Identity Theft and Networking Security - Assignment Example

Part Data Governance Exercise Introduction The loss of patients’ s and operational details by nine National Health Service (NHS) trusts in England was indeed a waddle event for the Hackney Primary Care Trust that cropped major consequences on the overall healthcare industry of the UK. The incident imposed major impacts on more than hundreds of thousands of patients including adults and children, which raised a big question regarding data security measures of the public healthcare department and organisations. The breaches within the data security process resulted in the loss of records pertaining to the names and detail addresses of 160,000 children. It was primitively due to the failure of a disc arrival to an east London healthcare centre controlled by the NHS (BBC News, 2007). In relation to the scenario, NHS has faced a major challenge regarding the maintenance of patient information, which has grounded numbers of threats to the organisation along with its stakeholders including patients. In this regard, it is essential for NHS to adopt an effective set of cryptography system in its healthcare units to protect internal data. In response to avert the potential risk of losing data, NHS has been proposed to deploy an effective cryptographic algorithm cipher, ‘Red Pike’. Red Pike is one of the most effective ciphers developed by GCHQ, designed for protecting confidential information of the various kinds of organisations (Anderson & Roe, n.d.). Keeping with the notion of strengthening data security system, the report explores an in-depth understanding about the strengths and weaknesses of Red Pike to protect the internal and operational information of NHS. Moreover, the report also details and evaluates the safety of Red Pike to protect NHS operational information through different theoretical explanations. By the end, the report summarises the competencies of the Red Pike and recommends effective cipher for the organisation to protect internal information from external threats. Strengths and Weakness of Using a Classified Cipher: Red Pike Strengths The encryption of information and structuring them in accordance with the optimisation variety of the users can be considered as a major strength of Red Pike. The cryptographic characteristics of the cipher is designed with an exceptional form of coding that significantly protects unwanted guests and allows its users to gain the advantage of the cipher. The cryptographic algorithm of characteristics of the classified Red Pike provides major advantage to the users and organisations to analyse faults associated with the data security system. In this context, the deployment of Red Pike would enable the NHS trusts to build stronger security measures with the aim of protecting information from unauthorised users (Anderson 1997). The technical specification of Red Pike can also be considered as a major factor of the cipher that enables it to ensure strong security services concerning the internal data and information of the large organisations. Red Pike is generally known as a block cipher, which is designed with a lock size of 64-bits along with a 64-bits key lengths size that ensures to build a strong shield prior to unveil credential information about the organisations. Therefore, it would be effective for NHS trusts to protect unauthorised users at the very beginning stage of breaching security of the organisation’s valuable resources and assets. Additionally, the cipher also operates a basic function RC5" (add, XOR, and left shift) with no look-up tables. A five lines code without any virtual keys in the Red Pike cipher would also ensure to strengthen the data security system of the NHS trusts and protect information from the unofficial users (Anderson & Roe, n.d.). The Alleged Red Pike (ARP) with 64-bit, unavailability of look-up tables along with absence of virtual key schedule within the technical features of Red Pike would also empower the data security system of NHS and enable the organisation to build a strong shield from the unauthorised users. Additionally, the requirement of only few codes is also a beneficial aspect of this particular cipher, which can provide an easy procedure for the authorised users to store and exploit data or information of the organisation. Weaknesses The existence of ARP with 64-bit key size can be a major limitation for NHS while deploying Red Pike in its data security related functions. In relation to the size of the ARP, it is considerably an insecure aspect as compared to the modern technological standards. According to the technical specification, ARP comprises a pair of keys such as K1 and K2 that can be considered as semi-weak keys if E_K1 (E_K2 (M)) = M. In this context, the encryption process with K1 is quite similar as the decryption process with K2 (Anderson & Roe, n.d.). Nevertheless, when concerning the Feistel structure of the ARP along with its key schedule, it can be identified that there are 2^63 pairs in the cipher that can reduce the key space up to 2^63. In this context, the encryption process of Red Pike would feasibly an insecure process for NHS to prevent the access of unauthorised users (Anderson & Roe, n.d.). In relation to the functional attribute, the encryption process of Red Pike has a minimum option to the users to enter successfully to exploit data. In this context, the encryption process tends to restrict users to access after the failure of the first attempt and consume a specific amount of time for the users to access their credible and valid information codes. Therefore, it also creates major difficulties for the low skilled workers in the NHS trusts while configuring Red Pike into the internal operational process (Anderson & Kuhn, 1998). Theoretical Safety of Red Pike Today In relation to the emergence of technological advancements, the usage of a classified cipher has been widely accepted by the large or publicly held organisations to protect confidential information from different types of potential identity threats. In this context, Red Pike is one of the widely used ciphers mostly deployed by the governmental institutions to enhance data security measures their confidential data and information. The cipher comprises a set of key topographies that enable organisations to protect their vital information. However, Red Pike also have few major drawbacks that can impose major risk for the public institutions while averting threats from the organisational internal information. In this regard, the key size of 64-bit comprised within the ARP can be identified as a considerably insecure element of Red Pike as compared to the ciphers