geolba/tethys.backend
2
1
Fork 1
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

„C16 Security“ ändern

Brus 2023-05-10 13:17:07 +00:00
parent a3eb7c7dc0
commit ad62958788
1 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
C16-Security.md

@ -1,9 +1,7 @@
## Technical Infrastructure
##
C16.1 the levels of security required for differnt data and metadata and environments, and how these are supportet
#### C16.1 The levels of security required for differnt data and metadata and environments, and how these are supportet
For supporting the levels of the required security for data, metadata and environments we have implemented a multi-layered approach to security, which includes physical, technical and administrative controls. Physical controls involve securing access points, restricting visitor access, and monitoring who enters the premises. Strong encryption, a firewall and an antivirus software are used for technical control to secure networks. Administrative controls involve developing security policies and procedures, training employees, and conducting regular security audits.
C16.2. The IT security system, employees with roles related to security and any risk analysis approach in use.
#### C16.2. The IT security system, employees with roles related to security and any risk analysis approach in use.
The IT security system has several different types of employees and roles which are involved to manage the IT security system and perform the risk analyses. This means that there are different roles involved in the IT of Geosphere Austria.
The Information Security Analyst is responsible for identifying and managing security risks, as well as developing and implementing security policies and procedures.
@ -11,15 +9,15 @@ The Network Security Engineer is an expert in designing and implementing securit
The Security Architect is responsible for designing and implementing security systems, as well as ensuring that all security policies and procedures are being followed.
The Administration Team is there to analyze and monitor security data to identify treads and vulnerabilities, and respond to security incidents as needed. They help the organization to develop security strategies and plans. They are also responsible for overseeing all aspects of an organization's security program, including risk management, compliance, and incident response.
C16.3 Measures in place to protect the facility. How the premises where digital objects are held area secured.
#### C16.3 Measures in place to protect the facility. How the premises where digital objects are held area secured.
To premise where digital objects are held there is a multi-layered security system implemented that includes physical, electronic, and procedural controls.
The Physical security measures include surveillance cameras, access control systems, and perimeter security to prevent unauthorized entry.
The Electronic security measures include the firewall, intrusion detection system, and encryption to protect digital data from cyber threats.
The Procedural controls include security policies and procedures, employee training, and background checks to ensure that everyone who has access to the digital objects follows the appropriate security protocols.
C16.4 Any security-specific standards the repository references or compiles with.
#### C16.4 Any security-specific standards the repository references or compiles with.
We have one of the most well-known standards at the moment: ISO/IEC 27001. This is a standard that provides a framework for establishing, implementing, maintaining, and continually improving information security management systems.
C16.5 Any authentification and authorization protectures employed to securely manage access to system use.
#### C16.5 Any authentification and authorization protectures employed to securely manage access to system use.
For authentification and authorization protectures employed to securely manage access to Tethys, we are using LDAP, SAML, and Keycloak to ensure access to system usage. LDAP is used for user authentication and authorization, while SAML provides a secure way to exchange authentication and authorization data between different systems. Keycloak as an identity and access management solution is integrated with both LDAP and SAML, allowing for easy management of user identities and credentials. Overall, this combination of technologies provides a secure and reliable way to authenticate users and ensure that only authorized individuals have access to Tethys.