A small private healthcare organization has contracted you to investigate the requirements of encryption in their information systems and to develop a robust policy for its use. Write a formal report outlining your findings and presenting your recommendations.
Some topics you could address:
1. The range of documents and messages to be encrypted, e.g. Electronic Health Records (HER), Electronic Patient Records (EPR) and their security requirements.
2. The different objectives of the deployed cryptosystems, i.e. Confidentiality, Authentication and Non-repudiation.
3. The specific cryptographic algorithms and architectures available, along with their relative advantages and drawbacks. Which will be best suited for which purposes?
4. How will the cryptographic protection of static documents (e.g. those stored on a server) differ from that of documents in transit (e.g. transferred within and between sites)?
5. Will there be issues of compatibility between the organization’s cryptographic policy, and that of the NHS?
6. How will your solution scale with the possible future development of the organization?
7. How will cryptographic keys (and certificates) be created and managed?
8. How will the different levels of authorization within the organization be managed?
9. How will the effectiveness of your solution be monitored and assessed?
These are only suggestions: your report will likely not cover all of themand you may discover others of equal importance which you might want to address. (Please contact the assessor if you have any concerns.) You may draw upon the material taught in class and/or your own independent research, but make sure you cite all your information sources. Feel free to make any assumptions you feel are necessary, but state and justify these.