Digitalisation of businesses in all industries, scales and areas puts a spotlight on the challenges of IT-security. Given the daily rate of attacks, manipulations and hacks from a broad variety of sources, the survival of a business relies largely on the reliability and availability of its data – safe and independent of the persons currently responsible.

The data is combined to information and information to content reflecting the knowledge of technology, business environment and other inside know how with different levels of importance, levels of confidentiality ad rates of change.

Therefore, the products of C.O.S address the risks of the digital age with a proactive security architecture, adequate control mechanisms of the IT-organisation (COBIT, ITIL, …) to detect attacks or manipulations fast or avoid their occurrence completely.

C.O.S follows the literature and implements recommended measures in the software development process and guidelines. Regular conferences keeps the team up to date with the latest challenges and attack patterns.

Multi-factor authentication procedures, password policies tuned to the necessary security level and encrypted storage of the data protects the system and data against unauthorised usage.

Logical access controls are embedded on the database layer and therefore far away from the font end or webserver. Potential hackers need access to the database server itself and therefore have to conquer various more firewalls and other security controls before arriving at the desired content.

Personal data is stored in the application on a need to know basis. The data processing is subject to the EU-privacy directive.

Our application modules do not require sensitive individual data (health, biometry, genes, …) in case of standard usage. Please consult your data protection officer to find out more details.

However, C.O.S offers a tool to support the erasure process of personal data by a deletion or anonymising routine, once a EU-citizen requests that. Please refer to our support department.

The communication –between frontend (Browser-Client) and Webserver as well as webserver and database are encrypted. Only sniffing combined with a huge brute-force attack effort mayhave a very expensive and slight chance of decrypting the communication channel. Very few institutions have the necessary resources and utilities on this planet.

One central database stores all information. All data exists only once with no redundancies – except backup media of course. This approach minimises the contact surface and hence the risk.

Database accounts are divided into roles with privileges for daily usage and maintenance. As the application modules require the credentials during the daily operation it stored encrypted in a place inaccessible for end users. The credentials of the maintenance account are kept on neither the database nor any other system component. Therefore, only a social engineering or malicious behaviour typically with a breach of the segregation of duties can harm the integrity of the system.

The protection measures cost effort and pose more workload on users and IT, they should reflect the confidentiality level of the content. Therefore, the content must be classified into various subsets of the same protection level. A smooth and efficient operation requires a fruitful and vital information flow. Hence, security measures should not slow or block the flow inadequately.

The respective security class can be configured by:

• Setting the default to no access to anybody unless named,
• Decrypted storage,
• Confidentiality label (watermark, warning, “ hint, …)
• Additional authentication on content access,
• Multi Factor or TAN-procedure.

The keys can be saved on a separate server e.g. a dedicated and accordingly protected certification server. Attacks on the browser are therefore useless.

The segregation of duties principle is the rosetta stone of any organisation’s control system facing security risks. Conflicts among roles are avoided systematically by defining them in the application on content or system level: the system will then take care of this and restrict such violations. The four-or six-eyes principle will always be followed.

Beyond this preventative, there are also detective controls. Protocols, history and timelines log the changes and provide an audit trail.

Omissions or overdue transactions are reported and escalated to the responsible supervisor, process owner or team leader autoamtically after passing a tolerance threshold.

Modules for:

• Management system and Corporate Governance – co_documents
• Project management – co_issues
• Audit management – co_audits
• Reporting – co_reporting

are themselves integral parts of the internal control system of the organisation as a whole.

The business logic is encapsulated in a specific application pool, that has restricted access. Transports of patches, updates, packages, fixes etc. are performed password protected, if you prefer. Manipulations during delivery can be avoided using a safe channel.

Our quality management performs security assessments sduring the code reviews. Deficiencies are tracked until the best solution is implemented.

Third party software embedded in the products of C.O.S is scanned and analysed for their deficiencies as well. Either a workaround or an alternative component or a self-developed part will then cure the problem. Additionally C.O.S follows the latest discussion in the developer and user community to stay up to date with the current risk situation.

The user can select the data, where all changes should be recorded. C.O.S provides recommendation for a minimum assurance level. However, a potential attacker could manipulate the logs as well to hide and camouflage his manipulations afterwards.

Therefore, C.O.S has developed an algorithm capable to detect such manipulations the log-tables. The system administrator is automatically notified if such fraudulent activities occur indicating criminal energy.

Die verarbeiteten Inhalte können mit den auf dem Markt gängigen Methoden (Public-Private Key-Infrastruktur) signiert, qualifiziert signiert oder gar gesiegelt werden. Die weitere Verwendung in der Datenbank und die Verteilung der öffentlichen Schlüssel an die weiteren Adressaten der Inhalte übernimmt die Anwendung. Der private Schlüssel verbleibt beim jeweiligen Autoren.

Hierdurch wird die eindeutige Herkunft und Unverfälschbarkeit der Inhalte abgesichert, ohne dass die Zugänglichkeit in der Organisation darunter leidet.

Wenn als Quelle nicht der Autor, sondern die gesamte Organisation dienen und die Authentizität sichergestellt werden soll, so können unsere Anwendungsmodule zentral digital signieren. Mit einem eigenen Zertifikat werden auf dem Server alle Dokumente der Organisation verschlüsselt abgelegt und verteilt. Die Verteilung der öffentlichen Schlüssel an die Nutzer der Inhalte wird dann vom System übernommen. Der private Schlüssel wird unzugänglich auf dem Zertifikatsspeicher des Servers selber oder auf einem externen Zertifikatsserver aufbewahrt.