Cryptography, Data Governance, and Network Security

Cryptography, Data Governance, and Network Security

Student’s Name and Number

Institutional Affiliation

Course Name and Number

Instructor’s Name

Assignment Due Date

Part A: cryptography

Many people experience problems with how they will ensure that their information is well protected and kept away from being hacked. Cyber insecurity has been of concern, and every person is looking for ways to safeguard their data. In this case, cryptography has been the best solution to this problem. So what exactly is cryptography, and why is it considered as the best measure to protect data? Cryptography is the technology that is used in protecting and safeguarding information by encrypting the messages and converting them into more secure data. It is a procedure that is used to store and transmit data in a specific form, such that it is only those people whom the message has been intended to can be able to read it. In today’s world, many people employ cryptography to offer secrecy and integrity in their data and to provide authentication for their communications. In this paper, all the requirements that are responsible for encrypting the information of the small healthcare organization, and their robust policy that they would employ is discussed.

In a healthcare organization, some necessary documents and messages need to be encrypted. Let’s begin with how the electronic health records would be secured and prevented from being manipulated by people or landing into the wrong hands. Several measures can be taken to ensure the success of encrypting the EHR. The primary measure is to put access control, which includes putting into place things like PINs or even passwords, which in turn would help in reducing the number of people who have the authorization of accessing the information. Let’s now take a look into the necessary steps that are needed so that these EHR can be secured.

The first step is ensuring that the antivirus is installed so that the encrypted messages can be protected from being spoilt. It would also be necessary to have an intrusion detection mechanism so that any person who is not authorized will not access it, thus preventing the manipulation of the information. There is also a need to ensure that the data accessibility is under control and that not everyone is allowed to access the information. It would also be necessary to train the workers to identify and recognize any potential attack on their data. It is also essential that any wireless network available in the organizations and the messaging systems be secured and protected from any malware. Lastly, it would be advisable for the healthcare organization to be keen and take note of each device that their data passes through.

The other essential document to be encrypted is the electronic patient’s records. These records are essential as they might be used to make payments or even make a follow up concerning how patients are treated in that facility. The first step of ensuring that this goal is achieved is by having secure locations that would be used to store charts, and this would ensure that only authorized people are allowed to access the information. The other important way has data encryption. In this case, the information is coded in a way that it only accessed by the authorized programs or those users who have the access code. In this way, the patient’s data, such as the diagnosis results or the patient’s histories to any referrals, will be successfully transferred to the patient portal and would be much safer.

The small healthcare organization could also use cryptographic algorithms as a way of securing their information. In today’s world, this has proven to be the most successful way of encrypting information. It involves the changing of data from a text that is readable to a more protected form and then altering it again back to the readable form. The types of cryptographic algorithms available include a secret key, hash functions, and the public key. Knowing the types is one thing, and understanding their functions and where they would be applied is another concern. Let’s now examine the advantages and disadvantages of these algorithms and the specific places that they used.

The secret key is one that, for both encryption and decryption, is only one key used. It is advantageous in ensuring message confidentiality since it is faster when compared to the public key. The main drawback that is associated with the use of the same key is that it cannot be used to make sure that there is no repudiation. It means that, if a person as able to decipher a message, there would be no evidence that the sender encrypted it since there would be a possibility that one would claim that you encrypted the message. The other key is the public key, and in this type, one key is used for encryption while another is used for decryption. The purpose of this key is to verify and clarify the authenticity of the person who sends the message. It is also used when there is a need to exchange the key used in secret-key cryptography. The advantage of this key is that it provides increased security on the information of the organization. The main disadvantage of this type of key is that it requires a different mechanism that is reliable outside the symmetric mechanism to distribute the keys. Apart from that, it requires a large number of keys to operate. The other essential key in cryptography is the hash function. In this encryption algorithm, a one-way mathematical transformation is normally used, and typically, it is always hard to reverse it. It is typically used for message integrity and authentication. The merits of this key are that it is simple to use and to understand when compared to other keys. The disadvantage of this key is that if used while closed, it becomes inconvenient to handle collisions.

