Choosing an Encryption Algorithm
The most important decision you need to make when deciding to use encryption is the selection of an algorithm. If you will have a small number of users or aren't concerned with the complexity of allowing each pair of individuals to privately communicate with each other, the faster and more lightweight symmetric algorithms may be the choice for you. On the other hand, if you have a large number of users and want to allow any arbitrary pair of users to communicate privately without any other user being able to read the message, or you need the benefits of digital signatures, you may wish to choose an asymmetric algorithm.
The most important thing to keep in mind when choosing an encryption algorithm is that you should select an algorithm that is widely used and accepted by the security community. Unless you are a highly skilled and well-trained mathematician, you should never try to write your own encryption algorithm. It's simply far too difficult to create an algorithm that is not inherently flawed. Think of it as building your own pacemaker: It's simply not worth the risk!
The same advice is true for any products or services you purchase. If the vendor refuses to tell you the algorithm used, perhaps citing "security reasons" or insists that they have a very strong "proprietary encryption algorithm," run away as fast as you can. These are red flags that the product may actually have woeful encryption technology.
The security of any encryption algorithm should never depend upon the secrecy of the algorithm itself. Rather, the algorithm should be publicly disclosed and open to the cryptographic community for analysis. The true security of the algorithm should always lie in the security of the keys used to decrypt messages.
Those are the basics of encryption and decryption. Now that you have a solid foundation in the use of these algorithms, you should be able to intelligently evaluate the use of cryptography in your organization.
For more information on encryption, see Chapters 9 and 10 of the CISSP Study Guide from Sybex.