Posted on 2013-06-07
Can anyone explain the concept of digital signatures to me? Are they solely related to email communications or can other software make use of them (if so where else are they used)? We have an internal procedure for emailing our payroll department with claims forms (i.e. mileage claims from staff, requests for reimbursements etc). Our payroll department has suggested using digital certificates for submitting such claim forms. It is not something I have dealt with before. From a security perspective if they are looking to implement such as process, what would you want assurances from on its configuration to ensure the process is tamper (fraudulent amendment) free? What benefits do digital certificates bring in this area, i.e. why is it likely hey are configuring such an approach? What would auditors likely be wanting assurances on from the configuration of a digital signature system? If you could provide a bit of a management freindly low tech checklist of assurances we should be getting from the use of digital signatures that would be most helpful. Please keep answers relatively low tech management freindly.
What can go wrong with digital signatures?
What would a poorly designed system using digital signatures look like?
Are they pretty fool proof?
What are some best practices for the use of digital signatures?