User Account

All Pages

Create an enterprise key management system

Assignment Help Computer Network Security
Reference no: EM131784733

Project 1:

Enterprise Key Management As a security architect and cryptography specialist for Superior Healthcare you're familiar with the information systems throughout the company and the ranges of sensitivity in the information that is used, stored, and transmitted. You're also expected to understand healthcare regulations and guidelines because you're responsible for advising the Chief Information Security Officer, or CSO, on a range of patient services, including the confidentiality and integrity of billing, payments, and insurance claims processing, as well as the security of patient information covered under the Health Insurance Portability and Accountability Act, or HIPAA. You also have a team of Security Engineers, SEs, that help implement new cryptographic plans and policies and collaborate with the IT deployment and operations department during migrations to new technology initiatives. This week, this CSO calls you into his office to let you know about the company's latest initiative. "We're implementing eFi, web-based electronic health care, and that means we need to modernize our enterprise key management system during the migration.", he says. The CSO asks for an enterprise key management plan that identifies the top components, possible solutions, comparisons of each solution, risks and benefits, and proposed risk mitigations. The plan will help create an enterprise key management system. The SEs would be responsible for the implementation, operation, and maintenance of the plan and system. The CSO also wants you to come up with an enterprise key management policy that provides processes, procedures, rules of behavior, and training. The new web-based system needs to be running in a month. So you'll have a week to put together your enterprise key management plan and the accompanying policy.

Step 1: Identify Components of Key Management

An important part of the new electronic protected health information (or e-PHI) system will be key management. As a security architect, you know that key management is often considered the most difficult part of designing a cryptosystem.

The overall information in this step can be fictitious or modeled after an existing corporation, which should then be cited using APA format. The idea is to provide an overview of the current state of enterprise key management for Superior Health Care.

To do so, you'll need to know about authentication and the characteristics of key management. Brush up on your knowledge of authentication by reviewing the authentication resources. Then, provide a high-level, top-layer network view (diagram) of the systems in Superior Health Care. To do this, start by reading these resources on data at rest, data in use, and data in motion. The diagram can be a bubble chart or Visio drawing of a simple network diagram with servers. Independent research may be used to find one to use.

Next, identify data at rest, data in use, and data in motion as it could apply to your company. Focus on where data is stored and how it's accessed is a good place to start. Finally, review these resources on insecure handling, and identify areas where insecure handling may be a concern for your organization.

Use this information in your implementation plan.

In the next step, you will consider key management capabilities.

Step 2: Learning Key Management CapabilitiesProject 1 Workspace Exercise
Instructions
Assignment Rules
1. Each student has to do the lab individually. No content directly quoted from the Internet or other sources is allowed.
2. Lab procedure needs to be documented and results should be listed in the submission.
Assignment Objectives
- Use open source PKI-based encryption tool CrypTool 2 to understand key management in Windows environments.
- Use manuals and general guidance to manage key pairs.
- Perform key management functions that include creating, using, distributing, and revoking key pairs. Record information that could help in developing the key management plan and policy.

Option 1: Run CrypTool 2 on Your Own PC
To install CrypTool 2 on any Windows-type operating system, download the tool from the website and double-click on the executable cryptool setup, tar, or zip file that corresponds to your operating system. There are 32- and 64-bit versions available. Choose the English version and then follow the onscreen instructions.

Lab Part 2: Advanced Cryptography Functions

Introduction
In Part 1 of the lab, we looked into understanding the basic functions of CrypTool 2 and how to use them. The objective of this part of the lab is to demonstrate some of the more advanced techniques CrypTool 2 has to offer.
DES
CrypTool2 offers two variations of the DES cipher, electronic codebook (ECB) and cipher-block chaining (CBC). These are both known as block cipher modes of operation. As discussed in the report, DES breaks down a plaintext message into 64 bit-sized blocks. These are then converted to 64 bit blocks of ciphertext.
Conventionally, these ciphertext blocks have no relation to one another's encoding; this is the former of the two methods, ECB. There is, however, a weakness with this method: The DES encodes two identical plaintext blocks as two identical ciphertext blocks. In a message where there could be large repletion of a 64-bit block, say an image, this could reveal patterns in the ciphertext message and ultimately lead to it having been deciphered. CBC is a method that overcomes this by combining each block with its preceding block with an exclusive-OR logic gate (like the Vernam cipher).
A factor that can make this cipher at times impractical is that the whole message must be transmitted error-free in order for it to be comprehensibly deciphered at the receiver side. With the ECB method, an error in one block will only affect the deciphering of that one block and not the entire message.

