Enterprise management Plan

Enterprise Key Management

Step 1: Identify Components of Key Management

Key management will be an important aspect of the new electronic protected health information (e-PHI). Key management is often considered the most difficult part of designing a cryptosystem.

Choose a fictitious or an actual organization. provide an overview of the current state of enterprise key management for the company.

Provide a high-level, top-layer network view (diagram) of the systems in the company. The diagram can be a bubble chart or Visio drawing of a simple network diagram with servers. Conduct independent research to identify a suitable network diagram.

Identify data at rest, data in use, and data in motion as it could apply to your organization. Start by focusing on where data are stored and how data are accessed.

identify areas where insecure handling may be a concern for your organization.

Incorporate this information in your key management plan.

Step 2: Identify key management gaps, risk, solutions, and challenges

 Identify gaps in key management, in each of the key management areas within Superior Health Care.

Identify crypto attacks and other risks to the cryptographic systems posed by these gaps.

Propose solutions organizations may use to address these gaps and identify necessary components of these solutions.

Finally, identify challenges, including remedies, other organizations have faced in implementing a key management system.

Include this information in your enterprise key management plan.

Provide a summary table of the information within your key management plan.

Incorporate this information in your implementation plan.

Step 3: Provide Additional Considerations for the CISO

1. Explain the uses of encryption and the benefits of securing communications by hash functions and other types of encryption. When discussing encryption, be sure to evaluate and assess whether or not to incorporate file encryption, full disc encryption, and partition encryption. Discuss the benefits of using triple DES or other encryption technologies.

2. Describe the use and purpose of hashes and digital signatures in providing message authentication and integrity. Focus on resources pertaining to message authentication.

3. Explain the use of cryptography and cryptanalysis in data confidentiality. Cryptanalysts are a very technical and specialized workforce. Your organization already has a workforce of security engineers (SEs). Cryptanalysts could be added to support part of the operation and maintenance functions of the enterprise key management system. Conduct research on the need, cost, and benefits of adding cryptanalysts to the organization’s workforce. Determine if it will be more effective to develop the SEs to perform these tasks. Discuss alternative ways for obtaining cryptanalysis if the organization chooses not to maintain this new skilled community in-house.

4. explain the concepts and practices commonly used for data confidentiality: the private and public key protocol for authentication, public key infrastructure (PKI), the X.509 cryptography standard, and PKI security. Keep in mind that sometimes it takes considerable evidence and research for organizational leaders to buy in and provide resources.

Incorporate this information in your implementation plan.

Step 4: Analyze Cryptographic Systems

In the previous step, you covered aspects of cryptographic methods. In this step, you will recommend cryptographic systems that your organization should consider procuring.

Independently research commercially available enterprise key management system products, discuss at least two systems, and recommend a system for Superior Health Care.

Describe the cryptographic system, its effectiveness, and its efficiencies.

Provide an analysis of the trade-offs of different cryptographic systems.

Review and include information learned from conducting independent research on the following topics:

· security index rating

· level of complexity

· availability or utilization of system resources

Include information on the possible complexity and expense of implementing and operating various cryptographic ciphers.

Incorporate this information in your implementation plan.

The following is the deliverable for this segment of the project:

Deliverables

· Enterprise Key Management Plan: An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.

A possible outline could be:

· Introduction

· Purpose

· Key Components

· Implementation

· Operation

· Maintenance

· Benefits and Risks

· Summary/Conclusion

Step 5: Develop the Enterprise Key Management Policy

The final step in this project requires you to use the information from the previous steps to develop the Enterprise Key Management Policy. The policy governs the processes, procedures, rules of behavior, and training for users and administrators of the enterprise key management system.

Research similar policy documents used by other organizations and adapt an appropriate example to create your policy.

Review and discuss the following within the policy:

· digital certificates

· certificate authority

· certificate revocation lists

Discuss different scenarios and hypothetical situations. For example, the policy could require that when employees leave the company, their digital certificates must be revoked within 24 hours. Another could require that employees must receive initial and annual security training.

Include at least three scenarios and provide policy standards, guidance, and procedures that would be invoked by the enterprise key management policy. Each statement should be short and should define what someone would have to do to comply with the policy.

The following is the deliverable for this segment of the project:

Deliverables

· Enterprise Key Management Policy: A two- to three-page double-spaced Word document.