StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Public Key Infrastructure in Information Security - Case Study Example

Cite this document
Summary
The paper "Public Key Infrastructure in Information Security" describes that the cost of developing and maintaining the security of internally issued certificates outweighs the cost of acquiring certificates from a public certificate authority. The use of public CAs is economically justifiable…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.4% of users find it useful
Public Key Infrastructure in Information Security
Read Text Preview

Extract of sample "Public Key Infrastructure in Information Security"

Public Key Infrastructure in Information Security Introduction Currently, most business and non-profit organizations have digitized their data and information records. For example, use of hard-copy files in keeping client information by financial institutions is no longer practical today. Most organizations keep their data and information files in online secured databases. In addition, access, utilization and sharing of the digitized information takes place through secure servers. Unfortunately, advancement in information technology systems invariably triggers a corresponding increase in crimes associated with digital information. The increase in information related crimes is responsible for presence of enhanced information security in organizations today (Lindsey, 2014). Technically, motivations for information related crimes are attributed to the economic importance of private information in technology platforms. For example, cyber attackers seek secret and valuable information either for economic benefits or for terrorism related causes. Whatever the motivating factors, organizations handling private information have a duty to protect and prevent valuable information from ending up into wrong hands. Consequently, organizations typically utilize information security systems like Microsoft Server Active Directory domains, and Public Key Infrastructure to foster information security. Public key Infrastructure: Features Undeniably, some information security systems are better than others. As the Information Security Director for a software company, I would prefer the use of Public Key Infrastructure to Microsoft Server domain in safeguarding vital information inside the organization. Technically, Public Key Infrastructure, commonly abbreviated as PKI, is a system of standardized policies and sequenced procedures meant to secure the sharing of information (Kim & Michael, 2014). In the past, hackers have successfully penetrated network infrastructures by employing tactics like sniffing, man-in-the-middle attack, and denial-of-service among others. These hacking tactics are usually easy to apply when attacking non encrypted networks. In this context, information security developers have learned the benefits of encryption, and distribution of authentication components through independent digital certificates. In essence, Public Key Infrastructure combines the concepts of digital certificates and key encryption in maintaining network security (Carlisle & Lloyd, 2013). Digital certificates are essentially digitized signatures of the certificate’s holder. In conventional platforms, digital certificates would be synonymous to passports. Every digital certificate contains the holder’s personal information, and guarantees a message’s receiver that a sent message is from a trusted source. All digital certificates are issued by a trusted agency, the Certification Authority commonly abbreviated as the CA. In Public Key Infrastructure, digital certificates are used in authenticating information sharing through Public Key Cryptography channels. Technically, Public Key Cryptography is an asymmetric key encryption technique which ensures that only the intended recipient accesses and reads the message sent through either secure or insecure channels (Lindsey, 2014). Therefore, a digital certificate is like a door key while Public Encryption Cryptography is like a corridor leading to a secure communication room. Inside the secure communication room, both public and private parties can share information without fear of data integrity and compromise on confidentiality. Admittedly, the discussed features of Public Key Infrastructure are reliable in ensuring data integrity and objective authentication. Digital certificates ensure that only a trusted sender and an authorized receiver engage in exchange of information. In addition, authentication of digital certificates is performed by a Public Key Cryptography serve. In this case, only the client and the serve have access to information contained within a digital certificate, thus the threats posed by third parties are eliminated (Kim & Michael, 2014). In addition, certificates used in Public Key Infrastructure contain standardized authentication details issued only by a single trusted agency, the Certificate Authority. As a result, clients inside the software organization will be assured that their certificate information is handled by a trusted and independent provider. In case of compromise on certificate details, certificate holders can easily approach the single provider, and get customized explanations and remedies in a timely manner (Lindsey, 2014). With respect to the technical advantages highlighted above, I would recommend utilization of PKI because it would not only foster information security within the responsible department, but also improve clients’ trust and reputation of the software company. PKI in Signing of Software Certificate In software development, signing of certificates involve the use of cryptographic codes that encrypts the identity of a certificate’s producer to the software. Whenever a customer opens software after purchase, a pop-up window opens and notify the user that the purchased software is legitimate and the identity of the producer have not been altered since the software was produced. Contrarily, illegitimate or altered software are followed by security warnings upon opening. In this context, Public Key Infrastructure can be primarily useful in the process of signing software produced by the company. As aforementioned, certificate verification and authentication is one of the essential features of Public Key Infrastructure (Carlisle & Lloyd, 2013). Technically, software is an example of a digital certificate. Therefore, PKI allows publication of software’s information on a reference directory through the Public Key Cryptography feature. Encryption of the software details through Public Key Cryptography ensures that the software’s validity, authenticity and trustworthiness can be verified by third-party authorities (Carlisle & Lloyd, 2013). Since PKI facilitates the process of certificate issuing and authentication, then customers will be attracted by the legitimate and validity aspects of software signed using Public Key Infrastructure security system. Public versus In-house CAs Typically, digital certificates are issued by either private certificate authorities or public certificate authorities. Each of these authorities has specific benefits and shortcomings. In most cases, directors of information security departments have to decide whether to obtain digital certificates from a public or an in-house CA. Acquisition of certificates from public or external CAs is usually costly, and some public CAs charge up to thousands of dollars to issue a digital certificate. Despite being costly, customers and clients usually trust certificates provided by public CAs compared to those issues by in-house agencies. Contrarily, in-house or internal CAs allows an organization to issue as many certificates as possible for free. Despite being less costly, in-house CAs provide limited PKI security and accountability. Consequently, third parties do not necessarily trust the reliability of certificates issued by internal authorities (Kim & Michael, 2014). Therefore, most customers would rather pay the high amount charged by public CAs and gain enhanced PKI accountability from the CA as opposed to getting a free certificate that offers limited PKI security and accountability. Personally, I would recommend the use of public CAs issued digital certificates within the software company as compared to internal production and issuance of the certificates. Undeniably, use of public CAs would cost the company a significant amount of operation expense. However, the cost aspect of acquiring certificates should not take precedence over other factors like certificates’ PKI security and accountability. Whenever the security of internally issued certificates are compromised, the entire organization can be sued and fined exorbitantly for failing to protect clients’ information (Kim & Michael, 2014). In this context, the cost of developing and maintaining security of internally issued certificates outweighs the cost of acquiring certificates from a public certificate authority. Therefore, use of public CAs is economically justifiable compared to the use of in-house CAs. References Carlisle, A. & Lloyd, S. (2013). Understanding PKI: Concepts, Standards, and Deployment Considerations. Pittsburg: Addison-Wesley Publishers. Kim, D. & Michael, S. (2014). Fundamentals of Information Systems Security. New York, NY: Jones & Bartlett Learning. Lindsey, J. (2014). Public Key Infrastructure: Building Trusted Applications and Web Services. Indianapolis: CRC Press. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Cis333 week 6 case study 2 Example | Topics and Well Written Essays - 1000 words”, n.d.)
Cis333 week 6 case study 2 Example | Topics and Well Written Essays - 1000 words. Retrieved from https://studentshare.org/information-technology/1678164-cis333-week-6-case-study-2
(Cis333 Week 6 Case Study 2 Example | Topics and Well Written Essays - 1000 Words)
Cis333 Week 6 Case Study 2 Example | Topics and Well Written Essays - 1000 Words. https://studentshare.org/information-technology/1678164-cis333-week-6-case-study-2.
“Cis333 Week 6 Case Study 2 Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/information-technology/1678164-cis333-week-6-case-study-2.
  • Cited: 0 times

