Create Both An Enterprise Key Management Plan And Policy For A Company Computer Science Homework Help

Question Description

In the previous course, you learned about how security professionalsemploy cryptography, a system of algorithms that hide data. That systemcan be unlocked with a key provided to those who have a need to knowthat data. An important part of cryptography is how to manage these keysto the kingdom. This involves learning and understanding enterprise keymanagement systems and concepts.

Cryptography is the application of algorithms to ensure theconfidentiality, integrity, and availability of data while it is atrest, in motion, or in use. Cryptography systems can include localencryptions at the file or disk level, or databases, or they can extendto an enterprise-wide public key infrastructure for whole agencies orcorporations.

In this project, you will create both an enterprise key management plan and policyfor a company. The length of the plan should be eight to 10 pagesdouble-spaced. The length of this policy should be two to three pagesdouble-spaced. There are seven steps to complete the project. Most stepsof this project should take no more than two hours to complete, and theproject as a whole should take no more than one week to complete. Beginwith the workplace scenario, and then continue to Step 1, “IdentifyComponents of Key Management.”

Whenyou submit your project, your work will be evaluated using thecompetencies listed below. You can use the list below to self-check yourwork before submission.

  • 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
  • 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
  • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
  • 1.4: Tailor communications to the audience.
  • 2.1: Identify and clearly explain the issue, question, problem under consideration.
  • 2.2: Locate and access sufficient information to investigate the issue or problem.
  • 2.3: Evaluate the information in logical manner to determine value and relevance.
  • 2.4: Consider and analyze information in context to the issue or problem.
  • 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria.
  • 5.1:Knowledge of procedures, tools, and applications used to keep data orinformation secure, including public key infrastructure, point-to-pointencryption, and smart cards.
  • 7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
  • 7.4:Knowledge of policies, processes, & technologies used to create abalanced approach to identifying and assessing risks to informationassets, personnel, facilities, & equipment, and to manage affordablemitigation strategies that meet security needs.Step 1: Identify Components of Key ManagementAn important part of the new electronic protected health information(or e-PHI) system will be key management. As a security architect, youknow that key management is often considered the most difficult part ofdesigning a cryptosystem. The overall information in this step can be fictitious or modeledafter an existing corporation, which should then be cited using APAformat. The idea is to provide an overview of the current state ofenterprise key management for Superior Health Care. To do so, you’ll need to know about authentication and thecharacteristics of key management. Brush up on your knowledge ofauthentication by reviewing the authenticationresources. Then, provide a high-level, top-layer network view (diagram)of the systems in Superior Health Care. To do this, start by readingthese resources on data at rest, data in use, and data in motion.The diagram can be a bubble chart or Visio drawing of a simple networkdiagram with servers. Independent research may be used to find one touse.Next, identify data at rest, data in use, and data in motion as itcould apply to your company. Focus on where data is stored and how it’saccessed is a good place to start. Finally, review these resources oninsecure handling, and identify areas where insecure handling may be a concern for your organization. Use this information in your implementation plan.In the next step, you will consider key management capabilities.Step 2: Learning Key Management CapabilitiesYou have successfully examined what are the major components of anenterprise key management system for Superior Health Care. Now you mustbegin your research into CrypTool, to better understand enterprise keymanagement by using this product. Enter Workspaceand complete the “Enterprise key management” exercise. Do some quickindependent research on Public Key Infrastructure as it applies to yourorganization.Note:You will use the tools in Workspace forthis step. If you need help outside the classroom, you can register forthe CLAB 699 Cyber Computing Lab Assistance (go to Discussions List forregistration information) in which you can access resources to enableyou to complete this project successfully.Click here to access the instructions for Navigating the Workspace and the Lab Setup.Click here to access the Project 1 Workspace Exercise Instructions.Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace.In the next step, you will identify the key management gaps, risks, solutions, and challenges found in corporations.Step 3: Identify Key Management Gaps, Risks, Solutions, and ChallengesIn the previous step, you identified the key components of anenterprise key management system. In this step, you will conductindependent research on key management issues in existing corporations.These will be used to help identify gaps in key management, in each ofthe key management areas within Superior Health Care. First, conduct independent research to identify the gaps in keymanagement that are in existing corporations. Any factual informationshould be cited using APA format. If data is lacking, use fictitiousinformation.Then, identify the posed risks to the cryptographic systems as aresult of these gaps, including but not limited to crypto attacks. Readthese resources to brush up on your understanding of crypto attacks.Next, propose solutions that the companies could have used toaddress these gaps. Be sure to identify what is needed to implementthese solutions. Finally, identify challenges other companies have faced inimplementing a key management system. Include any proposed remedies tothese challenges. Include this information in your enterprise key management plan.Also create a summary table of the information into a table to beincluded in the plan.You will use and submit this information in your implementation plan.In the next step, you will provide additional ideas for the CISO to consider. Step 4: Provide Additional Considerations for the CISOYou have satisfactorily identified key management gaps. Now, sinceyou are compiling information for the CISO, consider these additionalobjectives of an enterprise key management system.
    1. Explain the uses of encryption and the benefits of securingcommunications by hash functions and other types of encryption. Whendiscussing encryption, be sure to evaluate and assess whether or not toincorporate file encryption, full disc encryption, and partitionencryption. Discuss the benefits to using DES, triple DES, or otherencryption technologies. To complete these tasks, review the resourcesprovided to you. You’ll need to understand the following topics:
      1. uses of encryption
      2. hash functions
      3. types of encryption
      4. DES
      5. triple DES
    2. Describe the use and purpose of hashes and digital signaturesin providing message authentication and integrity. Check out theseresources on authentication to further your understanding. Focus on resources pertaining to message authentication.
    3. Review the resources related to cryptanalysis,then explain the use of cryptography and cryptanalysis in dataconfidentiality. Cryptanalysts are a very technical and specializedworkforce. Your organization already has a workforce of SEs. Conductresearch on the need, cost, and benefits to adding cryptanalysts to thecorporation’s workforce. This is to support part of the operation andmaintenance function of the enterprise key management system. You aredetermining if it’s more effective to develop the SEs to perform thesetasks. If the corporation does not develop this new skilled community,what are other means for obtaining results of cryptanalysis?
    4. Research and explain the concepts, in practice, that arecommonly used for data confidentiality: the private and public keyprotocol for authentication, public key infrastructure (PKI), the x.509cryptography standard, and PKI security. Take time to read about thefollowing cryptography and identity management concepts: public key infrastructure and the x.509 cryptography standard.

