Homework: Cryptography
Length: 1,250 to 1,800 words.
Scenario
ABC Insurance Company is one of the largest insurance companies in U.S. It has several branches/agents across the nation. Their branches can communicate with the central company headquarters and with each other through computer network. Customer information and company sensitive data has to be protected at all times. ABC Insurance Company has database servers, J2EE application server, and web application server for its employers to access. It allows the customers to access insurance policy information, purchase, and change or cancel insurance policies online, and other services. The customers include individual policy holders and business policy holders.
The company employees and the customers need login accounts to access the company servers. The company adopts the JRA architecture for the log-in capability. This infrastructure has many components. Many of the components consist of active directories, web servers, and databases. Each of the JRA architectures has a Business to Enterprise connection which is internal, Business to Customers which is individual policy customers and Business to Business which is business customers with the insurance company. These connections are called realms. Each realm is located at a different physical location.
ABC Insurance Company holds customer information which is a valued asset to the company. The company has to ensure that this information is confidential to have the customers' trust. The company has to protect the customers' insurance policies which are the drive for the company's success. Agents' login credentials and data needs to be secure too.
A problem with ABC Insurance Company is the amount of hours needed to maintain the architecture. ABC Insurance Company wants a different way to implement this architecture. It was suggested to virtualize the JRA architecture. Virtualization can enable processes to share resources more efficiently. This would have different operating systems, web servers, and databases run on a virtual machine. Each realm would run on one machine as a virtual realm. This would cut down component costs, and cut down manpower to maintain the architecture. Two or more realms can run on one machine if they face the same kind of risks.
Case Objectives:
1. Identify the vulnerabilities involved in implementing a new technology. Refer to NIST RMF as you will need to include this plan for this homework.
2. Determine the likelihood for a potential vulnerability.
3. Create a plan for Enterprise Governance, Risk and Compliance (eGRC) which shall also include a support plan.
4. Should include process integration for eGRC, workflows and enterprise change processes. For example, could look ServiceNow Enterprise Management platform.
5. Assess risk considering the likelihood of the occurrence of vulnerability, the information asset value, current controls and the uncertainty of current knowledge.
6. Determine the adverse impact resulting from a successful threat exercise of vulnerability.
7. Formulate a cost benefit analysis on adopting a new technology.
8. Assess risk level according to the likelihood of a vulnerability being exploited, and the impact of the vulnerability.
9. Recommend risk mitigation strategies for controlling risks.
10. Evaluate the risk mitigation strategies.
Describe Two fish and El Gamal
1. Functions
2. Strengths and Weaknesses
3. Structure and processes
4. Alternatives besides tables to thwart timing attacks
5. Relevant examples of modern applications/industry that utilize each algorithm
Format your homework according to the give formatting requirements:
1. The answer must be double spaced, typed, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the homework, the course title, the student's name, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The references and Citations should follow APA format. The reference page is not included in the required page length.