Subject: Cybersecurity Technology
Enterprise Key Management
As a security architect and cryptography specialist for Superior Health Care, you’re familiar with the information systems throughout the company and the ranges of sensitivity in the information that is used, stored, and transmitted.
You’re also expected to understand health care regulations and guidelines because you’re responsible for advising the chief information security officer, or CISO, on a range of patient services, including the confidentiality and integrity of billing, payments, and insurance claims processing, as well as the security of patient information covered under the Health Insurance Portability and Accountability Act, or HIPAA.
You also have a team of security engineers, SEs, that help implement new cryptographic plans and policies and collaborate with the IT deployment and operations department during migrations to new technology initiatives.
This week, the CISO calls you into his office to let you know about the company’s latest initiative.
“We’re implementing eFi, web-based electronic health care, and that means we need to modernize our enterprise key management system during the migration, he says.
The CISO asks for an enterprise key management plan that identifies the top components, possible solutions, comparisons of each solution, risks and benefits, and proposed risk mitigations.
The plan will help create an enterprise key management system.
The SEs would be responsible for the implementation, operation, and maintenance of the plan and system.
The CISO also wants you to come up with an enterprise key management policy that provides processes, procedures, rules of behavior, and training.
The new web-based system needs to be running in a month. So, you’ll have a week to put together your enterprise key management plan and the accompanying policy.
Feedback on Original
The Turnitin Similarity Index (SI) of your plan is really high. You will need to redo the plan and resubmit. Please use the following guidelines
In the introduction, identify the typical processes/functions that will be found in such a healthcare environment e.g, clinical processes, financial process, HR processes, etc.
For example, a clinical process, could be registering a patient to see a healthcare provider. You typically will need a computer system to take in data, and most likely a database system to store the data.
In this simple example, it is clear that client system, and a database server. It is also clear that a patient data will be generated.
So you need to determine and sketch (on a high level) the IT infrastructure that will enable the processes in the organization. If you really think look deeper, you might find that there are commonalities in the processes but the types of data generated are different and so may be place on different classification levels. As an example, HR processes will involve employees and handling of their data. But, you still would need a computer system to access some database.
So, about data, you need to determine the types of data processes generate and you need to classify the different types of data. Then the controls you select to protect the data will follow based on the the data classification level.
As you complete each step in the process bear the aforementioned in mind because our primary purpose is to mitigate risk and the controls we select should help out in doing this while keeping costs down.
Subject: Cybersecurity Technology