deployed in the modern data security measures. In relation to the present emerging technology era, organisations are often observed to formulate strong bit key size that can easily enable the encryption process to effectively protect the unauthorised users and ease access to the official users of the system. Therefore, with respect to the theoretical knowledge and understanding, the characteristics and nature of the encryption process by Red Pike can be argued as capable, but not capable enough, to build a strong shield against the breach of security codes. In this regard, it can create major threat for NHS causing loss valuable data from the emerging advancement of coding process by the external or unauthorised users. Recommending and Justifying Effective Cryptography System for NHS Encryption of data or confidential information of the organisations provides fundamental security measures in managing and protecting data from external or unauthorised guest users. The cryptography language in data protection process enables the security management system to convert credential information into secret codes and protect them from different types of external vulnerabilities (Smart, 2003). The Stream Cipher is one of the most effective encryption schemes deployed by Cisco routers that facilitate users to encrypt password with a considerably strong key-stream. The key-stream comprised in the Cisco’s Stream Cipher generally uses the following key-stream that tends to formulate strong encryption of data and protect them from any types of unidentified users (Kessler, 2014). dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncx Source: (Kessler, 2014) When a password of a particular user is to be encrypted, the encryption process selects a number from the range of 0 to 15, which further becomes an offset within the key-stream. In this process, a XORed byte-by-byte cryptographic algorithm method is used for characterising users’ passwords as illustrated below. Ci = Pi XOR K(offset+i) Where, K = Key-Stream P = Password in Plain Text C = Cipher-Text Password Source: (Kessler, 2014) In this context, the use of Cisco’s Stream Cipher would be an effective measure for NHS to formulate strong encryption of its internal data and users’ passwords and build strong shield to protect information from external users. Conclusion Although, Red Pike ensures to formulate strong security code of the information, it has significant flaws regarding its level of lock keys that can be a major threat for NHS to protect its confidentiality from unauthorised users. In this regard, it can be recommended that Cisco’s Stream Cipher would be an effective cryptographic system for NHS to build strong encryption of its internal information and protect it from potential identity threats. The deployment of Cisco’s Stream Cipher would be an effective set of security measure for NHS to redefine the users’ passwords and protect the accession of the guest and unauthorised users. References Anderson, R. & Kuhn, M. (1998). Low cost attacks on tamper resistant devices. The World Knowledge, pp. 125-136. Anderson, R. (1997). Reasons for algorithm choice. Retrieved from http://www.cl.cam.ac.uk/~rja14/zergo/node15.html Anderson, R. & Roe, M. (n.d.). The GCHQ Protocol and its Problems. Computer Laboratory, University of Cambridge, 1-15. BBC News. (2007). Nine NHS trusts lose patient data. Retrieved from http://news.bbc.co.uk/2/hi/7158019.stm Kessler, G. C. (2014). An overview of cryptography. Retrieved from http://www.garykessler.net/library/crypto.html#stream Smart, N. (2003). Cryptography, an introduction. The United Kingdom: McGraw-Hill. Part 2 Identity Theft and Networking Security Assignment Introduction In a recent occurrence, nine NHS trusts have witnessed immense criticism for losing clients’ name of details, which has been directly interlinked with the failure of the organisation to protect the information and its network services from identity theft and breach of networking security. With regard to the issue faced by the NHS trusts, it has been critically observed by the investigation of Department of Health (DoH) that the breach was performed due to inadequately safe security codes of the networking system (BBC News, 2007). In relation to the above stated scenario of losing confidential data by the NHS trusts, the report tends to justify the information governance and networking security system and suggest effective mechanism for the organisation to avert similar potential challenges in the near future. Prior to recommend a strong set of information governance and networking security system, the report would briefly discuss about the major strengths and weaknesses of the approach adopted by NHS regarding its practice of protecting internal information. Moreover, the report would also focus on relevant theories and standards in terms of suggesting an effective set of information governance system for NHS to protect its information from scandals or malfeasance by unauthorised users. Strengths and Weaknesses of Information Governance and Networking Security process Adopted by NHS An effective and well-built identity management and security awareness model can be regarded as a decisive approach taken by the organisation towards enhancing security controls, data ownership responsibility, along with maintaining security infrastructure of a particular enterprise. The Information System Security Policy Structure (ISMS) of NHS comprises an effective set of layers that are likely to maintain strong guidelines of exploiting its information and protecting them from external threats (Bates, 2013). The following figure herein depicts the fundamental aspects ISMS of NHS. Fig: Information System Security Policy of NHS (Bates, 2013) With reference to the fundamental aspects as related with the ISMS, it has been widely observed that NHS has been investing in developing its strategic approach aimed at the overall improvement of objective-oriented policy measures in order to ensure the efficient use of the information. However, the information governance measures have been significantly observed to be skipped over by the organisation that led it to face major issues when protecting confidentiality concerning clients’ details. In the context of the investigation process, few major flaws have been identified as existing in the information governance system of NHS that has further imposed major threats to the organisation (Bates, 2013; NHS Connecting for Health, n.d.). Evaluating Relevant Theories and Standards in response to the Importance of Information Governance In relation to the theoretical perspective, information or data governance can be regarded as one of