CST620
Ultimate Ultimate Health care Key Management
UMGC, CST620
Ultimate Ultimate Health care Key Management
Ultimate Heath Care is an company that is dedicated to preserving the confidentiality and
integrity of several things such as the billing payments and specific information which may be
covered under the Health Insurance Portability and Accountability Act. The current goal of the
company is to modernize the Enterprise Key Management system by implementing eFi, which is
a web-based electronic healthcare. As the Cryptography specialist and duly hatted Security
Architect it is very important to fully understand and follow the current healthcare guidelines and
regulations when briefing the Chief Information Security Officer of advisable actions. Ultimate
Ultimate Health care will be anticipating new training, rules, processes and procedures to ensure
the new key management policy will enable the newly web-based system to run smoothly.
Key Management Components
The overall foundation to key management includes distribution, storage, destruction, and
secure generation. Encryption can easily become compromised by inadequate key management,
so it is imperative to have the appropriate strength of keys as well as effective mechanisms to
protect the keys. A cryptographic key is an algorithm that is paired with a parameter that
essentially allows anyone or entity that obtains the key, access to information that was previously
encrypted. Such examples include being able to read a document or email in plain text if the
individual received the authorization to do so whereas if the key was not received then the user
would not be able to decipher the text as it would be in ciphertext. Maintaining an effective key
management system is extremely vital to the success of Ultimate Ultimate Health care protecting
the confidentiality, and data integrity of the customers while ensuring that only authorized
personnel have access to their personal information. With the combination of security services
such as those mentioned above, protecting the data integrity, ensuring confidentiality as well as
, source authentication and the use of digital signatures or non-repudiation will provide the desired
assurance of protection. Not only does the assurance include the technical and data side of
protection, the customers and employees also have the desire for physical security. This will
prevent events such as clients accidentally or intentionally obtaining access to confidential
information by entering unauthorized areas of the clinic. These unauthorized areas only grant
access to personnel with badges or specific codes or some sort of biometric identification.
Essential elements to provide a secure network include management and multiplication,
strong security architecture, and enhancements to the dependable architecture. Creating multiple
application and network firewalls significantly reduces the opportunity for buffer overflows and
injections. The implementation of a private DMZ and a public DMZ will create an isolation
between the public application user interface and the processing logic thus providing optimal
processing capabilities and essentially allowing circumscribed regulations on the access of the
application logic to prevent most application based attacks. A great way to decrease the
possibility of standard port injection attacks is to create two internal LANs. This will allow
sensitive data to be stored on the secure LAN using tcp/443 and the other LAN could be on
tcp/80. With the strong security architecture there will be the implementation of a host-based
intrusion detection system and a network based detection system. There should be a NIDS on all
of the critical subnets on both DMZs to also include the secure LAN. It is not advised to place
these monitors on all the other network segments because there is a possibility of producing false
positive alerts. To help increase the security of the architecture there should be a time server to
ensure the functionality an analysis information that is stored on the system log server has the
appropriate time sync. It would be difficult to pinpoint an issue if the times were not synced
between systems. A system log server requires a lot of storage space as it collects information
Ultimate Ultimate Health care Key Management
UMGC, CST620
Ultimate Ultimate Health care Key Management
Ultimate Heath Care is an company that is dedicated to preserving the confidentiality and
integrity of several things such as the billing payments and specific information which may be
covered under the Health Insurance Portability and Accountability Act. The current goal of the
company is to modernize the Enterprise Key Management system by implementing eFi, which is
a web-based electronic healthcare. As the Cryptography specialist and duly hatted Security
Architect it is very important to fully understand and follow the current healthcare guidelines and
regulations when briefing the Chief Information Security Officer of advisable actions. Ultimate
Ultimate Health care will be anticipating new training, rules, processes and procedures to ensure
the new key management policy will enable the newly web-based system to run smoothly.
Key Management Components
The overall foundation to key management includes distribution, storage, destruction, and
secure generation. Encryption can easily become compromised by inadequate key management,
so it is imperative to have the appropriate strength of keys as well as effective mechanisms to
protect the keys. A cryptographic key is an algorithm that is paired with a parameter that
essentially allows anyone or entity that obtains the key, access to information that was previously
encrypted. Such examples include being able to read a document or email in plain text if the
individual received the authorization to do so whereas if the key was not received then the user
would not be able to decipher the text as it would be in ciphertext. Maintaining an effective key
management system is extremely vital to the success of Ultimate Ultimate Health care protecting
the confidentiality, and data integrity of the customers while ensuring that only authorized
personnel have access to their personal information. With the combination of security services
such as those mentioned above, protecting the data integrity, ensuring confidentiality as well as
, source authentication and the use of digital signatures or non-repudiation will provide the desired
assurance of protection. Not only does the assurance include the technical and data side of
protection, the customers and employees also have the desire for physical security. This will
prevent events such as clients accidentally or intentionally obtaining access to confidential
information by entering unauthorized areas of the clinic. These unauthorized areas only grant
access to personnel with badges or specific codes or some sort of biometric identification.
Essential elements to provide a secure network include management and multiplication,
strong security architecture, and enhancements to the dependable architecture. Creating multiple
application and network firewalls significantly reduces the opportunity for buffer overflows and
injections. The implementation of a private DMZ and a public DMZ will create an isolation
between the public application user interface and the processing logic thus providing optimal
processing capabilities and essentially allowing circumscribed regulations on the access of the
application logic to prevent most application based attacks. A great way to decrease the
possibility of standard port injection attacks is to create two internal LANs. This will allow
sensitive data to be stored on the secure LAN using tcp/443 and the other LAN could be on
tcp/80. With the strong security architecture there will be the implementation of a host-based
intrusion detection system and a network based detection system. There should be a NIDS on all
of the critical subnets on both DMZs to also include the secure LAN. It is not advised to place
these monitors on all the other network segments because there is a possibility of producing false
positive alerts. To help increase the security of the architecture there should be a time server to
ensure the functionality an analysis information that is stored on the system log server has the
appropriate time sync. It would be difficult to pinpoint an issue if the times were not synced
between systems. A system log server requires a lot of storage space as it collects information
