enterprise key management plan and policy for a company, writing homework help

User Generated

xrrzl2017

Writing

Description

enterprise key management plan and policy for a company.

Unformatted Attachment Preview

In this project, you will create both an enterprise key management plan and policy for a company. The length of the plan should be eight to 10 pages double-spaced. The length of this policy should be two to three pages double-spaced. There are seven steps to complete the project. Most steps of this project should take no more than two hours to complete, and the project as a whole should take no more than one week to complete. Begin with the workplace scenario, and then continue to Step 1, “Identify Components of Key Management.” When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission. • 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. • 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. • 1.4: Tailor communications to the audience. • 2.1: Identify and clearly explain the issue, question, problem under consideration. • 2.2: Locate and access sufficient information to investigate the issue or problem. • 2.3: Evaluate the information in logical manner to determine value and relevance. • 2.4: Consider and analyze information in context to the issue or problem. • 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria. • 5.1: Knowledge of procedures, tools, and applications used to keep data or information secure, including public key infrastructure, point-to-point encryption, and smart cards. • 7.3: Knowledge of methods and tools used for risk management and mitigation of risk. • 7.4: Knowledge of policies, processes, & technologies used to create a balanced approach to identifying and assessing risks to information assets, personnel, facilities, & equipment, and to manage affordable mitigation strategies that meet security needs. Step 1: Identify Components of Key Management An important part of the new electronic protected health information (or e-PHI) system will be key management. As a security architect, you know that key management is often considered the most difficult part of designing a cryptosystem. The overall information in this step can be fictitious or modeled after an existing corporation, which should then be cited using APA format. The idea is to provide an overview of the current state of enterprise key management for Superior Health Care. To do so, you’ll need to know about authentication and the characteristics of key management. Brush up on your knowledge of authentication by reviewing the authentication resources. Then, provide a high-level, top-layer network view (diagram) of the systems in Superior Health Care. To do this, start by reading these resources on data at rest, data in use, and data in motion. The diagram can be a bubble chart or Visio drawing of a simple network diagram with servers. Independent research may be used to find one to use. Next, identify data at rest, data in use, and data in motion as it could apply to your company. Focus on where data is stored and how it’s accessed is a good place to start. Finally, review these resources on insecure handling, and identify areas where insecure handling may be a concern for your organization. Use this information in your implementation plan. In the next step, you will consider key management capabilities. Step 2: Learning Key Management Capabilities You have successfully examined what are the major components of an enterprise key management system for Superior Health Care. Now you must begin your research into CrypTool, to better understand enterprise key management by using this product. Enter Workspace and complete the “Enterprise key management” exercise. Do some quick independent research on Public Key Infrastructure as it applies to your organization. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to Discussions List for registration information) in which you can access resources to enable you to complete this project successfully. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Click here to access the Project 1 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace. In the next step, you will identify the key management gaps, risks, solutions, and challenges found in corporations. Step 3: Identify Key Management Gaps, Risks, Solutions, and Challenges In the previous step, you identified the key components of an enterprise key management system. In this step, you will conduct independent research on key management issues in existing corporations. These will be used to help identify gaps in key management, in each of the key management areas within Superior Health Care. First, conduct independent research to identify the gaps in key management that are in existing corporations. Any factual information should be cited using APA format. If data is lacking, use fictitious information. Then, identify the posed risks to the cryptographic systems as a result of these gaps, including but not limited to crypto attacks. Read these resources to brush up on your understanding of crypto attacks. Next, propose solutions that the companies could have used to address these gaps. Be sure to identify what is needed to implement these solutions. Finally, identify challenges other companies have faced in implementing a key management system. Include any proposed remedies to these challenges. Include this information in your enterprise key management plan. Also create a summary table of the information into a table to be included in the plan. You will use and submit this information in your implementation plan. In the next step, you will provide additional ideas for the CISO to consider. Step 4: Provide Additional Considerations for the CISO You have satisfactorily identified key management gaps. Now, since you are compiling information for the CISO, consider these additional objectives of an enterprise key management system. 1. Explain the uses of encryption and the benefits of securing communications by hash functions and other types of encryption. When discussing encryption, be sure to evaluate and assess whether or not to incorporate file encryption, full disc encryption, and partition encryption. Discuss the benefits to using DES, triple DES, or other encryption technologies. To complete these tasks, review the resources provided to you. You’ll need to understand the following topics: A. uses of encryption B. hash functions C. types of encryption D. DES E. triple DES 2. Describe the use and purpose of hashes and digital signatures in providing message authentication and integrity. Check out these resources on authentication to further your understanding. Focus on resources pertaining to message authentication. 3. Review the resources related to cryptanalysis, then explain the use of cryptography and cryptanalysis in data confidentiality. Cryptanalysts are a very technical and specialized workforce. Your organization already has a workforce of SEs. Conduct research on the need, cost, and benefits to adding cryptanalysts to the corporation’s workforce. This is to support part of the operation and maintenance function of the enterprise key management system. You are determining if it's more effective to develop the SEs to perform these tasks. If the corporation does not develop this new skilled community, what are other means for obtaining results of cryptanalysis? 