S 4.42 Implementation of security functions in the IT application

Initiation responsibility: Head of IT, Data Protection Officer, Persons responsible for individual applications, IT Security Officer

Implementation responsibility: Application Developer

There may be several reasons why it might be necessary to implement security functions such as access control, administration and checking of access rights or logging within the application programs themselves:

• If the logging facilities of the IT system, including the additional IT security products used, are not sufficient to guarantee adequate verification security, then these logging elements must be implemented in the application program. (Example: BDSG, Appendix to § 9, Input control "to ensure that it is subsequently possible to check and determine which personal data was entered into data processing systems at what time and by whom".)
• If the granularity of the IT system's access rights inclusive of additional security products used is not sufficient to guarantee proper operation, then administration and control of access rights must be implemented in the application program. (Example: a data base with a joint database. It should be assumed that access is only permissible to certain fields depending on the user's role.)
• If it is not possible with the IT system, including the additional IT security products used, to prevent the administrator from gaining access to certain data or at least to log this access and control it, then this must be implemented where necessary by additional security functions in the application program. For example, by encrypting the data it is possible to prevent the administrator from reading this data in plain text if he/she does not possess the appropriate key.

These additional requirements on IT applications must be taken into account at the time of planning and development, as subsequent implementation is usually no longer possible for reasons of cost.

Review questions:

• Insufficient logging for verification security: Are additional logging elements implemented in the application program?
• Insufficient granularity of the access rights: Is an additional administration and control of access rights implemented in the application program?
• Insufficient restriction of administrators' access rights: Are additional security functions implemented in the application program?