    Use this information in your implementation plan.In the next step, you will provide information on different cryptographic systems for the CISO. Step 5: Analyze Cryptographic SystemsIn the previous step, you covered aspects of cryptographic methods.In this step, you will provide the CISO with information on differentcryptographic systems either in use by other companies or systems thatthe company should consider procuring. You will need to independentlyresearch what key system products are available. You may research acompany you have worked for or know about regarding the use of anenterprise key management system. The idea is for you to get acquaintedwith different systems that could be used by Superior Health Care.Describe the cryptographic system, its effectiveness and efficiencies. Provide analysis of the trade-offs of different cryptographicsystems. Review and include information learned from conductingindependent research on the following:

    • security index rating
    • level of complexity
    • availability or utilization of system resources

    Also include information on expenses as pertains to various cryptographic ciphers. Check out this resource on ciphers to familiarize yourself with the topic.Use this information in your implementation plan.In the next step, you will begin final work on the enterprise key management plan.Step 6: Develop the Enterprise Key Management PlanIn the previous steps, you have gathered information about systemsin use elsewhere. Using the learning and materials produced in thosesteps, develop your enterprise key management plan for implementation,operation, and maintenance of the new system. Address these as separatesections in the plan.In this plan, you will identify the key components, the possiblesolutions, the risks and benefits comparisons of each solution, andproposed mitigations to the risks. These, too, should be considered as aseparate section or could be integrated within the implementation, operation and maintenance sections.A possible outline could be:

    • introduction
    • purpose
    • key components
    • implementation
    • operation
    • maintenance
    • benefits and risks
    • summary/conclusion

    The length of this report should be a 8-10 page double spaced Worddocument with citations in APA format. The page count does not includefigures or tables. There is no penalty for using additional pages if youneed them. Include a minimum of three (3) references. Include areference list with the report.Submit your plan to the Assignment folder. When you are finished, turn your attention to the enterprise key management policy, which is the final step.Before you submit your assignment, review the competencies below,which your instructor will use to evaluate your work. A good practicewould be to use each competency as a self-check to confirm you haveincorporated all of them in your work.

    • 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
    • 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
    • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
    • 1.4: Tailor communications to the audience.
    • 2.1: Identify and clearly explain the issue, question, problem under consideration.
    • 2.2: Locate and access sufficient information to investigate the issue or problem.
    • 2.3: Evaluate the information in logical manner to determine value and relevance.
    • 2.4: Consider and analyze information in context to the issue or problem.
    • 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria.
    • 5.1:Knowledge of procedures, tools, and applications used to keep data orinformation secure, including public key infrastructure, point-to-pointencryption, and smart cards.
    • 7.1: Develop, implement, and maintain business continuity planning.
    • 7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
    • 7.4:Knowledge of policies, processes, & technologies used to create abalanced approach to identifying and assessing risks to informationassets, personnel, facilities, & equipment, and to manage affordablemitigation strategies that meet security needs.Step 7: Develop the Enterprise Key Management PolicyThe final step in your assignment requires you to use theinformation provided in the previous steps to develop the enterprise keymanagement policy that provides the processes, procedures, rules ofbehavior, and training within the enterprise key management system. Besure to address different case scenarios and hypothetical situations.You may want to research different policies used by companies and adaptthose frameworks for creating your policy.Review and address the following within the policy:
    • digital certificates
      • certificate authority
      • certificate revocation lists

    For example, when employees leave the company, their digitalcertificates must be revoked within 24 hours. Another is that employeesmust receive initial and annual security training.Include up to three corporate scenarios and devise policystandards, guidance, and procedures that would be invoked by theenterprise key management policy. Each should be short statements todefine what someone would have to do to comply with the policy.The overall information in the corporate scenarios can befictitious or modeled after an existing corporation, which should thenbe cited using APA format. The length of this policy should be a two tothree-page double-spaced Word document with citations in APA format.Submit your policy to the assignment folder.
    Before you submit your assignment, review the competenciesbelow, which your instructor will use to evaluate your work. A goodpractice would be to use each competency as a self-check to confirm youhave incorporated all of them in your work.

    • 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
    • 1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
    • 1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.
    • 1.4: Tailor communications to the audience.
    • 2.1: Identify and clearly explain the issue, question, problem under consideration.
    • 2.2: Locate and access sufficient information to investigate the issue or problem.
    • 2.3: Evaluate the information in logical manner to determine value and relevance.
    • 2.4: Consider and analyze information in context to the issue or problem.
    • 2.5: Develop well-reasoned ideas, conclusions, checking against relevant criteria.
    • 5.1:Knowledge of procedures, tools, and applications used to keep data orinformation secure, including public key infrastructure, point-to-pointencryption, and smart cards.
    • 7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
    • 7.4:Knowledge of policies, processes, & technologies used to create abalanced approach to identifying and assessing risks to informationassets, personnel, facilities, & equipment, and to manage affordablemitigation strategies that meet security needs.
Get 20% Discount on The assignment
Pages (550 words)
Approximate price: -

Try it now!

Get 20% Discount on The Assignment

We'll send you the first draft for approval by at
Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

EssayBrill has stood as the world’s leading custom essay writing services providers. Once you enter all the details in the order form under the place order button, the rest is up to us.

Essays

Essay Writing Services

At EssayBrill, we prioritize on all aspects that bring about a good grade such as impeccable grammar, proper structure, zero-plagiarism and conformance to guidelines. Our experienced team of writers will help you completed your essays and other assignments.

Admissions

Admission and Business Papers

Be assured that you’ll definitely get accepted to the Master’s level program at any university once you enter all the details in the order form. We won’t leave you here; we will also help you secure a good position in your aspired workplace by creating an outstanding resume or portfolio once you place an order.

Editing

Editing and Proofreading

Our skilled editing and writing team will help you restructure you paper, paraphrase, correct grammar and replace plagiarized sections on your paper just on time. The service is geared toward eliminating any mistakes and rather enhancing better quality.

Coursework

Technical papers

We have writers in almost all fields including the most technical fields. You don’t have to worry about the complexity of your paper. Simply enter as much details as possible in the place order section.