ENTERPRISE DOCUMENT SECURITY PLATFORM BASED ON PUBLIC KEY INFRASTRUCTURE
Paper-based document management in enterprises is increasingly being abandoned with the increasing use of electronic documents. Document management in enterprises is done with an Enterprise Document Management System (EDMS). EDMS performs document storage, document version control, document acce...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/66642 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Paper-based document management in enterprises is increasingly being
abandoned with the increasing use of electronic documents. Document
management in enterprises is done with an Enterprise Document Management
System (EDMS). EDMS performs document storage, document version control,
document access control, and document auditing. EDMS has generally provided
good information security guarantees for documents, but once a document leaves
the enterprise environment, it is exposed to other threats such as document
forgery.
Digital signatures can be used to guarantee the validity of the document and link
the identity of the signer to the document. Unfortunately, EDMS demonstrations
generally only utilize electronic signatures, making it possible to impersonate
signatures by pasting photos. This does not mean that there is no EDMS that
utilizes digital signature, but the use of EDMS with digital signature is starting to
be seen in large enterprises and less visible in SMEs (Small and medium-sized
enterprises).
In this final project, an implementation of digital signature utilization with EDMS
for an enterprise is done. Platform implementation is done with EJBCA,
SignServer, and Microsoft 365 services (Teams, SharePoint, and Power
Automate). After implementation and testing, it was found that the platform
performed better than EDMS without digital signature in mitigating enterprise
threats. Testing showed that the platform met all functional and security
requirements except for availability risks countermeasures. Implementation of
countermeasures related to availability is not done in this final project. |
|---|