WardInfo – Security
Considerations
The information that is managed by the WardInfo program contains sensitive information that needs to be handled with security in mind. The WardInfo distribution package contains two major ways to help this to happen.
Six Levels of Information
WardInfo produces six versions of information, each appropriate for a stewardship type in the ward or branch. For more information on the versions, see here. By distributing to each leader the appropriate version of WardInfo files, sensitive information may be protected from inappropriate access.
Protection for Distributions
Once the information is ready to be distributed to ward or branch leaders, it can be given to them generally in two ways:
1) Physical distribution – hand them a floppy disk or CD that has the distribution files on them.
2) Electronic distribution – use email or network connections to send them the files.
Physical distribution has the advantage of being very secure – the distribution is always in an appropriate person’s hands. However, it is usually somewhat inconvenient to actually deliver each floppy or CD personally to the leaders.
Electronic distribution is very convenient, but the sensitive member information data leaves the ‘hands’ (possession) of appropriate people and enters the insecure world of the internet. To protect this data, the WardInfo distribution allows the distribution to be encrypted so that a password is required for the information to be received. This is done by using the ‘BuildAll.Bat’ file, and supplying a password as suggested by the syntax:
C:\WardInfo> BuildAll.Bat mypassword “My Ward”
The password string (in the above case ‘mypassword’) is required by the recipient in order to unpack and decrypt the information for use. Each leader that receives an encrypted distribution will need to be given the password in order to access the information.
A Word About ‘Security’
It is fairly well established in the computer community that being ‘secure’ is a relative thing. Any person with enough money or determination can break even the best security measures. The security measures discussed here for WardInfo should not be construed as unbreakable or totally secure. More strict security measures can be implemented and are recommended, but usually are (much) more expensive and inconvenient.