CHECK THESE SAMPLES OF Public Key Infrastructure in Information Security

Homeland Security and Critical Infrastructure Protection

This paper is a review of the book “Homeland security and Critical Infrastructure Protection” written by Collins and Bagget.... The paper tells that despite the few weaknesses of the book “Homeland security and Critical Infrastructure Protection”, the researcher strongly recommends its continued use as an important reference book in the course.... This is particularly because the book has effectively covered the background of the US homeland security issues....
5 Pages (1250 words) Book Report/Review

Network Security setup

The necessary security measure here is installation of updated anti-spyware and antivirus.... In order to ensure security at this domain, it is recommended to ensure proper addressing schemes, proper protocol selection and enhanced encryption of communication equipments.... security measures necessary at this stage is proper authentication, quality network design, authorization, node security, and accounting are an imperative security considerations at this domain....
7 Pages (1750 words) Research Paper

Information Technology and Public Key Cryptography

09 is considered to be an ITU-T standard that is known for public key infrastructure (PKI).... 00 system was not completely deployed, as the IETF working group associated with public key infrastructure has acquired the standard for the Internet that is considered to be a flexible environment (X.... The paper "Information Technology and public key Cryptography" states that to facilitate distinctive features of the web of trust systems, a modifiable message format was established by the PGP for encoding messages that are encrypted along with database entries, certificates....
4 Pages (1000 words) Essay

Homeland Security and Critical Infrastructure Protection

This essay "Homeland security and Critical Infrastructure Protection" is about a book by Pamela Collins and Ryan Baggett that takes a critical look at United State's infrastructure, as well as the manner in which this infrastructure needs to be protected.... In the book, the authors provide a compelling look, through a study of the infrastructure's current vulnerabilities, security gaps, and plans for its protection, of the systems that have been put in place....
5 Pages (1250 words) Essay

Critical Infrastructure Protection Funding

This generally would reflect laxity in the provision of security against the taxes that are paid by citizens.... Critical infrastructure (CI) includes assets and systems, virtual or physical that when destroyed could lead to a debilitating effect on national public health, security, national economic security, safety, or any combination of the above (Arreguín, 2002).... In fact, it is only in times of peace and relative security that critical infrastructures are characteristical, for granted taken....
2 Pages (500 words) Research Paper

Public Key Infrastructure

The management is convinced to implement public key infrastructure (PKI) as a framework to ensure integrity, confidentiality,.... With this regard the study focuses on analyzing the fundamentals of PKI and their application in public key infrastructure Case Overview The organization is presently using a Microsoft Server Active Directory domain which is administered bya team of information security.... The management is convinced to implement public key infrastructure (PKI) as a framework to ensure integrity, confidentiality, nonrepudiation and authentication in their operation....
2 Pages (500 words) Research Paper

Infrastructure and Security of Information Network

This coursework "Infrastructure and security of Information Network" designs and provides network infrastructure and security logical and physical topographical layout.... The paper the reason for the design of the layouts to the IT experts and to the management team of infrastructure and security systems.... It provides the organization security policy for infrastructure protection through the use of CIA principals.... The section provides a detailed discussion of vulnerabilities of infrastructure and security and provides solutions for the information network....
7 Pages (1750 words) Coursework

Energy Sector of Critical Infrastructures

The energy sector has been tasked with the responsibility of ensuring the health, safety, security, and stability of the people of the United States and the critical resources are safeguarded (Miara, Vörösmarty, Stewart, Wollheim & Rosenzweig, 2013).... The Department of Homeland security tasked with ensuring the safety and security of the nation's important resources and infrastructure has developed a list of 16 critical infrastructures that guarantee the safety, security, and health of the people of the US and their resources....
13 Pages (3250 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us