Step 3: Identify Key Management Gaps, Risks, Solutions, and Challenges
In the previous step, you identified the key components of an enterprise key management system. In this step, you will conduct independent research on key management issues in existing corporations. These will be used to help identify gaps in key management, in each of the key management areas within Superior Health Care.
First, conduct independent research to identify the gaps in key management that are in existing corporations. Any factual information should be cited using APA format. If data is lacking, use fictitious information.
Then, identify the posed risks to the cryptographic systems as a result of these gaps, including but not limited to crypto attacks. Read these resources to brush up on your understanding of crypto attacks.
Next, propose solutions that the companies could have used to address these gaps. Be sure to identify what is needed to implement these solutions.
Finally, identify challenges other companies have faced in implementing a key management system. Include any proposed remedies to these challenges.
Include this information in your enterprise key management plan. Also create a summary table of the information into a table to be included in the plan.
You will use and submit this information in your implementation plan.
In the next step, you will provide additional ideas for the CISO to consider.
Step 4: Provide Additional Considerations for the CISO
You have satisfactorily identified key management gaps. Now, since you are compiling information for the CISO, consider these additional objectives of an enterprise key management system.

1. Explain the uses of encryption and the benefits of securing communications by hash functions and other types of encryption. When discussing encryption, be sure to evaluate and assess whether or not to incorporate file encryption, full disc encryption, and partition encryption. Discuss the benefits to using DES, triple DES, or other encryption technologies. To complete these tasks, review the resources provided to you. You'll need to understand the following topics:
A. uses of encryption
B. hash functions
C. types of encryption
D. DES
E. triple DES
2. Describe the use and purpose of hashes and digital signatures in providing message authentication and integrity. Check out these resources on authentication to further your understanding. Focus on resources pertaining to message authentication.
3. Review the resources related to cryptanalysis, then explain the use of cryptography and cryptanalysis in data confidentiality. Cryptanalysts are a very technical and specialized workforce. Your organization already has a workforce of SEs. Conduct research on the need, cost, and benefits to adding cryptanalysts to the corporation's workforce. This is to support part of the operation and maintenance function of the enterprise key management system. You are determining if it's more effective to develop the SEs to perform these tasks. If the corporation does not develop this new skilled community, what are other means for obtaining results of cryptanalysis?

4. Research and explain the concepts, in practice, that are commonly used for data confidentiality: the private and public key protocol for authentication, public key infrastructure (PKI), the x.509 cryptography standard, and PKI security. Take time to read about the following cryptography and identity management concepts: public key infrastructure and the x.509 cryptography standard.
Use this information in your implementation plan.
In the next step, you will provide information on different cryptographic systems for the CISO.
Step 5: Analyze Cryptographic Systems
In the previous step, you covered aspects of cryptographic methods. In this step, you will provide the CISO with information on different cryptographic systems either in use by other companies or systems that the company should consider procuring. You will need to independently research what key system products are available. You may research a company you have worked for or know about regarding the use of an enterprise key management system. The idea is for you to get acquainted with different systems that could be used by Superior Health Care.
Describe the cryptographic system, its effectiveness and efficiencies.
Provide analysis of the trade-offs of different cryptographic systems. Review and include information learned from conducting independent research on the following:
- security index rating
- level of complexity
- availability or utilization of system resources
Also include information on expenses as pertains to various cryptographic ciphers. Check out this resource on ciphers to familiarize yourself with the topic.
Use this information in your implementation plan.
In the next step, you will begin final work on the enterprise key management plan.

Step 6: Develop the Enterprise Key Management Plan
In the previous steps, you have gathered information about systems in use elsewhere. Using the learning and materials produced in those steps, develop your enterprise key management plan for implementation, operation, and maintenance of the new system. Address these as separate sections in the plan.
In this plan, you will identify the key components, the possible solutions, the risks and benefits comparisons of each solution, and proposed mitigations to the risks. These, too, should be considered as a separate section or could be integrated within the implementation, operation and maintenance sections.
A possible outline could be:
- introduction
- purpose
- key components
- implementation
- operation
- maintenance
- benefits and risks
- summary/conclusion
The length of this report should be a 8-10 page double spaced Word document with citations in APA format. The page count does not include figures or tables. There is no penalty for using additional pages if you need them. Include a minimum of three (3) references. Include a reference list with the report.

Submit your plan to the Assignment folder.
When you are finished, turn your attention to the enterprise key management policy, which is the final step.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
- 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
- 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
- 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas.
- 1.4: Tailor communications to the audience.
- 2.1: Identify and clearly explain the issue, question, problem under consideration.
- 2.2: Locate and access sufficient information to investigate the issue or problem.
- 2.3: Evaluate the information in logical manner to determine value and relevance.
- 2.4: Consider and analyze information in context to the issue or problem.
- 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria.
- 5.1: Knowledge of procedures, tools, and applications used to keep data or information secure, including public key infrastructure, point-to-point encryption, and smart cards.
- 7.1: Develop, implement, and maintain business continuity planning.
- 7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
- 7.4: Knowledge of policies, processes, & technologies used to create a balanced approach to identifying and assessing risks to information assets, personnel, facilities, & equipment, and to manage affordable mitigation strategies that meet security needs.

