Enterprise Key Management Plan
Added on 2022-09-01
24 Pages4041 Words20 Views
|
|
|
Part 1
Enterprise Key Management Plan
CST 620
[name]
[date]
Enterprise Key Management Plan
CST 620
[name]
[date]
INTRODUCTION
Medstar Health Hospital (MHH) is working hard enough to implement eFi healthcare websites.
Through this process, it means that the management team supporting the information system
section has to mitigate those practices that will aid in protecting the data available. Therefore,
the plan will have to include a high architectural framework for effective implementation of the
anticipated eFi website and MHHs efforts. Thus, the project will have to elaborate more on the
fundamental components, the operations techniques, maintenance styles and the implementation
policies within the organization.
PURPOSE
In this paper, the entire aim is to come up with detailed enterprise management plan that
identifies the risks and benefits as well as identifying the top components necessary for inducing
solutions. It also helps to compare the solutions incurred and also proposing risks when
implementing an information system.
2
Medstar Health Hospital (MHH) is working hard enough to implement eFi healthcare websites.
Through this process, it means that the management team supporting the information system
section has to mitigate those practices that will aid in protecting the data available. Therefore,
the plan will have to include a high architectural framework for effective implementation of the
anticipated eFi website and MHHs efforts. Thus, the project will have to elaborate more on the
fundamental components, the operations techniques, maintenance styles and the implementation
policies within the organization.
PURPOSE
In this paper, the entire aim is to come up with detailed enterprise management plan that
identifies the risks and benefits as well as identifying the top components necessary for inducing
solutions. It also helps to compare the solutions incurred and also proposing risks when
implementing an information system.
2
KEY COMPONENTS
The idea is that in any organization, detailing a plan and modernizing aspect plays a fundamental
role all the time. MHH has various cloud-based concepts that help departments to access network
resources and services all the time. Figure 1 shows a simplified network device as well as the
operating systems necessary for the healthcare center. Through the Operating systems, the
organization is in the position to access every business unit within it. Besides, the system is in
the capability to provide management function, thus properly allowing authentic access services
all the time. According to the top management team, each unit in the hospital should be in the
position to access IT needs and all associated services (Bakunzibake, 2016).
Therefore, to point out these IT-related needs, the organization has to measure the capabilities,
the weaknesses available as well as related risks. All these elements must be defined and stated
appropriately. Several business functions can be identified in this enterprise. These include; the
administration unit, finance team, clinical and management units. Both of these sections play a
vital role that helps the organization achieve its vision and mission. For the case of the
administration unit, we have the human resources, the issue related to payroll, the scheduling
process and also the IT support (Beregova, Milova, & Fedotov, 2015).
On the other hand, we have other elements such as the budgets, the billing activities and the
procurement aspects. The clinical network system will include features such as the care plans,
the records management teams, the patient intake processes and the triage. Besides, the
management function is independent, and it has units such as the planning and daily operation
process that determines the future growth in any organization (CHENG, CHEN, & SUN, 2017).
3
The idea is that in any organization, detailing a plan and modernizing aspect plays a fundamental
role all the time. MHH has various cloud-based concepts that help departments to access network
resources and services all the time. Figure 1 shows a simplified network device as well as the
operating systems necessary for the healthcare center. Through the Operating systems, the
organization is in the position to access every business unit within it. Besides, the system is in
the capability to provide management function, thus properly allowing authentic access services
all the time. According to the top management team, each unit in the hospital should be in the
position to access IT needs and all associated services (Bakunzibake, 2016).
Therefore, to point out these IT-related needs, the organization has to measure the capabilities,
the weaknesses available as well as related risks. All these elements must be defined and stated
appropriately. Several business functions can be identified in this enterprise. These include; the
administration unit, finance team, clinical and management units. Both of these sections play a
vital role that helps the organization achieve its vision and mission. For the case of the
administration unit, we have the human resources, the issue related to payroll, the scheduling
process and also the IT support (Beregova, Milova, & Fedotov, 2015).
On the other hand, we have other elements such as the budgets, the billing activities and the
procurement aspects. The clinical network system will include features such as the care plans,
the records management teams, the patient intake processes and the triage. Besides, the
management function is independent, and it has units such as the planning and daily operation
process that determines the future growth in any organization (CHENG, CHEN, & SUN, 2017).
3
Fig 1; Network Diagram
It is agreed that effective management of the cryptographic keys plays an essential role in any
organization. The analogy is that keys are the analogous elements that promote cryptography
security purposes all the time. On the other hand, poor key management is vulnerable to an
aspect of insecurity in the organization. Authentication includes the stipulated process that is
authorized for accessing specific data within an organization. We have various ways for
authenticating data in all organization. The best ideas are to come up with unique criteria that can
help to protect the data we have in the enterprise (Chitra, & Sanjiv, 2016).
On the other hand, the aspect of passwords is one of the conventional processes of protecting
data all the time. It refers to the method for authenticating individuals to access data with the
4
It is agreed that effective management of the cryptographic keys plays an essential role in any
organization. The analogy is that keys are the analogous elements that promote cryptography
security purposes all the time. On the other hand, poor key management is vulnerable to an
aspect of insecurity in the organization. Authentication includes the stipulated process that is
authorized for accessing specific data within an organization. We have various ways for
authenticating data in all organization. The best ideas are to come up with unique criteria that can
help to protect the data we have in the enterprise (Chitra, & Sanjiv, 2016).