4. Research and explain the concepts, in practice, that are commonly used for data confidentiality: the private and public key protocol for authentication, public key infrastructure (PKI), the x.509 cryptography standard, and PKI security. Take time to read about the following cryptography and identity management concepts: public key infrastructure and the x.509 cryptography standard. Use this information in your implementation plan. In the next step, you will provide information on different cryptographic systems for the CISO. Step 5: Analyze Cryptographic Systems In the previous step, you covered aspects of cryptographic methods. In this step, you will provide the CISO with information on different cryptographic systems either in use by other companies or systems that the company should consider procuring. You will need to independently research what key system products are available. You may research a company you have worked for or know about regarding the use of an enterprise key management system. The idea is for you to get acquainted with different systems that could be used by Superior Health Care. Describe the cryptographic system, its effectiveness and efficiencies. Provide analysis of the trade-offs of different cryptographic systems. Review and include information learned from conducting independent research on the following: • security index rating • level of complexity • availability or utilization of system resources Also include information on expenses as pertains to various cryptographic ciphers. Check out this resource on ciphers to familiarize yourself with the topic. Use this information in your implementation plan. In the next step, you will begin final work on the enterprise key management plan. Step 6: Develop the Enterprise Key Management Plan In the previous steps, you have gathered information about systems in use elsewhere. Using the learning and materials produced in those steps, develop your enterprise key management plan for implementation, operation, and maintenance of the new system. Address these as separate sections in the plan. In this plan, you will identify the key components, the possible solutions, the risks and benefits comparisons of each solution, and proposed mitigations to the risks. These, too, should be considered as a separate section or could be integrated within the implementation, operation and maintenance sections. A possible outline could be: • introduction • purpose • key components • implementation • operation • maintenance • benefits and risks • summary/conclusion The length of this report should be a 8-10 page double spaced Word document with citations in APA format. The page count does not include figures or tables. There is no penalty for using additional pages if you need them. Include a minimum of three (3) references. Include a reference list with the report. Submit your plan to the Assignment folder. When you are finished, turn your attention to the enterprise key management policy, which is the final step. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. • 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. • 1.4: Tailor communications to the audience. • 2.1: Identify and clearly explain the issue, question, problem under consideration. • 2.2: Locate and access sufficient information to investigate the issue or problem. • 2.3: Evaluate the information in logical manner to determine value and relevance. • 2.4: Consider and analyze information in context to the issue or problem. • 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria. • 5.1: Knowledge of procedures, tools, and applications used to keep data or information secure, including public key infrastructure, point-to-point encryption, and smart cards. • 7.1: Develop, implement, and maintain business continuity planning. • 7.3: Knowledge of methods and tools used for risk management and mitigation of risk. • 7.4: Knowledge of policies, processes, & technologies used to create a balanced approach to identifying and assessing risks to information assets, personnel, facilities, & equipment, and to manage affordable mitigation strategies that meet security needs. Step 7: Develop the Enterprise Key Management Policy The final step in your assignment requires you to use the information provided in the previous steps to develop the enterprise key management policy that provides the processes, procedures, rules of behavior, and training within the enterprise key management system. Be sure to address different case scenarios and hypothetical situations. You may want to research different policies used by companies and adapt those frameworks for creating your policy. Review and address the following within the policy: • digital certificates o certificate authority o certificate revocation lists For example, when employees leave the company, their digital certificates must be revoked within 24 hours. Another is that employees must receive initial and annual security training. Include up to three corporate scenarios and devise policy standards, guidance, and procedures that would be invoked by the enterprise key management policy. Each should be short statements to define what someone would have to do to comply with the policy. The overall information in the corporate scenarios can be fictitious or modeled after an existing corporation, which should then be cited using APA format. The length of this policy should be a two to three-page double-spaced Word document with citations in APA format. Submit your policy to the assignment folder. Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work. • • • • • • • • • • • • 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment. 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation. 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas. 1.4: Tailor communications to the audience. 2.1: Identify and clearly explain the issue, question, problem under consideration. 2.2: Locate and access sufficient information to investigate the issue or problem. 2.3: Evaluate the information in logical manner to determine value and relevance. 2.4: Consider and analyze information in context to the issue or problem. 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria. 5.1: Knowledge of procedures, tools, and applications used to keep data or information secure, including public key infrastructure, point-to-point encryption, and smart cards. 7.3: Knowledge of methods and tools used for risk management and mitigation of risk. 7.4: Knowledge of policies, processes, & technologies used to create a balanced approach to identifying and assessing risks to information assets, personnel, facilities, & equipment, and to manage affordable mitigation strategies that meet security needs.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Thank you.