Step 7: Develop the Enterprise Key Management Policy

The final step in your assignment requires you to use the information provided in the previous steps to develop the enterprise key management policy that provides the processes, procedures, rules of behavior, and training within the enterprise key management system. Be sure to address different case scenarios and hypothetical situations. You may want to research different policies used by companies and adapt those frameworks for creating your policy.

Review and address the following within the policy:
- digital certificates
o certificate authority
o certificate revocation lists

For example, when employees leave the company, their digital certificates must be revoked within 24 hours. Another is that employees must receive initial and annual security training.

Include up to three corporate scenarios and devise policy standards, guidance, and procedures that would be invoked by the enterprise key management policy. Each should be short statements to define what someone would have to do to comply with the policy.
The overall information in the corporate scenarios can be fictitious or modeled after an existing corporation, which should then be cited using APA format. The length of this policy should be a two to three-page double-spaced Word document with citations in APA format.
Submit your policy to the assignment folder.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
- 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
- 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
- 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas.
- 1.4: Tailor communications to the audience.
- 2.1: Identify and clearly explain the issue, question, problem under consideration.
- 2.2: Locate and access sufficient information to investigate the issue or problem.
- 2.3: Evaluate the information in logical manner to determine value and relevance.
- 2.4: Consider and analyze information in context to the issue or problem.
- 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria.
- 5.1: Knowledge of procedures, tools, and applications used to keep data or information secure, including public key infrastructure, point-to-point encryption, and smart cards.
- 7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
- 7.4: Knowledge of policies, processes, & technologies used to create a balanced approach to identifying and assessing risks to information assets, personnel, facilities, & equipment, and to manage affordable mitigation strategies that meet security needs.

Attachment:- Project.rar

Verified Expert

This paper is about Enterprise Key Management as a security architect and cryptography specialist for Superior Healthcare. Step two includes information from the lab to better understand encryption and key management. Step six includes a specific enterprise key management plan that identifies the top components and is based on possible solutions, comparisons of each solution, risks and benefits, and risk mitigations. Step seven includes Enterprise Key Management Policy that provides the processes, procedures, rules of behavior, and training within the enterprise key management system.

Reference no: EM131784733

Questions Cloud

Difference between marginal revenue and marginal cost : To maximise profit, a firm should produce the quantity where the difference between marginal revenue and marginal cost is the greatest.
What was silas income tax expense for the year : During 2010 Silas Inc. had sales revenue $564,000, gross profit $264,000, What was Silas's income tax expense for the year
Compute the npv assuming a discount rate of eight percent : Patz Corporation is considering the purchase of a computer-aided manufacturing system. Compute the NPV assuming a discount rate of 8 percent.
Cost of production apply to the financial investment : How does the microeconomic concept of cost of production apply to the financial investment industry?
Create an enterprise key management system : Identify Components of Key Management - Advanced Cryptography Functions and Identify Key Management Gaps, Risks, Solutions, and Challenges
Designing a way of filtering collection classes : Often you have a Collection class and you want to remove or "filter" out some of the elements. For example, you might have a set of Integer objects.
State two examples of business segments : State two examples of business segments and explain why these would be a feasible business segment.
Evaluate the cost management performance of firm : Firm Z competes in both traditional pharmaceutical products and in evolving biotechnology products. Evaluate the cost management performance of Firm Z
How all four components are used in industry : Considering the four components of security documentation policies, discuss and give an example of how all four components are used in industry.

Reviews

inf1784733

7/3/2018 5:46:11 AM

Thanks for the good work, This assignment gets me the good grade in the class, what I needed for the subject. Thank you very much for the assistance it was really needed. The assignment was very good, I am really happy with the work.

inf1784733

7/3/2018 5:45:57 AM

For example, if in your Training Section you have a policy, such as, “1. All SHC employees shall be required to periodically attend security training.”, do not state what the training will be on or how frequently the training is given. Those are implementations to be worked out by others. The policy as given is a clear direction for what is desired and others will factor in things, such as, the business objectives, the industry, known changes in the network, a planned merger, etc. when they implement the policy.

inf1784733

7/3/2018 5:45:44 AM

you are also asked to submit a Policy. Again, your policy needs to be specific for the given scenario. For example, you will need to decide which one category of people the policy will address since there would be a different policy for SHC employees or subscribers, for example. However, a policy consists of several sections or categories. After several general explanation sections at the start of a policy, the specific enumerated policies are simply a series of numbered policy sentences; one sentence per number. There are no explanations required and no specific implementations to give; just the policy statement.

