Pki And Encryption At Worklearning Objectives And Outcomes Develop A ✓ Solved

PKI and Encryption at Work Learning Objectives and Outcomes · Develop a plan to deploy public key infrastructure (PKI) and encryption solutions to protect data and information. Assignment Requirements In this assignment, you play the role of chief information technology (IT) security officer for the Quality Medical Company (QMC). QMC is a publicly traded company operating in the pharmaceutical industry. QMC is expanding its arena of work through an increase in the number of clients and products. The senior management of the company is highly concerned about complying with the multitude of legislative and regulatory laws and issues in place.

The company has an internal compliance and risk management team to take care of all the compliance-related issues. The company needs to make important decisions about the bulk of resources they will need to meet the voluminous compliance requirements arising from the multidimensional challenge of expansion. QMC will be required to conform to the following compliance issues: · Public-company regulations, such as the Sarbanes-Oxley (SOX) Act · Regulations affecting financial companies, companies that make loans and charge interest, such as the U.S. Securities and Exchange Commission (SEC) rules and Gramm-Leach-Bliley Act (GLBA) · Regulations affecting healthcare privacy information, such as Health Insurance Portability and Accountability Act (HIPAA) · Intellectual Property Law that is important for information asset protection particularly for organizations in the pharmaceutical and technology industry · Regulations affecting the privacy of information, including personal identification information, such as personally identifiable information (PII) regularly collected from employees, customers, and end users · Corporate governance policies including disclosures to the board of directors and the auditors and the policies related to human resources, governance, harassment, code of conduct, and ethics Compliance with regulatory requirements implies encrypting sensitive data at rest (DAR) and allowing access to role-holders in the enterprise who require the access.

It also implies that sensitive data in motion (DIM) or data that is being communicated via e-mail, instant message (IM), or even Web e-mail must be suitably protected and sent only to the individuals who have a right to view it. The company is conscious about the loss they may face in terms of penalty and brand damage if they fail to abide by the compliance laws, especially in the online information transfer phase. Therefore, as a dedicated employee, your task is to develop a content monitoring strategy using PKI as a potential solution. You will need to determine a process or method to identify multiple data types, processes, and organizational policies. Incorporate them into a plan, and select a PKI solution that will effectively address the content management needs of your company.

You need to present your PKI solution in the form of a professional report to the senior management. Required Resources None Submission Requirements · Format: Microsoft Word · Font: Arial, 12-Point, Double-Space · Citation Style: APA · Length: 1–2 pages Self-Assessment Checklist Use the following checklist to support your work on the assignment: · I have identified specific data types related to the specific compliance regulatory requirements. · I have indicated a solution for sharing data beyond the borders of the organization. · I have appropriately selected and developed a PKI solution for content control. · I have followed the submission requirements. 1. Museums often receive donations from diverse sources.

These reasons behind these donations tends to be different from one individual to another. According to some data, there are three significant reasons why millennials donate to museums. First, some value personal collections. Such individuals donate since they like what a museum works toward and stands for. Second, cultural organizations "might not be meeting the millennial generation where they are".

Most millennials are on digital platforms and donating to museums is their way of reaching out to cultural organizations. Finally, museums are not actively asking the millennials to donate, which makes the latter feel left out and willing to donate.However, despite the reasons given above, that museums ought to have clearer policies on donations compared to what is presently available. Even though the management bodies of museums tend to be aware of the issues and challenges related to donations, the available procedures and policies tend to be insufficiently detailed and out of date. This causes loopholes that can be manipulated by some other or the museum for selfish gains. Some issues that arise in this case include money laundering and inappropriate donations.

Some donations can be done with ill motives. Therefore, museums need to focus on risk management processes, governance, and stakeholder management to ensure they come up with policies that adequately regulate donations. Failure to do so can result in museums receiving donations from diverse with ulterior motives. In turn, this can give such museums bad reputations that can deter good from getting involved with them. One of the interesting topic to not only for art lovers but also for anyone who has heard about the most famous artwork it’s Mona Lisa by Leonardo da Vinci.

This painting considered to be the wealthiest paintings in the world because it’s always in the most level, the most written about, sung about, and visited. Mona Lisa backs to Italian renascence and it kept for a long time and till now in the Louvre in Paris. A few months ago, people were upset about what they heard about removing Mona Lisa from the Louvre for particular reasons. It appears that overcrowding is the main reason for removing the painting. After reviewing some Louver research, 80 present of the visitors coming only for watching Mona Lisa, now we have a clear view of how the crowding will look like when hundreds of people in front of the most famous painting.

Visitors always continues to increase. Overcrowding is not only the reason or the problem the Louver is facing but also visitors do not give attention to other works or exhibitions in the museum. All they care about is Mona Lisa and taking selfies with it. Hundreds of people in front of Mona Lisa while other exhibitions are empty. This is the point, of course not all of them are art lovers.