the essential organisational practices of decision making along with authority to deal with any types of issues associated with data or information of the organisation. It is one of the fundamental systems of decision-making accountabilities and rights to effectively deal with information or data related processes of a particular organisation (Stallings, 2000). With regard to the academic understanding developed in this regard, an effective use of information governance not only helps an organisation to increase its value and revenue, the system also ensures to effectively deal with the issues or risks associated with data or information related vulnerabilities. Moreover, an adequate compliance with the information governance also protects organisations from potential threats relating to security threats and privacy of the confidential information. It further helps to gain effective management and controlling process of the internal data and information to increase the value of the organisations (Thomas, n.d.). With respect to the theoretical understanding, it can be critically asserted that the NHS trusts should highly focus on building a strong legislation procedure regarding the use of its information governance system. The organisation, in this regard, should emphasise the roles and importance of the system in protecting scandals and ensuring appropriate use of its confidential information. The theoretical concept of information governance also helps in developing and controlling the valuable roles of the system that can enable the NHS trusts along with other related departments of the organisation to improve their use of data and information in a more secured manner. The system is likely to facilitate the organisation to effectively deal with issues and ensure to protect organisations from different external threats and risks. Moreover, the development of strong set governing principles regarding the appropriate use of information and their protective measures would further help NHS to increase its value and preserve its competitive positioning in the UK’s healthcare industry (Keyser & Dainty 2004). Recommending Future Strategic Measures From a critical point of view, when considering the issues faced by NHS, it can be evidently recommended that the organisation should take an effective strategic measure in order to deal with the concerns associated with information scandal. Therefore, a well-built identity management and security awareness strategy is highly recommended for NHS to protect information fraud related activities and ensure development of a strong information governance system. Training Program for Hardening Security of the Information Systems Providing adequate learning and protective measures to each employee within the organisation can be considered as a primary activity for NHS to increase the value of its information governance system. In this regard, the data management and controlling measures associated with the user system would be instructed to deploy security lock, which can ensure adequate protection from the external threats to identity theft. Moreover, the training program would also ensure to provide adequate instruction to the users with substantial clarity to encourage them in proper use of each operating system associated with the operations of the NHS trusts (Mell et al., 2005). Securing the Network, Systems, and Peripherals In relation to the proposed identity management and security awareness-training plan, it is essential for the NHS trusts to provide adequate knowledge to the employees to improve their skill to troubleshoot various types of network related vulnerabilities. The strategy should also ensure the staff members to gain sufficient knowledge and uphold the security of its vital information. In order to increase the capability of the network, the training activities should further focus on educating employees in better alignment of network security devices with peripherals that are deployed to develop the performance of each of the NHS Trusts (Liu et al., 2009). Developing and Applying Security Patches and Fixes The development of security patches and their appropriate deployment is also a major consideration of the proposed information governance approach for the NHS trusts. In order to strengthen the security measure of the organisation’s internal information, formulating security patches for the operating system and communication networking devices would be a major aspect of consideration for NHS, as it would assist the organisation to maintain continuous transactions of data and information in a secured way (Liu et al., 2009; Mell et al., 2005). In addition, continuous monitoring, testing and documentation of the information and networking security related tools and applications can be considered as an essential activity for the NHS trusts to reduce the probability of any potential threat. Conclusion In relation to the issues associated with identity theft related information scandal in different NHS trusts, it is essential for the organisation to build a strong set of information governance principles. It has been identified from the evaluation of different theoretical learnings that the development of a strong and effective information governance framework would be an essential factor for the NHS trusts to protect its internal data from similar breaches as witnessed in its recent functioning. In this regard, the suggested identity management and security awareness strategy would provide adequate support to the organisation for improving its existing network related security processes. The aspects suggested in the proposed strategy would further help NHS to build a strong governance structure and ensure to effective exploitation of the data and information. References Bates, S. (2013). Nottinghamshire Healthcare NHS Trust. Information Systems Security 7.01, 1-9. Keyser T. & Dainty C. (2004). The information governance toolkit: data protection, caldicott confidentiality. London: Radcliffe Publishing Ltd. Liu, S., Kuhn, R. & Rossman. H. (2009). Surviving insecure IT: Effective patch management. IEEE Computer Society, 11(2), 49-51. Mell, P., Bergeron, T. & Henning, D. (2005). Creating a patch and vulnerability management program. National Institute of Standards and Technology, 2, 1-75. NHS Connecting for Health, (n.d.). NHS Information risk management. Retrieved from http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/security/risk/inforiskmgtgpg.pdf Stallings, W. (2000). Network Security Essentials. London: Prentice Hall. Thomas, G. (n.d.). The DGI data governance framework. Retrieved from http://datagovernance.com/dgi_framework.pdf Read More