Key Management Plan For Senthara Health Care (Research Paper Sample)
Enterprise Key Management Transcript
As a security architect and cryptography specialist for Superior Health Care, you're familiar with the information systems throughout the company and the ranges of sensitivity in the information that is used, stored and transmitted. You're also expected to understand health care regulations and guidelines because you're responsible for advising the chief information security officer, or CISO, on a range of patient services, including the confidentiality and integrity of billing, payments, and insurance claims processing, as well as the security of patient information covered under the Health Insurance Portability and Accountability Act, or HIPAA.
You also have a team of security engineers, SEs, that help implements new cryptographic plans and policies and collaborates with the IT deployment and operations department during migrations to new technology initiatives. This week, the CISO calls you into his office to let you know about the company's latest initiative.
"We're implementing eFi, web-based electronic health care, and that means we need to modernize our enterprise key management system during the migration,” he says. The CISO asks for an enterprise key management plan that identifies the top components, possible solutions, comparisons of each solution, risks and benefits, and proposed risk mitigations.
The plan will help create an enterprise key management system. The SEs would be responsible for the implementation, operation, and maintenance of the plan and system. The CISO also wants you to come up with an enterprise key management policy that provides processes, procedures, rules of behavior, and training.
Step 1.Identify Components of Key Management
Key management will be an important aspect of the new electronic protected health information (e-PHI). Key management is often considered the most difficult part of designing a cryptosystem.
Choose a fictitious or an actual organization. The idea is to provide an overview of the current state of enterprise key management for Superior Health Care.
Review these authentication resources to learn about authentication and the characteristics of key management.
Provide a high-level, top-layer network view (diagram) of the systems in Superior Health Care. The diagram can be a bubble chart or Visio drawing of a simple network diagram with servers. Conduct independent research to identify a suitable network diagram.
Read these resources on data at rest, data in use, and data in motion.
Identify data at rest, data in use, and data in motion as it could apply to your organization. Start by focusing on where data are stored and how data are accessed.
Review these resources on insecure handling, and identify areas where insecure handling may be a concern for your organization.
Incorporate this information in your key management plan.
Answer these few questions based on the project
1. What types of interesting observations did you learn about enterprise key management that you did not know before?
2. What kinds of challenges would you face while implementing an enterprise key management system?
3. Which of the key management functions did you find the easiest to understand? The hardest? Explain your answers.
4. Which key management functions would you recommend to the CISO to implement and why?
Step 3: Identify Key Management Gaps, Risks, Solutions, and Challenges
In this step, you will conduct independent research on key management issues in existing organizations. You will use this research to help identify gaps in key management, in each of the key management areas within Superior Health Care.
Conduct independent research to identify typical gaps in key management within organizations. Incorporate and cite actual findings within your key management plan. If unable to find data on real organizations, use authoritative material discussing typical gaps.
Identify crypto attacks and other risks to the cryptographic systems posed by these gaps. Read these resources to brush up on your understanding of crypto attacks.
Propose solutions organizations may use to address these gaps and identify necessary components of these solutions.
Finally, identify challenges, including remedies, other organizations have faced in implementing a key management system.
Include this information in your enterprise key management plan.
Provide a summary table of the information within your key management plan.
Incorporate this information in your implementation plan.
Step 4: Provide Additional Considerations for the CISO
Explain the uses of encryption and the benefits of securing communications by hash functions and other types of encryption. When discussing encryption, be sure to evaluate and assess whether or not to incorporate file encryption, full disk encryption, and partition encryption. Discuss the benefits of using DES, triple DES, or other encryption technologies. To complete this task, review the following resources:
Uses of encryption
types of encryption
Describe the use and purpose of hashes and digital signatures in providing message authentication and integrity. Review these resources on authentication to further your understanding. Focus on resources pertaining to message authentication.
Review the resources related to cryptanalysis. Explain the use of cryptography and cryptanalysis in data confidentiality. Cryptanalysts are a very technical and specialized workforce. Your organization already has a workforce of security engineers (SEs). Cryptanalysts could be added to support part of the operation and maintenance functions of the enterprise key management system. Conduct research on the need, cost, and benefits of adding cryptanalysts to the organization’s workforce. Determine if it will be more effective to develop the SEs to perform these tasks. Discuss alternative ways for obtaining cryptanalysis if the organization chooses not to maintain this new skilled community in-house.
Research and explain the concepts and practices commonly used for data confidentiality: the private and public key protocol for authentication, public key infrastructure (PKI), the X.509 cryptography standard, and PKI security. Read about the following cryptography and identity management concepts: public key infrastructure and the X.509 cryptography standard.
Incorporate this information in your implementation plan.
