The rapid growth of the Internet and associated e-business opportunities, has spurred an urgent need for trusted e-security.
With the advent of the Electronic Communication and Transactions Act (ECT Act), an organisation now not only has to safeguard its own sensitive information and details of customers, but it also has to be able to provide evidence that it has satisfied regulatory requirements. This legal evidence could come into play should a dispute regarding the electronic transaction ever arise.
When it comes to the confidential database of an organisation, three considerations are of significance:
* Integrity of the database.
* The legal implications should the database be tampered with.
* Evidence - of who tampered with the database and the security measures in place to prevent such a threat.
There are many areas of vulnerabilities that pertain to a database, says Christi Peens, executive at NamITrust, NamITech.
"These vulnerabilities range from simple human error such as entering mistakes, through to malicious damage. It is possible to manage such problems using regular back-ups to permanent read-only media, general network security and controlled access. However, in order to address the second two considerations, that is the legal implications and evidence, organisations should be looking towards PKI using digital signatures."
Digital signatures are persistent evidence of who has committed a transaction. The associated encryption technology ensures that only an authorised individual can access the database and effect changes.
"It is this undisputable audit trail that will allow a company to prove, in court, the integrity of its database and thereby avoid the legal fallout of any alleged infraction," says Peens.
Following the repeal of the Computer Evidence Act and the passing of the ECT Act, electronic evidence may now be used in court to settle a dispute. But to ensure the validity of this electronic evidence, an organisation may be called upon to prove the integrity of its database. "Should an organisation be found lacking in its security measures around its confidential database, it may be held liable for the breach. It is for this reason that companies need to be able to provide forensic proof of the integrity of the database. Digital signatures have a vital role to play here as they are the only forensic component in the security of a database that legitimately proves integrity of data," concludes Peens.
For more information contact Christi Peens, NamITrust, 011 458 0000, [email protected]
About PKI
PKI uses digital certificates to protect valuable information using the following mechanisms:
* Authentication - validates the identity of machines and users.
* Encryption - encodes the data to ensure that information cannot be viewed by unauthorised users or machines.
* Digital signing - provides the electronic equivalent of a hand-written signature. It verifies the integrity of the data and determines whether it has been tampered with while in transit.
* Access control - determines which information a user or application can access and which operations it can perform once it gains access to another application.
* Non-repudiation - ensures that the communications, data exchanges and transactions are legally valid and irrevocable.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version