On the other hand, the aspect of passwords is one of the conventional processes of protecting
data all the time. It refers to the method for authenticating individuals to access data with the
4
help of a unique figure that can be only recognized by the system. The strategy is common for
many companies we have, thus helping to regulate those individuals accessing information from
the website. We have other elements for data encryption, such as the hardware and software that
complies with higher encryption and security purposes.
The issue of data in MHH organization moves and lives at various stages. The point is that data
at rest includes those types of data that are in storage devices. It can be the one in the hard drive,
smart cards and the one in the backup devices. We have methods such as the encryption that can
be used by the organization to protect the data that is at rest all the time. Techniques such as
storing the data at various location places can help to protect the data at rest in the healthcare
unit.
Besides, we have data in motion. This includes those types of data that are streaming all the time.
We have aspects such as the memory that can be described as the data that is in motion in this
enterprise. MHH has to ensure it comes up with an appropriate method for storing data in
motion. The standard practice is to create a unique encrypted channel that fully protects this data
all the time (Chofreh, Goni, & Klemeš, 2016). Besides, we have asymmetric keys that include a
pair of private keys that are always created at the same time as opposed to the symmetric keys in
any system. We have data at rest in the healthcare unit that integrates the vital information and
data in motion will articulate the information communicated to and from within the servers of the
organization. Therefore, for this case, secure network and the multi-factor authentication is
necessary, and it plays a baseline on the matter related to the VPN and the RBAC.
5
many companies we have, thus helping to regulate those individuals accessing information from
the website. We have other elements for data encryption, such as the hardware and software that
complies with higher encryption and security purposes.
The issue of data in MHH organization moves and lives at various stages. The point is that data
at rest includes those types of data that are in storage devices. It can be the one in the hard drive,
smart cards and the one in the backup devices. We have methods such as the encryption that can
be used by the organization to protect the data that is at rest all the time. Techniques such as
storing the data at various location places can help to protect the data at rest in the healthcare
unit.
Besides, we have data in motion. This includes those types of data that are streaming all the time.
We have aspects such as the memory that can be described as the data that is in motion in this
enterprise. MHH has to ensure it comes up with an appropriate method for storing data in
motion. The standard practice is to create a unique encrypted channel that fully protects this data
all the time (Chofreh, Goni, & Klemeš, 2016). Besides, we have asymmetric keys that include a
pair of private keys that are always created at the same time as opposed to the symmetric keys in
any system. We have data at rest in the healthcare unit that integrates the vital information and
data in motion will articulate the information communicated to and from within the servers of the
organization. Therefore, for this case, secure network and the multi-factor authentication is
necessary, and it plays a baseline on the matter related to the VPN and the RBAC.
5
IMPLEMENTATION
Gunawan and Sutedja, (2018) cites how the issue of enterprise key management has been a threat
to most of the organizations. The point is that multiple organizations lack effective ways of
handling this tricky challenge. According to the author, MHH has to ensure there is
confidentiality and integrity when handling data all the time. Most of the companies have
struggled a lot to master the security keys for an extended period. Ideally, the issue is that there
must be a practical enterprise key management strategy all the time. Through this, it will be easy
to have easy administration of the secure keys. Besides, the managers in this organization have to
master what is known as the critical recovery process. There must be a well-analyzed process of
recovering the data, and the process should be simple. The recovery has also to be limited to
some people and the appropriate officials who should honour the aspect of privacy (King et al
2016).
The figure below outlines some of the challenges that are facilitated by the lack of effective
EKM compliance process. The analogy is that the healthcare center will face all these fails to
follow the modernization techniques necessary for data security (LIU, LI, & FENG, 2015).
Fig 2; Summary of risks, gaps, issues and solutions
Issue Gaps Risks Solutions
Lack of standards Lack of policies to
control enterprise
key management.
Ad hoc products may be
configured, implemented.
It can also be administered
poorly, increasing the risk
Use of key
management policies
6
Gunawan and Sutedja, (2018) cites how the issue of enterprise key management has been a threat
to most of the organizations. The point is that multiple organizations lack effective ways of
handling this tricky challenge. According to the author, MHH has to ensure there is
confidentiality and integrity when handling data all the time. Most of the companies have
struggled a lot to master the security keys for an extended period. Ideally, the issue is that there
must be a practical enterprise key management strategy all the time. Through this, it will be easy
to have easy administration of the secure keys. Besides, the managers in this organization have to
master what is known as the critical recovery process. There must be a well-analyzed process of
recovering the data, and the process should be simple. The recovery has also to be limited to
some people and the appropriate officials who should honour the aspect of privacy (King et al
2016).
The figure below outlines some of the challenges that are facilitated by the lack of effective
EKM compliance process. The analogy is that the healthcare center will face all these fails to
follow the modernization techniques necessary for data security (LIU, LI, & FENG, 2015).
Fig 2; Summary of risks, gaps, issues and solutions
Issue Gaps Risks Solutions
Lack of standards Lack of policies to
control enterprise
key management.
Ad hoc products may be
configured, implemented.
It can also be administered
poorly, increasing the risk
Use of key
management policies
6
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Enterprise Key Management Planlg...
|15
|3158
|20
Introduction to Flight Management System and Networking Part 3: Introduction to Computer System and Networkinglg...
|13
|3274
|325
VPN Network Design for SME network and VPN serviceslg...
|10
|1995
|203
STRATEGIC CHANGE MANAGEMENT.lg...
|21
|6330
|9
VPN Network Design for SME - Network and VPN Serviceslg...
|15
|1437
|299
Risk Management Program Analysis | Reportlg...
|8
|1926
|23