S 4.235 Comparison of stored data on laptops

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User, Administrator

If a laptop is used on the road, it is important to have available all required data and applications in the latest version. Likewise, data processed on the road should be stored promptly to IT systems within the IT system of the government agency and/or company so that inconsistent databases can be prevented. The easiest way to achieve this is to regularly synchronise the database of laptops, for example using tools for synchronising files and directories between laptops and workstation computers or servers.

For this, it should be considered which information is stored to which locations, i.e. on which servers and in which directories. Within the framework of an initial inspection, the large number of different locations containing information relevant for a workstation in the IT system usually becomes obvious.

In order that synchronisation procedures do not take too long, tools should be selected

• that can be used to automatically synchronise and update files and directories according to previously defined criteria,
• that are capable of excluding entire directories or even individual files from a copying procedure by means of filter options,
• that are able to eliminate synchronisation conflicts. Synchronisation conflicts may occur if a file was changed in different directories since the most recent synchronisation.

Synchronisation tools should furthermore be as user-friendly as possible and still guarantee good protection against accidental operation. Synchronisation procedures must be access controlled; for laptops, this may be performed using the existing access control procedures.

In order to prevent manipulations during synchronisation, the users should inspect the relevant directories at regular intervals as to whether these contain files they do not know. The synchronisation software should be configured in such a way that a user query is performed before installing programs. The synchronisation procedure should not be unattended, since even the information of which files are transferred in each case may contain decisive indications. Synchronisation should be logged. The synchronisation logs should then at least be skimmed at regular intervals in order to determine whether unauthorised synchronisations have been performed.

Review questions:

• Is there a controlled approach regarding the transfer of data from mobile IT systems to the information system of the organisation?
• If a synchronisation tool is used: Is it possible to eliminate conflicts?
• If a synchronisation tool is used: Is synchronisation logged?
• If a synchronisation tool is used: Have the users been instructed to check the synchronisation logs?