Case Scenario:
ABC company is a small but growing manufacturing company with revenues of approximately $25 million. Until now, the company has had a single headquarters and production facility in a Midwestern city, but it is building a separate sales office on the east coast which will open in a few months.
You are the Manager of IT at ABC, and you have been responsible for operating a basic set of computer applications in the Midwest office: order entry and fulfillment, financial and accounting systems, e-mail, and general office automation (word processing, etc.) You have been maintaining a Local Area Network connecting the office desktop computers to each other and to the applications running on the company servers, but there has been no access to these systems from outside the office.
You have been told by senior management that when the new sales office opens, the east coast staff must be able to enter new orders directly into the home office system using their desktop computers. They also need access to customer records and order status information. Furthermore, management wants to implement a new company website for customers to place orders online and to view their ordering history, current order status, and financial statement information without calling customer service.
You realize there are huge security implications implied by these changes. You have been uneasy in the past because the company has lacked a comprehensive computer security policy. Furthermore, most employees have not really understood all the security issues in the old "internal" computing environment. The new configuration with its networked offices and Internet-accessible elements will require more security awareness than ever. You see this as your opportunity, and imperative, to move the company to accept a formal corporate security standard. In the weeks ahead, you will begin to educate both management and system users regarding the components, necessity, and use of security standards for all of the new technologies that will be used, as well as for the current technology they have been using. In the end, you will develop all of this together into a complete corporate security program proposal.
Research the principles of symmetric and asymmetric encryption systems as well as the concepts of certificates and the Public Key Infrastructure. Then, post your opinions on the following to the Small Group Discussion Board:
Question 1: What are symmetric and asymmetric cryptosystems?
Question 2: What are the advantages and disadvantages of symmetric vs. asymmetric cryptosystems?
Question 3: In what situations do you feel each (asymmetric encryption and symmetric encryption) should be used?
Question 4: What are the roles played by Certificates and the PKI in the encryption process?