CI7300 Data Management and Governance.
Part A: Cryptography
A small private healthcare organization has contracted you to investigate the requirements of encryption in their information systems and to develop a robust policy for its use. Write a formal report outlining your findings and presenting your recommendations.
Some topics you could address:
1. The range of documents and messages to be encrypted, e.g. Electronic Health Records (HER), Electronic Patient Records (EPR) and their security requirements.
2. The different objectives of the deployed cryptosystems, i.e. Confidentiality, Integrity, Authentication.
3. The specific cryptographic algorithms and architectures available, along with their relative advantages and drawbacks. Which will be best suited for which purposes?
4. How will the cryptographic protection of static documents (e.g. those stored on a server) differ from that of documents in transit (e.g. transferred within and between sites)?
5. Will there be issues of compatibility between the organization`s cryptographic policy, and that of the NHS?
6. How will your solution scale with the possible future development of the organization?
7. How will cryptographic keys (and certificates) be created and managed?
8. How will the different levels of authorization within the organization be managed?
9. How will the effectiveness of your solution be monitored and assessed?
These are only suggestions: your report will likely not cover all of themand you may discover others of equal importance whichyou might want to address. (Please contact the assessor if you have any concerns.) You may draw upon the material taught in class and/or your own independent research, but make sure you cite all your information sources. Feel free to make any assumptions you feel are necessary, but state and justify these.
Suggested word-count:2,000
Part B: Data Governance and Identity Theft
Select an identity theft story from the media or from the literature or stories you heard of or experienced.In order to contain the scope of the assignment, it is suggested you focus on two issues for the Health Information Governance.
In this Part you are required to Identify and discuss the following:
The strength and weaknesses of the approach that was adopted. Describe the symptoms of what went well or badly.
What the theory and standards suggest you should do. Based on the course materials or other sources, describe what the theory suggests that you should do.
Say what you would do if you had time again or if faced with the same problem of Health information governance and network security.