You will often hear that the key to securing some information resources is by using encryption. This
Question:
You will often hear that the key to securing some information resources is by using encryption. This is a true statement. It is also much easier said than done. The biggest problem being the management of encryption keys. If you are doing private key encryption then everyone needs a copy of the key and needs to keep it secure. If you are doing public key encryption then somebody needs to provide a means to issue private keys and make the public key available to the other users. These are only some of the key management tasks that are necessary. To ease this process, PKI (Public Key Infrastructures) are necessary. When it comes to the issue of public key management, there are many options. Let's explore the options by discussing the points below. Use your textbook and/or outside sources to justify your reasoning and decisions. Be sure to cite your sources.
- Is it best to develop a PKI in-house, or outsource this system to a third party?
- Given Bayside Hospital’s EMR security requirements, how will certificates be handled?
- If in-house, how will you deploy the system?