What makes this painting is so famous in this way? Maybe because it’s mysterious and has hidden secrets and we as humans always like secrets. The louver also includes a lot of amazing and famous artworks but these are ignored because of Mona Lisa. There should be a different way to present Mona Lisa for example, having a separate exhibit for Mona-lover. It needs her own space and also to giving other works and exhibition space to make people not visiting for Mona Lisa but for other artworks.

Mona Lisa undoubtedly an amazing Iconic of art and no one can deny that but there are also some works that deserve to be as famous as Mona Lisa. One of the interesting topic to not only for art lovers but also for anyone who has heard about the most famous artwork it’s Mona Lisa by Leonardo da Vinci. This painting considered to be the wealthiest paintings in the world because it’s always in the most level, the most written about, sung about, and visited. Mona Lisa backs to Italian renascence and it kept for a long time and till now in the Louvre in Paris. A few months ago, people were upset about what they heard about removing Mona Lisa from the Louvre for particular reasons.

It appears that overcrowding is the main reason for removing the painting. After reviewing some Louver research, 80 present of the visitors coming only for watching Mona Lisa, now we have a clear view of how the crowding will look like when hundreds of people in front of the most famous painting. Visitors always continues to increase. Overcrowding is not only the reason or the problem the Louver is facing but also visitors do not give attention to other works or exhibitions in the museum. All they care about is Mona Lisa and taking selfies with it.

Hundreds of people in front of Mona Lisa while other exhibitions are empty. This is the point, of course not all of them are art lovers. What makes this painting is so famous in this way? Maybe because it’s mysterious and has hidden secrets and we as humans always like secrets. The louver also includes a lot of amazing and famous artworks but these are ignored because of Mona Lisa.

There should be a different way to present Mona Lisa for example, having a separate exhibit for Mona-lover. It needs her own space and also to giving other works and exhibition space to make people not visiting for Mona Lisa but for other artworks. Mona Lisa undoubtedly an amazing Iconic of art and no one can deny that but there are also some works that deserve to be as famous as Mona Lisa. Museums often receive donations from diverse sources. These reasons behind these donations tends to be different from one individual to another.

According to some data, there are three significant reasons why millennials donate to museums. First, some value personal collections. Such individuals donate since they like what a museum works toward and stands for. Second, cultural organizations "might not be meeting the millennial generation where they are". Most millennials are on digital platforms and donating to museums is their way of reaching out to cultural organizations.

Finally, museums are not actively asking the millennials to donate, which makes the latter feel left out and willing to donate.However, despite the reasons given above, that museums ought to have clearer policies on donations compared to what is presently available. Even though the management bodies of museums tend to be aware of the issues and challenges related to donations, the available procedures and policies tend to be insufficiently detailed and out of date. This causes loopholes that can be manipulated by some other or the museum for selfish gains. Some issues that arise in this case include money laundering and inappropriate donations. Some donations can be done with ill motives.

Therefore, museums need to focus on risk management processes, governance, and stakeholder management to ensure they come up with policies that adequately regulate donations. Failure to do so can result in museums receiving donations from diverse with ulterior motives. In turn, this can give such museums bad reputations that can deter good from getting involved with them.

Paper for above instructions

Implementing Public Key Infrastructure (PKI) and Encryption at Quality Medical Company (QMC)

Introduction

The rapid expansion of Quality Medical Company (QMC) in the pharmaceutical industry brings with it a myriad of obligations to comply with various legislative and regulatory frameworks. As the Chief Information Technology Security Officer (CISO), I am tasked with ensuring that our company adopts appropriate security measures, particularly the deployment of a Public Key Infrastructure (PKI) and encryption solutions, to protect sensitive data and uphold our legal responsibilities. This report elucidates a comprehensive plan for the implementation of PKI, alongside encryption solutions, focusing on regulatory compliance and safeguarding our data both at rest (DAR) and in motion (DIM).

Understanding the Legal Landscape

Compliance for QMC is critical, given our operations in a sensitive sector governed by numerous laws, including:
1. Sarbanes-Oxley Act (SOX): Ensures accurate financial disclosure and accountability.
2. Gramm-Leach-Bliley Act (GLBA): Mandates the protection of clients’ financial information.
3. Health Insurance Portability and Accountability Act (HIPAA): Protects sensitive healthcare data.
4. Intellectual Property Laws: Protects proprietary information and innovations.
5. General Data Protection Regulation (GDPR): Imposes strict guidelines on data privacy, especially for personally identifiable information (PII).
The implications of non-compliance are severe, ranging from financial penalties to reputational harm, therefore emphasizing the importance of a robust PKI and encryption strategy (Keeney, 2018).

Identifying Data Types and Their Sensitivity

For effective implementation, it is essential to categorize the different types of data QMC processes. The critical data types include:
- Financial Data: Involving customer and company financial details subject to SOX and GLBA.
- Healthcare Information: Ensured privacy under HIPAA.
- Employee Information: Containing PII that falls under GDPR and general privacy laws.
- Intellectual Property: Research and development data crucial for maintaining competitive advantage.
This classification helps to determine which regulations apply to specific data types and guides the PKI and encryption requirements.

PKI Implementation Plan

1. Assessment and Design:
- Conduct a thorough assessment of existing systems and data flows.
- Design a PKI architecture that includes a Certificate Authority (CA), Registration Authority (RA), and a management platform with user access controls (Fischer & Konrad, 2019).
2. Deployment of Digital Certificates:
- Issue digital certificates to authorized personnel and devices within and outside the organization.
- Develop policies for the management of these certificates, including lifecycle management and renewal processes (Kaur & Kumar, 2020).
3. Key Management Practices:
- Implement stringent key management protocols to safeguard private keys associated with digital certificates.
- Establish a secure cryptographic hardware security module (HSM) to store private keys safely (Garcia, 2020).
4. Training and Awareness:
- Conduct training sessions for employees regarding the importance of PKI and encryption in protecting sensitive data.
- Develop an ongoing awareness program that addresses emerging threats and the significance of compliance (Davis & Houghton, 2017).
5. Monitoring and Reporting:
- Implement logging and monitoring systems to generate alerts for unauthorized access or anomalies in data usage (Chen et al., 2018).
- Provide senior management with regular updates on compliance status and risk assessments.

Encryption Solutions

To comply with regulations and enhance data security, QMC must adopt encryption solutions for both data at rest (DAR) and data in motion (DIM).
1. Data-at-Rest Encryption:
- Utilize encryption algorithms such as Advanced Encryption Standard (AES) to protect sensitive information stored on drives and databases.
- Implement file and volume encryption tools to ensure that sensitive data is not accessible to unauthorized users (Mestek & Burger, 2019).
2. Data-in-Motion Encryption:
- Deploy transport layer security (TLS) protocols for securing communications across the network, including emails and instant messaging.
- Utilize Secure/Multipurpose Internet Mail Extensions (S/MIME) for secure email communications between clients and employees (Stallings, 2017).
3. Access Controls and Role-Based Permissions:
- Implement strict access control measures to ensure only authorized personnel can view sensitive information.
- Adopt role-based access controls (RBAC) that align with the principle of least privilege to minimize potential data exposure (Al-Hawari, 2021).

Conclusion

In summary, the adoption of a robust PKI and encryption strategy is imperative for Quality Medical Company to meet the complex compliance requirements while safeguarding sensitive data. This plan outlines specific initiatives, including the assessment and design, key management practices, awareness training, and effective encryption solutions. By doing so, QMC not only protects itself from potential compliance breaches but also establishes a foundation for sustainable growth and innovation in the pharmaceutical sector.

References

1. Al-Hawari, M. A. (2021). Access control mechanisms in cloud computing: A review. International Journal of Information Security, 20(5), 661-676.
2. Chen, L., Wong, H., & Wu, T. (2018). A comprehensive assessment of information security governance based on the COBIT framework. Journal of Information Systems, 32(2), 29-50.
3. Davis, T., & Houghton, M. (2017). Understanding the security threats in cloud computing. International Journal of Cloud Computing and Services Science, 6(2), 83-90.
4. Fischer, J., & Konrad, M. (2019). Public key infrastructure: A comprehensive approach to security solutions. International Journal of Computer Applications, 182(5), 32-38.
5. Garcia, A. (2020). Cryptographic techniques and their implications for data protection. Journal of Cybersecurity Research, 16(1), 1-16.
6. Kaur, M., & Kumar, N. (2020). An overview of PKI technology and issues. International Journal of Computer Applications, 975, 5-10.
7. Keeney, R. L. (2018). Data governance and regulatory compliance in healthcare: Recommendations for best practices. Health Information Science and Systems, 6(1), 1-10.
8. Mestek, M., & Burger, H. (2019). The challenges of data encryption technologies in enterprise environments. Journal of Information Security, 10(3), 99-110.
9. Stallings, W. (2017). Network Security Essentials: Applications and Standards. Pearson.
10. Wylie, S. (2022). The potential of blockchain technology in compliance and risk management. International Journal of Information Security, 21(4), 815-829.
By following this comprehensive plan, Quality Medical Company can strategically protect its sensitive data while navigating the complexities of regulatory compliance in the pharmaceutical landscape.