ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > The Challenges of Protecting Electronic Document Integrity

The Challenges of Protecting Electronic Document Integrity

| Published: 5/12/2014 7:30 AM | Category: Government-Regulatory | Permalink | Email this Post | Comments (0)
Haris HamidovicBy Haris Hamidovic, Ph.D., CIA, ISMS IA
 
The increased use of technologies that allow electronic document storage and electronic communication has led lawmakers and courts in many jurisdictions around the world to consider the legal status of such information and the legal effect of that communication. The laws pertaining to electronic documents in most countries are not sector-specific. The enactment of these laws means that all organizations will have to take appropriate measures to protect document integrity while using electronic documents in the ordinary course of business. Failure to take these measures is no longer just a lack of due professional care; it constitutes a violation of legal obligations and can result in fines.
 
In some countries, the laws governing electronic documents makes the use of electronic documents by organizations legally valid in their business transactions, both internally and with their clients, but these documents must be signed with a qualified electronic signature. Qualified electronic signatures are advanced electronic signatures that are based on a qualified certificate and which are created by a secure signature-creation device. Currently, public key infrastructure (PKI) technology is the sole technology able to meet the requirements of qualified electronic signatures. Although it is a mature technology that is being implemented more and more, it remains a rather complex technology, especially when it becomes intertwined with legal requirements. Consequently, the combination of technical and legal requirements can make it difficult for both technical and legal experts to implement a legally compliant electronic document system.
 
But meeting the challenging specifications governments require is not enough. Unfortunately, internal auditing does not play a large enough role in ensuring electronic document integrity. As discussed in my recent Journal article, without regular internal auditing, enterprises cannot know that their defenses are sound.
 
Read Haris Hamidovic’s recent Journal article:
Electronic Documents Information Security Compliance,” ISACA Journal, volume 3, 2014.

Comments

There are no comments yet for this post.
Email