VIVO_Conference_2018_BSI-IT-Security.pdf (648.26 kB)
Information Security Challenges in VIVO - Adapting the BSI IT Security Catalog Standards
Version 2 2018-07-16, 14:31
Version 1 2018-07-16, 14:22
poster
posted on 2018-07-16, 14:31 authored by Qazi Asim Ijaz Ahmad, Martin Barber, Christian HauschkeChristian HauschkeAccording to the Global Application and Network Security Report
2007-2018 [1] cyber attacks spiked by 40 percent in the year 2017 and
half of the surveyed companies reported financially motivated cyber
attacks on them. Concerning information security, BSI - the German
federal institute for information security developed an advisory catalog
[2]
for IT security in Germany. The catalog highlights the necessary
policies and strategies for IT infrastructures to adopt in order to meet
the requirements of modern day world information security and
standardization. A study of the catalog revealed that VIVO lacks
implementation of some of the key security features like a) browser
session expiration b) secure and salted password hashing and c)
exclusive labeling of external URLs and adding tooltips to forms,
fields, and buttons. Furthermore, there are some suggestions that
institutions who use VIVO or plan to use it, should take into
consideration. This poster/presentation focuses on the security-related
technical challenges and their possible solutions the TIB Hannover needs
to implement in VIVO to meet the standards of the BSI IT security
catalog.