inf1784733

7/3/2018 5:44:52 AM

However, you need specific security controls relevant to the given scenario. In the Project 1 Plan deliverable, you will find the need to recommend types of encryption. It’s easy to just pick what you think is best and make the recommendation. However, encryption needed between trusted systems within a network, or needed between the user and the network, or for one type of data vs. another, will all be different. So, be specific about what you write and make it clear where and how it is to be used. It is also helpful and being specific when you follow your assertions with statements such as "for example" and give a very short example and a reference if that is relevant. The quality of your paper is not based on the number of pages you submit. You can (and should) be very concise, have limited pages and still be able to target the very specific scenario and do very well.

inf1784733

7/3/2018 5:44:24 AM

Unless you are asked for general or theoretical information within a project, you must write your project submissions as though you have been hired to work on the specific scenario given. Think of this as you being given an assignment with very specific deliverables, by your current manager at work. That means you must be very specific to the company and its situation. You will need to make assumptions about the company network, systems and applications, based on the information provided at the start of each project. In these cases, do not provide a tutorial or general information. It is easy to write about every threat you have learned about in prior courses. But, some threats are much more relevant to the given scenario than are others. Write about the specifically relevant threats. The same is true about cybersecurity controls. It’s always easy, for example, to say the company should be up-to-date with its security patches.

inf1784733

2/14/2018 5:30:56 AM

Step 7 two pages and make step 6 nine pages and Step 2 has one page total 12 pages. Here are the templates to follow for the EM20KL60ROHMDFKJLD15CNS project. Please use this thread for Project 1 discussions. I have attached five files here. Two are the Project 1 templates which I mentioned in the announcement area. Project 1-Enterprise Key Management Plan Template Project_1-Enterprise Key Management Policy Template Another is the Project 1 scenario into which you should inject yourself Project 1 Scenario The other two are examples of university security policies. IT Policy Example Acceptable Use Policy Example Note that policies are not detailed and do not specify implementation or step-by-step procedures. They are a series of organized statements which describe what the company expects and how the subjects the policy applies to should behave. 0 0 26861845_1Red 621 Project 1-Example University Acceptable Use Policy.pdf 26861845_2Red 621 Project 1-Example University IT Policy.pdf 26861877_3Red 621 Project 1 Scenario.docx

len1784733

12/28/2017 12:13:36 AM

Step 2. 1 page Step 6. 10 pages Step 7. 3 pages All these steps are highlighted in green. Follow the steps 1-7 to have a grasp of how the paper should come together. APA format 6th edition double space. Knowledge of policies, processes, & technologies used to create a balanced approach to identifying and assessing risks to information assets, personnel, facilities, & equipment, and to manage affordable mitigation strategies that meet security needs.

Write a Review

Computer Network Security Questions & Answers

  Create an agency-wide security awareness program

The CISO of the organization reaches out to you, the senior information security officer, and tasks you with creating an agency-wide security awareness program.

  How a company-wide policy program could help the situation

Explain why you think the use of these guidelines and procedures is not sufficient and may not solve the problem. Consider how a company-wide policy program could help the situation.

  What is the encrypted message entropy

Consider the following plaintext message: FAIN 460 9043 IS A GRADUATE COURSE.

  Choose appropriate security controls

Choose appropriate security controls from the SAN's 20 critical security controls and choose the remainder of controls that are needed to secure this system from the listing of controls provided from NIST 800-53 rev 4

  Udp programs to establish a secure communication channel

Write UDP programs allowing two parties to establish a secure communication channel and perform a security analysis for the key exchange protocol

  Develop the issp for the organisation

You are required to analyse the scenario on page 3 and develop the following ISSP for the organisation - You also need to include a section containing the justification of the contents of your policy as well as any assumptions that you have made.

  Identify steps required for implementing a physical security

Analyze the design process for defining a customized security solution. Give your opinion as to which step in this design process is most significant. Identify three steps required for implementing a physical and environmental security program.

  Write the different techniques use in detecting intrusion

Explain in detail about system security and write down the different techniques use in detecting intrusion. Explain the answer must be accompanied by algorithm.

  Malicious attacks and / or threats that you identified

For each of the three (3) or more malicious attacks and / or threats that you identified in Assignment 1, choose a strategy for addressing the associated risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Explain your ..

  What is information security policy?

What is information security policy? Why it is critical to the success of the information security program

  Describe the company network and interconnection environment

Describe the company network, interconnection, and communication environment. Assess risk based on the GFI, Inc. network diagram scenario. Note: Your risk assessment should cover all the necessary details for your client, GFI Inc., to understand th..

  Mobile computing and social networking

Mobile computing has dramatically changed how information is accessed and shared. Wireless networking has been an enabler of mobile computing. One profession that mobile computing has had a big impact on is health care management. Patients are now..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd