Assignment 8
docx
keyboard_arrow_up
School
Capella University *
*We aren’t endorsed by this school
Course
COM1000
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
10
Uploaded by CommodorePenguin2708
IT4803 - System Assurance Security
Assignment 8 Template
Part 1: Lab Exercise
Screenshots:
Insert and title (with step number) all screenshots in the same order as the order specified in the assignment directions. Sec 1. Part 1 step 11
1
Sec 1 part 1 step 17
Sec. 1 part 4 step 22
2
Sec 2 part 1 step 5
Sec 2 part 2 step 9
3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Sec 2 part 2 step 4
Sec 2 part 3 step 5
Part 1.3 Response: 4
An Asymmetric encryption uses a related pair of keys for decryption and encryption. If public key is used for encryption, then the private key will be used for decryption. If a private key is used for encryption, then the public key will be used for decryption. One of the other will encrypt and the other will decrypt that is why both are important and needed in an asymmetric
key pair.
5
Part 2: Security Planning
6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
[Enter content for Part 2 of the assignment here – make sure to label your work appropriately.]
[Item 2.1]:
Encryption Usage Policy
1.
Purpose This Encryption policy sets out the principles and expectations of how and when information should be encrypted.
2.0 Scope
This Encryption Usage Policy applies to all staff across all Laskondo’s Health Care Facilities. The Encryption Usage Policy applies to all systems equipment, facilities, and information within the scope of the security program. All employees or volunteers that may have to deal with cryptographic systems or keying material are subject to this policy.
3.0 Policy Statement The Encryption Usage Policy defines the requirements for cryptographic controls as well as the requirements for cryptographic keys to protect the confidentiality and integrity of Laskondos Health Care Systems. 4.0 Policy 1. Servers that are not in an Approved Secure Data Center are required to have the data and information stored and protected with encryption.
2. Data Centers that do contain information of various classes and are accessed should be protected and encrypted. 3. All protected information contained on laptops such as files, folders, or full disks, should be encrypted.
4. All mobile devices used within our secure network must accept security standards to encrypt said devices.
5. External devices are required to have protected information encrypted.
6. Encryption SHOULD NOT BE REMOVED or DISABLED from any device or data without approval from the correct parties.
7. All transmission of protected information across public networks must ensure the integrity of protected information.
8. Losing or forgetting encryption keys will render the information unusable so it is critical
that these are correctly managed. 7
6.0 Definitions Encryption: The process of converting information or data into code, to prevent unauthorized access. Cryptographic: The art of writing or solving code.
7.0 Key Management
1. The key management service must provide key access to specific users.
2. These users should be able to create, schedule delete, enable/disable rotation, and set usage policies for keys.
3. The key management service must store backup keys.
4. The key management service should rotate keys at least every 6 months.
8.0 Secret Key 1, Keys used for secret key encryption keys must be protected.
2.
During distribution these keys must be encrypted using a stronger algorithm with a key length for that algorithm. 9.0 Public Key
1. Public key cryptography uses public- private key pairs. 2. The public key is passed to the certificate authority to be included in the digital certificate issued to the end user. This is available to everyone whom it is issued to. 3. The private key will only be available to the end user who the corresponding digital certificate is issued to.
10.0 Enforcement Anyone in breach of this policy will be subject to disciplinary action. 11.0 Version 1.0 06/04/23 Encryption Usage Policy
Approved by Janie Craig 8
[Item 2.2]:
Remote Access Policy
1.
Purpose This Remote Access Policy is to define the standards for connecting to Laskodos network from any end user device. 2.0 Scope
This policy applies to all Laskondos Healthcare employees, volunteers, or third-party vendors that may use Laskondo owned, personally owned, or any workstations that are connected to the healthcare network. 3.0 Policy Statement The Remote Access Policy is designed to minimize the potential security exposure to health care systems. Potential damage may be the loss of sensitive data, intellectual property, damage to public image, and damage to the internal systems. 5.0 Policy 1.
Use of a VPN access in ways that are not consistent with the main purpose of the healthcare system may be disciplined. 2.
Employees must use secure remote access procedures.
3.
Employees must agree to never disclose their passwords to anyone.
4.
Valid and up to date virus protection must be used.
5.
All remote access users using personal devices connected to the healthcare network should always notify the correct IT parties if they suspected any infections.
6.
All remote users must be on a “time-out” system. These remote access sessions will time out after a specific time of inactivity.
7.
The remote access user must agree and accept that these systems may be monitored to better identify any suspicious or unusual activity.
8.
Data transmitted between remotely situated workstations and the network must be encrypted. 6.0 Definitions VPN- A method of employing encryption to provide secure access to a remote computer over the internet. 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
9.0 Exceptions
Any exceptions must be approved by the CISO in advance. 10.0 Enforcement Anyone in breach of this policy will be subject to disciplinary action. 11.0 Version 1.0 06/04/23 Remote Access Policy
Approved by Janie Craig 10