Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 214 times |
Download: | 1 times |
Brooks Evans – CISSP-ISSEP, Security+
IT Security Officer
Arkansas Department of Human Services
TopicsTopics
Requirements of State Requirements of State AgenciesAgencies Act 722 of 2007: State agencies are
required to use or permit the use of electronic signatures by June 2009.
Risk Assessment for Business Risk Assessment for Business ProcessProcess1. Importance of identity verification
for trusted person2. Importance of knowing person who
signed was person validated in #13. Importance that document has not
changed since it was signed
http://www.dis.arkansas.gov/poli_stan_bestpract/standards.htm
Digital vs. Electronic Digital vs. Electronic SignaturesSignatures Electronic Signature: An electronic
sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
Digital vs. Electronic Digital vs. Electronic SignaturesSignatures Digital Signature: A type of electronic
signature that relies on a public key infrastructure (PKI) to provide a unique identifier and link the signature to the record, authenticating both the signer and the document.
Public Key InfrastructurePublic Key Infrastructure
Available TechnologiesAvailable Technologies Low Level Validation
Self-Generated Certificate Available in Word and Acrobat for Free
Image of Wet Signature User scans signature and pastes into
document Signature on Electronic Tablet
User signs document on screen without special signature software
Available TechnologiesAvailable Technologies
Medium Level Validation Certificate Purchased from Public CA
~$20/year Easy for third parties to acquire Difficult to manage with large number of
users Wet-Signature with Trusted Method
~$300/device
~$100/licenseSoftware such as IntegriSign
Available TechnologiesAvailable Technologies
Medium Level Validation Internal CA
Requires significant policy and technical setup
Requires SAS70 audit and root signing if to be trusted outside organization
Automates distribution and management of large number of user certificates to user devices such as PC or smart card
Certificate price decreases as use increases
Available TechnologiesAvailable Technologies
High Level Validation Same methods as medium level, but the
CA or root signer requires more documentation to validate identity
This typically costs more due to higher risk and bond coverage
Brooks Evans – CISSP-ISSEP, Security+
IT Security Officer
Arkansas Department of Human Services