After understanding the types of cryptography keys, the next question that arises is how these keys would be created and how they would be managed to ensure that information are well secured and protected. It is important to note that these cryptographic keys are responsible for making both encryption and decryption possible. So how exactly do you create these keys? In any computer system, the integers are what is referred to as the cryptography keys. To generate these keys, one can employ the use of a random number generator. However, some prefer to use a pseudorandom number generator to generate the keys. It is vital to note that this is usually a computer algorithm, and it normally produces data where tends to appear randomly under analysis. With these two methods, one can successfully create the encryption keys and ensure that their data and messages are well secured from cybersecurity threats.

After creating the key, how do you ensure that they are well managed and functioning according to the set objectives of ensuring that the information about your health organization is well secured? Cryptographic keys can be managed by administering their full lifecycle, a process known as key management. During this process, the keys are generated and then used, and later on, they are stored, archived, or even deleted. In this way, the keys would be well managed. Another possible way that these encryption keys can be protected is by limiting the number of people who can access them, whether physically, through user access, or simply logically. With this, the messages would be safeguarded from landing onto unauthorized hands.

Having discovered how the cryptographic keys would be created and managed, let’s now look at what kinds of documents are protected by the encryption. Two main documents are protected: those which are static, for instance, those stored in the server. It means that these documents do not move; they are stored in the cloud, computers, or even mobile phones. The challenge here would be how to ensure that the data in the local storage are not intercepted and manipulated. The other types of documents are those in transit, such as those which are freely moved from and between one site to another. In this case, the data travels through the networks and across the digital channels from one location to another. The greatest concern that arises, in this case, is how data would be protected from being lost or being manipulated along the way as it moves from network to network. The cryptographic protection of these two documents greatly differs.

During the protection of the documents in transit, it is important first to put the access control such that, when it is moving, only those who have the pin can access the data. It is different for the documents that are static as the main encryption protection would be to put firewalls that would ensure that the information is well protected. It would mean employing measures like defense in depth to secure the health organization data.

The primary goal of cryptography is to ensure that all the information properties are well preserved through mathematical means. There are various objectives for cryptography used in the protection of data and ensuring that this goal is achieved. They include confidentiality, data integrity, authentication, and lastly, the irrevocability. Confidentiality is, at times, referred to as the secrecy or even privacy that information is accorded. Typically, it can be thought to be the assurance that one gets that the person who reads the message is only the intended one and not any other person. Its main function is to maintain and keep the information safe from landing into unauthorized persons. For this to be attained, mathematical algorithms or physical methods are used. The achievement of cryptography confidentiality is usually through the use of scrambled text, the encrypted text, or even at times the ciphertext.

The other objective is data integrity, and this is the assurance that a piece of information has not been tampered with and altered. In most cases, it assists in identifying the data services that have been altered. It is common for data to be altered as a result of attacks from unauthorized persons. The essence of this service would be ensuring the information received by the receiver has not been altered in any way changed any means. In contrast, the information was being transferred from one location to another. In cryptography, this integrity of data is achieved through the use of hashing.

Another essential objective is authentication. In this case, a person is given the assurance that the message’s sender is the person they claim to be. Therefore, the recipient of the information should be able to identify the sender of the information and verify that they are indeed the sender. The last objective is irrevocability, which ensures that a person can’t deny that they are the authorship of the sent message.

In conclusion, based on the above discussion, it can be said that data is the essential thing in any organization. Apart from that, we all know that in today’s world, data is one of the biggest assets that people own, and therefore we all struggle to ensure that they are well protected and safeguarded from any kind of malware protection. The loss of these data would mean an organization would suffer a big loss. From this exercise, we can say that cryptography has played a big role in ensuring that all the documents of an organization are well protected. It is also vital to know how to create the keys and ways that they could be possibly managed so that the security and protection of the data are guaranteed. If all the cryptography requirements are properly followed, the small healthcare organization would be assured of their data and information being safe.