Security Vulnerability Report (continuation)

Encryption Methodologies to Protect an Organization’s Data Paper

Encryption Methodologies to Protect an Organization’s Data Paper 8

Encryption Methodologies to Protect an Organization’s Data Paper

David Dorsaima

CMGT/431

December 1, 2019

Steven Powelson

Encryption Policy for an Organization

The security of an organization is one of the key factors that determines success. In a world where technological advances have been made in all sectors, there is a need to ensure that robust measures are put in place to manage the prevailing situation. Lights on Dance (LOD) must also be able to initiate an encryption policy that would prevent loss of the critical data that has become a common scene in most organizations. We must keep in mind, zero loss is rare, but still is LOD goal. Hackers and malicious individuals have often taken advantage of any loopholes within an organization`s structure to steal and destroy any critical data for the organization. Therefore, such loopholes must be effectively managed by putting into place policies that would prevent the loss of such crucial data (Basmov et al. 2016).

LOD has a plethora of sensitive data that must be taken care of and monitored to ensure that this data isn’t lost or compromised. Examples:

· User/Customer information: Crucial data for LOD’s long term success. The sensitive data might comprise of names of the clients/Users, email, addresses, payment information, application attributes and/or social security numbers.

· Employee data: Similar to Customer/User data, our database may comprise of employee's address, email, payment/payroll details, social security numbers and data associated with credential processing.

· Proprietary Data: (Intellectual property and trade secrets) All companies have secrets behind success that they rely on when making critical decisions.

· Operational information: All the details in the inventory books are usually sensitive company data that should not be disclosed to the public.

Therefore LOD’s encryption policy shall be in place to ensure crucial data points are effectively managed to prevent data loss.

Asymmetric and Symmetric Encryption Methodologies

The security of sensitive data is a matter of priority, that must be fully taken care of to ensure intrusion doesn’t take place. The best encryption method must be used to protect the data within the network. Therefore, in this case, we highlight some of the best available encryption keys that can always be used to protect our data. Asymmetric encryption method: Usage of both private and public keys to encrypt and decrypt messages. The sender and receiver must have the decryption keys to access the data. This is commonly used by the PKI in which the user's information is kept away from unwanted hands, thus preventing threats and damage posed by intruders (Budish, Burkert & Gasser, 2018).

On the other, there is an asymmetric encryption method in which there is a single key that has to be shared among all users. In this case, the users must have this key to be able to access these sensitive data. In this case, there are TLS and SSL which are cryptographic protocols designed to provide communication security whenever used. They provide instant communication through messaging, emailing, web browsing and voice over IP. Therefore, LOD shall be able to incorporate these protocols, which would ensure mitigation of data loss.

Common Security Threats

There are various ways in which LOD might be exposed to threats and potential data loss. For instance, the issue of social engineering and phishing in which the employees might unknowingly or knowingly give access to critical data to unwanted persons. This is usually determined when the damage has already been done. It can be prevented by training employees on such issues (Byrne, 2018).

In addition, preventing poor password practices, while also discouraging entry/access from unwanted person, is a great step in the right direction. In most cases, employees often use passwords commonly used and known in the public domain, thus making it easier for an intruder to take note of such loopholes and attack from there.

Implementation of Encryption Methods

Protection of LOD’s sensitive data can only be done by implementing the use of an encryption method. Therefore, there should be the use of PKI, SSL, and TLS to ensure that all sectors of the company are well secured. This means that there must be the use of both primary and public keys for anyone that seeks to access data from the organization by the use of PKI. On the other hand, one must have a primary key to access data when using both TLS and SSL which are highly reliable and efficient when used.

References

Basmov, I., Nyström, M. B. G., Semenko, A. M., MacIver, D. M., & Li, D. (2016). U.S. Patent No. 9,477,614. Washington, DC: U.S. Patent and Trademark Office.

Budish, R. H., Burkert, H., & Gasser, U. (2018). Encryption Policy and its International Impacts: A Framework for Understanding Extraterritorial Ripple Effects.

Byrne, S. (2018). U.S. Patent No. 10,104,044. Washington, DC: U.S. Patent and Trademark Office.