A Secure E-mail and Document Sharing System: A Case of Kenya College of Accountancy

Abstract

These days, banks and financial institutions are not the only ones involved in high stakes data transmission (whether large transactions or large numbers of smaller transactions). Corporations using a complex messaging and transaction processing system have a similar interest in protecting their data transmissions. Security at the message level is significant in environments where the data travels through many different networks, computer applications, Internet providers, storage media, etc. Securing data at the message level results in true end-to-end security: a digital signature, generated at the beginning of a complex chain of processing environments, that is still available for verification purposes at the very end of it. The data has also been protected all along the way. This is especially beneficial whenever multiple parties must participate in the execution of electronic transactions. In web-base e-comrnerce solutions, where specialization and outsourcing is the norm, end-to-end security is probably the only solution that will ever be cost-effective in the long run. Public Key Infrastructure (PKI) provides an authentication framework, i.e. a way of authenticating parties to establish a trust relationship. It also includes managing public keys and registrations using digitally signed certificates. Digital signature certificates are becoming increasingly important technical mechanism for trust management on the Internet. This project aimed at conducting a feasibility study with the objectives of comparing the various technologies that are used to secure information and e-mails that are on transit in the open and public network, using Kenya College of Accountancy as a case study area. Based on the results of the feasibility study, an assessment of the security status of the current e-mail system and documents including the existence of policies regarding information and data security was carried out, identification and evaluation of the security needs of the institution as far as e-mail and document sharing was performed and recommendations made of the best technology to be used based on the feasibility study.