to protect the confidentiality, integrity, authenticity, and availability of information.

Cryptographic algorithms such as RSA (Rivest-Shamir-Adleman) and ECDA (Elliptic Curve Digital Signature Algorithm) are not quantum computing resistant. RSA relies on the difficulty of factoring large integers, a problem that can be efficiently solved by a quantum computer using Shor's algorithm. This means that once quantum computers become powerful enough, they will be able to break RSA encryption. ECDSA, like other elliptic curve cryptography (ECC) schemes, relies on the difficulty of solving the elliptic curve discrete logarithm problem. Again, quantum algorithms can solve this problem efficiently, which means that a sufficiently powerful quantum computer could break ECDSA encryption.

To address this vulnerability, researchers are developing 'post-quantum cryptographic algorithms' that are resistant to quantum attacks. These algorithms are based on mathematical problems that are believed to be hard for both classical and quantum computers.

Do you want to adjust your ISMS in order to align it with future risks such as quantum computing? A CMI Certification will help you to do this and more, contact us via email: contact@certifymyisms.com

Did you know: That a CMI Certification will allow you to have a technical assessment for the controls that you put in place to protect your organization, and to improve your overall security posture, even with risks such as quantum computing.