CIS 333 Week 6 Case Study 2 Public Key Infrastructure
Case Study 2: Public Key Infrastructure
Min: 200 words needed for discussicon
Suppose you are the Information Security Director at a small software company. The organization currently utilizes a Microsoft Server 2012 Active Directory domain administered by your information security team. Mostly software developers and a relatively small number of administrative personnel comprise the remainder of the organization. You have convinced business unit leaders that it would be in the best interest of the company to use a public key infrastructure (PKI) in order to provide a framework that fosters confidentiality, integrity, authentication, and nonrepudiation. Email clients, virtual private network (VPN) products, Web server components, and domain controllers would utilize digital certificates issued by the certificate authority (CA). Additionally, the company would use digital certificates to sign software developed by the company in order to demonstrate
software authenticity to the customer.
Write a two to three (2-3) page paper in which you:
- Analyze the fundamentals of PKI, and determine the primary ways in which its features and functions could benefit your organization and its information security department.
- Propose one (1) way in which the PKI could assist in the process of signing the company’s software, and explain the main reason why a customer could then believe that software to be authentic.
- Compare and contrast public and in-house CAs. Include the positive and negative characteristics of each type of certificate authority, and provide a sound recommendation of and a justification for which you would consider implementing within your organization. Explain your rationale.
- Use at least three (3) quality resources in this assignment (no more than 2-3 years old) from material outside the textbook. Note: Wikipedia and similar Websites do not qualify as quality
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Explain how businesses apply cryptography in maintaining information security.
- Use technology and information resources to research issues in information systems security.
- Write clearly and concisely about network security topics using proper writing mechanics and technical style conventions
- I also need a
response to the following: 100 words min
I chose the Fortinet FortiGate Next-Generation Firewall solution for this subject because of its ability to provide scalability and ultra-low latency for its advanced security protection. Its multi-layered security provides protection against threats by securing any single vulnerable point in the network. This solution offers both an Intrusion Protection System (IPS) and a Data Loss Prevention (DLP). When used together, the systems monitor traffic for threats using signature detection and behavioral patterns to prevent system breaches. Any irregularities are prevented monitored through a central system and extensive logging. This early detection can help the I.T. Dept with catching it immediately in the system, placing stops on the traffic and allow an Admin to determine how to proceed from that point.
Large organizations such as Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona
State University, Levi Strauss & Co. use Fortinet to protect all their valuable data. It is important to these companies to keep their customers and employees information safe and secure.
The two major security considerations related to cloud deployments are security and compliance of how information is transferred and stored. When using the cloud, information is constantly going back and forth across open and sometimes unsecure networks. Cloud infrastructure and processes are no longer in the owners control and may not meet their level of security controls. It is important that cloud services provide the highest level of security and compliance processes to ensure that systems are not breached, leaving customers data vulnerable and exposed.