Enterprise Key Management

1.    Enterprise Key Management Plan: An eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2.    Enterprise Key Management Policy: A two -page double-spaced Word document.

Project 1
I.    Perform independent research
a.    Focus is on key management for new electronic protected health information (e-PHI) system
b.    Information may be fictitious or modeled after existing corporation
II.    Step 1: ID components of key management
a.    Overview of current state of enterprise key management for SHC
b.    High-level, top-layer network view diagram of systems at SHC
c.    Review authentication
d.    Identify
i.    data at rest
ii.    data in use
iii.    data in motion
iv.    where data is stored
v.    how its accessed
vi.    areas where insecure handling may be a concern
III.    Step 3: ID key management gaps, risks, solutions and challenges
a.    Research key management issues in exiting corporations
b.    ID gaps in key management in existing corporations
c.    ID proposed risks to crypto systems as result of these gaps
i.    Review crypto attacks
d.    Propose solutions companies have used to address gaps
e.    ID what is needed to implement solutions
f.    ID challenges other companies have faced implementing key management system
g.    Include proposed remedies to challenges
h.    Create and submit summary table of information
IV.    Step 4: Provide additional considerations for the CISO
a.    Introduce these objectives on enterprise key management systems as it would apply to SHC
b.    Explain use of encryption and benefits
c.    Evaluate and assess whether or not to incorporate
i.    File encryption
ii.    Full disk encryption
iii.    Partition encryption
iv.    Review
1.    Uses of encryption
2.    Hash functions
3.    Types of encryption
4.    DES
5.    Triple DES
d.    Describe use and purpose of hashes and digital signatures
i.    Review authentication
e.    Explain use of cryptography and cryptanalysis in data confidentiality
i.    Review cryptanalysis
ii.    Research need, cost and benefits to adding cryptanalysts to corporate workforce
iii.    If dont develop it in SHC, what are other means to obtain results of cryptanalysts
f.    Explain concepts in practice commonly used for data confidentiality
i.    Private and public key protocol for authentication
ii.    Public key infrastructure
1.    Review public key infrastructure
iii.    X.509 cryptography standard
1.    Review x.509
iv.    PKI security
V.    Step 5: Analyze different cryptographic systems
a.    In-use by other companies or be considered for procuring
b.    ID what key system products are available on the market
c.    Describe cryptographic system
i.    Effectiveness
ii.    Efficiencies
d.    Analyze trade-offs of different system and consider
i.    Security index rating
ii.    Level of complexity
iii.    Availability or utilization of system resources
e.    Information on expenses as pertains to various cryptographic ciphers
i.    Review ciphers resource
VI.    Step 6: Develop the Enterprise key management plan
a.    Use learning and materials produced in previous steps
b.    Devise plan for implementation, operation and maintenance of new system
c.    Identify:
i.    Key components
ii.    Possible solutions
iii.    Risks and benefits comparisons of each solution
iv.    Proposed mitigations to the risks
VII.    Step 7: develop the enterprise key management policy
a.    Devise policy that provides the processes, procedures, rules of behavior and training within the enterprise key management system
b.    Review and address:
i.    Digital certificates
ii.    Certificate authority
iii.    Certificate revocation lists

Deliverables
Enterprise key management plan (8- pages)
I.    Coversheet
II.    Introduction
III.    Purpose
IV.    Key components
a.    Overview of current state of enterprise key management for SHC
b.    High-level, top-layer network view diagram of systems at SHC
c.    Review authentication
d.    Identify
i.    data at rest
ii.    data in use
iii.    data in motion
iv.    where data is stored
v.    how its accessed
vi.    areas where insecure handling may be a concern
V.    Implementation
a.    Integrate information from steps to describe how one would implement key management system
b.    Research key management issues in exiting corporations
c.    ID gaps in ley management in existing corporations
d.    ID proposed risks to crypto systems as result of these gaps
i.    Review crypto attacks
e.    Propose solutions companies have used to address gaps
f.    ID what is needed to implement solutions
g.    ID challenges other companies have faced implementing key management system
h.    Include proposed remedies to challenges
i.    Create and submit summary table of information
VI.    Operation
a.    Integrate information from steps to describe how one would operate a key management system
VII.    Maintenance
a.    Integrate information from steps to describe how one would maintain a key management system
VIII.    Benefits and risks
a.    Summarize what the benefits and risks are to an enterprise key management system
IX.    Summary/conclusion
X.    References

Enterprise key management policy (2 pages)
I.    Coversheet
II.    Policy statement
III.    Reason for Policy
IV.    Definitions
V.    Responsible Executive and Office
VI.    Entities Affected by this Policy
VII.    Procedures
a.    General (address digital certificates, certificate authority, certificate revocation lists)
b.    Responsibilities
c.    Rules of behavior
d.    Training
e.    Enforcement