S 4.30 Utilisation of the security functions offered in application programs
Initiation responsibility: IT Security Officer, Head of IT
Implementation responsibility: User
Some standard products in the field of PCs offer a host of useful security functions, the quality of which may differ in detail, but which impair unauthorised users and/or reduce possible damage. In the following, five of these functions are explained briefly:
- Password protection during program retrieval: the program may only be started if a password has been entered correctly beforehand. This prevents the unauthorised use of the program.
- Access protection to individual files: the program may only access a protected file if the password related to this file is entered properly. This prevents unauthorised access to certain files using the program.
- Automatic storage of intermediate results: the program automatically stores intermediate results so that a power failure will only affect those changes to the data performed after this automatic storage process.
- Automatic backup of the predecessor file: if a file having an eponymous file in the specified path is stored, the second file is not deleted, but assigned another name. This way, it is prevented that an eponymous file is deleted accidentally.
- File encryption: the program is able to store a file in an encrypted form so that any unauthorised reading or viewing can be prevented. This way, the file contents may only be accessed by those disposing of the used secret encryption key.
- Automatic display of macros in files: this function is intended to prevent the accidental execution of macros (macro viruses).
Depending on the software used and the existing additional security functions, the use of this function may make sense. For IT systems used at different locations, using the password protection during program retrieval and automatic storage is particularly useful.
- Is the security-relevant information in manuals or certification reports taken into account?
Review questions:
- Are the existing security functions in application programs used?
- Are the users familiar with the existing security functions in the application programs?