PKI and Encryption at Work

Learning Objectives and Outcomes

• Develop a plan to deploy public key infrastructure (PKI) and encryption solutions to protect data and information.

Assignment Requirements

In
this assignment, you play the role of chief information technology (IT)
security officer for the Quality Medical Company (QMC). QMC is a
publicly traded company operating in the pharmaceutical industry.

QMC
is expanding its arena of work through an increase in the number of
clients and products. The senior management of the company is highly
concerned about complying with the multitude of legislative and
regulatory laws and issues in place. The company has an internal
compliance and risk management team to take care of all the
compliance-related issues. The company needs to make important decisions
about the bulk of resources they will need to meet the voluminous
compliance requirements arising from the multidimensional challenge of
expansion.

QMC will be required to conform to the following compliance issues:

• Public-company regulations, such as the Sarbanes-Oxley (SOX) Act
• Regulations
  affecting financial companies, companies that make loans and charge
  interest, such as the U.S. Securities and Exchange Commission (SEC)
  rules and Gramm-Leach-Bliley Act (GLBA)
• Regulations affecting healthcare privacy information, such as Health Insurance Portability and Accountability Act (HIPAA)
• Intellectual
  Property Law that is important for information asset protection
  particularly for organizations in the pharmaceutical and technology
  industry
• Regulations affecting the privacy of information,
  including personal identification information, such as personally
  identifiable information (PII) regularly collected from employees,
  customers, and end users
• Corporate governance policies including
  disclosures to the board of directors and the auditors and the policies
  related to human resources, governance, harassment, code of conduct,
  and ethics

Compliance with regulatory requirements implies
encrypting sensitive data at rest (DAR) and allowing access to
role-holders in the enterprise who require the access. It also implies
that sensitive data in motion (DIM) or data that is being communicated
via e-mail, instant message (IM), or even Web e-mail must be suitably
protected and sent only to the individuals who have a right to view it.
The company is conscious about the loss they may face in terms of
penalty and brand damage if they fail to abide by the compliance laws,
especially in the online information transfer phase. Therefore, as a
dedicated employee, your task is to develop a content monitoring
strategy using PKI as a potential solution. You will need to determine a
process or method to identify multiple data types, processes, and
organizational policies. Incorporate them into a plan, and select a PKI
solution that will effectively address the content management needs of
your company.

You need to present your PKI solution in the form of a professional report to the senior management.

Required Resources

None

Submission Requirements

• Format: Microsoft Word
• Font: Arial, 12-Point, Double-Space
• Citation Style: APA
• Length: 1–2 pages

Self-Assessment Checklist

Use the following checklist to support your work on the assignment:

• I have identified specific data types related to the specific compliance regulatory requirements.
• I have indicated a solution for sharing data beyond the borders of the organization.
• I have appropriately selected and developed a PKI solution for content control.
• I have followed the submission requirements.