Case Study 2: Public Key Infrastructure
Due Week 6 and worth 60 points
Suppose you are the Information Security Director
at a small software company. The organization currently utilizes a Microsoft
Server 2012 Active Directory domain administered by your information security
team. Mostly software developers and a relatively small number of
administrative personnel comprise the remainder of the organization. You have
convinced business unit leaders that it would be in the best interest of the
company to use a public key infrastructure (PKI) in order to provide a
framework that fosters confidentiality, integrity, authentication, and
nonrepudiation. Email clients, virtual private network (VPN) products, Web
server components, and domain controllers would utilize digital certificates
issued by the certificate authority (CA). Additionally, the company would use
digital certificates to sign software developed by the company in order to
demonstrate software authenticity to the customer.
Write a two to three (2-3) page paper in which you:
1.
Analyze the
fundamentals of PKI, and determine the primary ways in which its features and
functions could benefit your organization and its information security
department.
2.
Propose one (1)
way in which the PKI could assist in the process of signing the company’s
software, and explain the main reason why a customer could then believe that
software to be authentic.
3.
Compare and
contrast public and in-house CAs. Include the positive and negative
characteristics of each type of certificate authority, and provide a sound
recommendation of and a justification for which you would consider implementing
within your organization. Explain your rationale.
4.
Use at least
three (3) quality resources in this assignment (no more than 2-3 years old) from
material outside the textbook. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting
requirements:
·
Be typed, double
spaced, using Times New Roman font (size 12), with one-inch margins on all
sides; citations and references must follow APA or school-specific format.
Check with your professor for any additional instructions.
·
Include a cover
page containing the title of the assignment, the student’s name, the
professor’s name, the course title, and the date. The cover page and the
reference page are not included in the required assignment page length.
The specific course learning outcomes associated
with this assignment are:
·
Explain how
businesses apply cryptography in maintaining information security.
·
Use technology
and information resources to research issues in information systems security.
·
Write clearly
and concisely about network security topics using proper writing mechanics and
technical style conventions.
Grading for this assignment will be based on answer
quality, logic / organization of the paper, and language and writing skills.
Click here to access the rubric for this assignment.