Step 5: Analyze Cryptographic Systems
In this step, you will recommend cryptographic systems that your organization should consider procuring. Independently research commercially available enterprise key management system products, discuss at least two systems and recommend a system for Superior Health Care.
Describe the cryptographic system, its effectiveness, and efficiencies.
Provide an analysis of the trade-offs of different cryptographic systems.
Review and include information learned from conducting independent research on the following topics:
1. Security index rating
2.Level of complexity
3. availability or utilization of system resources
Include information on the possible complexity and expense of implementing and operating various cryptographic ciphers. Check out these resources on ciphers to familiarize yourself with the topic.
Incorporate this information in your implementation plan.
Step 6. Using the materials produced in those steps, develop your Enterprise Key Management Plan for implementation, operation, and maintenance of the new system. Address these as separate sections in the plan.
In this plan, you will identify the key components, the possible solutions, the risks, and benefits comparisons of each solution, and proposed mitigations to the risks. These, too, should be considered as a separate section or could be integrated within the implementation, operation, and maintenance sections.
A possible outline could be:
VII.Benefits and Risks
Note- Time is crucial for this project and in-text citation as well. Thank you.
Key Management Plan for Sentara Health Care
Sentara Healthcare (SHC) will implement eFi, an electronic health care system that will allow the organization to modernize the enterprise key management system. In cryptographic analysis, processing confidential data is identified and protected against threats without ignoring flexibility when making changes. The keys protect highly confidential data and applications, and when implementing the cryptographic plans it is crucial to create an affective key management plan. Identifying the key components, the possible solutions, comparing each of the solutions, risks and benefits as well as risk mitigations are proposed in the management plan.
Data storeServer Key databaseLogLogSecurity incidentsKey Management ClientAuthentication and authorization managementWAN Components of Key Management
The key components are useful to create and plan for effective key management. Cryptography is responsible for transforming a message into a text in number, and this is possible through encryption, which prevents unauthorized persons from knowing the content of the messages (Guo et al., 2019). SHC has a WAN system that supports the cloud based system, and there are is secure authentication process to access the various network resources. A key management system also has key servers and user protocols, and the cryptosystem is secure when the key management system is also secure (Ogiela & Ogiela, 2015). There are different network devices and operating systems and devices, controlling access to the organization’s resources prioritized so that authorized users can access business functions when they need to. Modernizing the system requires review of key management practices to improve security, and access/authorization. Assessing capabilities, vulnerabilities, risks and weaknesses of the different business functions to is crucial to protecting the privacy of the hospital’s data. The business functions are Administration, Clinical, Finance and Management.
Encryption may be on incorrect data and to ensure there s no insecure handling of data, there is focus on strong encryption of the correct data. Additionally, ensuring that there is proper key storage and management and that there is secure cryptography reduces vulnerability (Kwon et al., 2017). At the same time, identifying people who should and should not handle the sensitive data is important to maintain security. Security scanning tools are useful to determine whether the cryptography storage is secure.
Key Management Gaps, Risks, Solutions, and Challenges
Key management is essential in encrypting and protecting data and effective encryption products are used to manage the cryptographic keys. There is risk of mishandling and exposing the cryptographic keys to unauthorized person when there is improper key management. This is especially when there is no clarity on system administration and managing keys. Yet, the task of key management requires procedures on maintaining and recovering keys. If there is loss or corruption of the keys this may result in loss of access to the data and system and in extreme cases the system becomes unusable unless reinstalled.
Cryptographic techniques are useful to encrypt data transmission, but there are still vulnerable to attacks and unauthorized access. Strengthening the encryption technique is crucial to improve the security of the network infrastructures (Phatak, 2013). The algorithm used for encryption and decryption should also be secure since there are cryptographic attacks that attempt to decipher the keys to get access to data transmission (Phatak, 2013). Cryptography protect data against attacks and unauthorized access and ...
YOU MAY ALSO LIKE
- Provide An Introduction To Digital Forensic AnalysisDescription: Forensic evidence was extracted using forensic tools and the electronic content was evaluated identified following collection, examination, analysis, and reporting....4 pages/≈1100 words | 3 Sources | APA | IT & Computer Science | Research Paper |
- A Secure Email Strategy For Cyber Tech InternationalDescription: LAN security is protecting the Local Area Network (LAN) and the devices that are connected to the LAN within a small area including the wireless networks threats include phishing, spyware, DOS and DDOS attacks, computer viruses and malwares...7 pages/≈1925 words | 5 Sources | APA | IT & Computer Science | Research Paper |
- Cyber Threat Analysis and Exploitation on US Financial Systems (AAR)Description: You are part of a collaborative team that was created to address cyber threats and exploitation of US financial systems critical infrastructure. ...10 pages/≈2750 words | 6 Sources | APA | IT & Computer Science | Research Paper |