As a security architect and cryptography specialist for Superior Health Care, you’re familiar with the information systems throughout the company and the ranges of sensitivity in the information that is used, stored, and transmitted.
You’re also expected to understand health care regulations and guidelines because you’re responsible for advising the chief information security officer, or CISO, on a range of patient services, including the confidentiality and integrity of billing, payments, and insurance claims processing, as well as the security of patient information covered under the Health Insurance Portability and Accountability Act, or HIPAA.
You also have a team of security engineers, SEs, that help implement new cryptographic plans and policies and collaborate with the IT deployment and operations department during migrations to new technology initiatives.
This week, the CISO calls you into his office to let you know about the company’s latest initiative.
“We’re implementing eFi, web-based electronic health care, and that means we need to modernize our enterprise key management system during the migration,” he says.
The CISO asks for an enterprise key management plan that identifies the top components, possible solutions, comparisons of each solution, risks and benefits, and proposed risk mitigations.
The plan will help create an enterprise key management system.
The SEs would be responsible for the implementation, operation, and maintenance of the plan and system.
The CISO also wants you to come up with an enterprise key management policy that provides processes, procedures, rules of behavior, and training.
The new web-based system needs to be running in a month. So, you’ll have a week to put together your enterprise key management plan and the accompanying policy.