Running head: Enterprise key Management Plan

Enterprise key Management Plan:
Name:
Institution affiliation:
Date:

1

Enterprise key Management Plan

2

Superior Healthcare
Introduction
Superior Healthcare is a for-profit 25-bed hospital that provides inpatient as well as
outpatient services to people who reside in Michigan & its neighboring areas. With the need to
ensure patient information remains confidential as well as information sharing within the health
care facility is not accessible to adversaries, an e-PHI will be installed in the healthcare facility.
In order to ensure and guarantee protection, an essential component of the e-PHI which is the
key management will be installed as well.
Key management involves generation, storage as well as replacement of keys that will
ensure data confidentiality as well as message integrity. In key management two types of keys
are the ones that are usually generated i.e. symmetric as well as asymmetric keys. Steps to be
followed in the implementation of the key management system are exchange, storage as well as
utilization. Exchange is the first step in key management in which the keys are exchanged
between the one sending the message as well as the one to receive the message. Once the keys
have been exchanged, they are then stored to ensure that information confidentiality is
maintained. Keys can be stored using an encryption as well as a password that enables the one to
receive the message to be able to store the information. Usually in key management the biggest
problem is the time the key should remain in use while still be able to ensure that the information
is fully protected. This type of challenge is usually handled by changing the key time and again
in order to ensure it cannot easily be figured out by third party attackers of the system.
In most cases key management in huge cooperation is a challenging issue considering
that the people in the organization are the ones who will be using the keys. This implies that they

Enterprise key Management Plan

3

is need to ensure acceptance among the people to reduce the number of flaws in the key
management system. Additionally, policies that are flawed may pose a very big challenge
implying that policies within the healthcare that may pose a challenge must be realigned to fit the
key management system.
Purpose
Since the health care needs to ensure that information shared between the doctors within
the healthcare the patients admitted in the healthcare are confidential as well as protected from
adversaries, key management should be practiced. The main purpose of key management will be
to come up with keys that will be utilized in the encryption as well as authentication processes
that are essential in securing information that is either stored, in motion or in in use. the
enterprise key management will be applied in this case so as to be able to offer encryption keys
that will be able to work in all operating systems.
The secondary purpose of key management will be to come up with encryption keys that
will enable the person sending a message on the healthcare network to be able to secure and
protect the information against attacks that may lead to a person no authorized to access the
information to access it. Secondly, the key management system will be in charge of coming up
with decryption keys that will enable the person to whom the message is being send to be able to
decrypt the message so as to be able to view the message. The decryption key is also essential in
ensuring that the one to receive the message is authenticated so as to prevent those who are not
supposed to have access to the information from viewing the message. Lastly, the enterprise key
management system will be tasked with key rotation periodically. This is essential to prevent
attackers from figuring the key when it has been used for quite a while. The period within which

Enterprise key Management Plan

4

keys should be in use will be determined by the Cryptanalysts who will be added to the staff of
the healthcare (Babbin, 2006).
Key Component
The key management components are; key servers, cryptographic protocol as well as user
procedures. The key serve is the computer that will accept and attend to cryptographic keys
belonging to users within the h...


Anonymous
Awesome! Perfect study aid.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags