In this step, you will conduct independent research on key management issues in existing corporations. These will be used to help identify
gaps in key management, in each of the key management areas within Superior Health Care.
First, conduct independent research to identify the gaps in key management that are in existing corporations. Any factual information
should be cited using APA format. If data is lacking, use fictitious information.
Then, identify the posed risks to the cryptographic systems as a result of these gaps, including but not limited to crypto attacks. Read
these resources to brush up on your understanding of crypto attacks.
Next, propose solutions that the companies could have used to address these gaps. Be sure to identify what is needed to implement these
solutions.
Finally, identify challenges other companies have faced in implementing a key management system. Include any proposed remedies to these
challenges.
Include this information in your enterprise key management plan. Also create a summary table of the information into a table to be
included in the plan.
You will use and submit this information in your implementation plan.
In the next step, you will provide additional ideas for the CISO to consider.
Consider these additional objectives of an enterprise key management system.
1. Explain the uses of encryption and the benefits of securing communications by hash functions and other types of encryption. when
discussing encryption, be sure to evaluate and assess whether or not to incorporate technologies. To complete these tasks, review the
resources provided to you. You’ll need to understand the following topics:
a. uses of encryption
b. hash functions
c. types of encryptions
d. DES
e. triple DES
2. Describe the use and purpose of hashes and digital signatures in providing message authentication and integrity. Focus on
resources pertaining to message authentication.
3. Review the resources related to cryptanalysis, then explain the use of cryptography and cryptanalysis in data confidentiality.
Cryptanalysts are a very technical and specialized workforce. Your organization already has a workforce of SEs. Conduct research on the
need, cost and benefits to adding cryptanalysts to the corporation’s workforce. This is to support part of the operation and maintenance
function of the enterprise key management system. You are determining if it’s more effective to develop the SEs to perform these tasks. If
the corporation does not develop this new skilled community, what are other means for obtaining results of cryptanalysis?
4. Research and explain the concepts, in practice, that are commonly used for data confidentiality: the private and public key protocol
for authentication, public key infrastructure (PKI), the x.509 cryptography standard, and PKI security.
Use this information in your implementation plan.
In the next step, you will provide information on different cryptographic systems from the CISO.
In this step, you will provide the CISO with information on different cryptographic systems either in use by other companies or systems
that the company should consider procuring. You will need to independently research what key system products are available. You may
research a company you have worked for or know about regarding the use of an enterprise key management system.
Describe the cryptographic system, its effectiveness and efficiencies.
Provide analysis of the trade-offs of different cryptographic systems. Review and include information learned from conducting independent
research on the following:
securing index rating
level of complexity
availability or utilization of system resources
Also include information on expenses as pertains to various cryptographic ciphers.
Use this information in your implementation plan.
In this enterprise key management plan, you will identify the key components, the possible solutions, the risk and benefits comparisons of
each solution, and proposed mitigations to the risks. These, too, should be considered as a separate section or could be integrated within
the implementation, operation and maintenance sections.
A possible outline could be:
introduction
purpose
key components
implementation
operation
maintenance
benefits and risks
summary/conclusion
The length of this report should be a 8-10 pages double spaced Word document with citations in APA format. Include a minimum of 3
references.