Cybersecurity and digitalization is the domain of our company Brain:IT. Many companies are not sufficiently prepared on the topic of cybersecurity and its application in practice, many companies are not even aware that they should have some cybersecurity worked out. However, this is not the case for our firm. Our company is fully aware of the importance of technical security, taking certain measures for sensitive data, targeting digitalisation, but also the absolute security of client data. The Ministry of Investment, Regional Development and Informatization of the Slovak Republic has become our client in the topic of cybersecurity. Our main task was to create a cyber security information system for our client as an offline platform for data collection.
Our customer in the development of this application was the Ministry of Investment, Regional Development and Informatization of the Slovak Republic. It is the central government body for:
- Management, coordination and supervision of the use of European Union funds,
- informatisation of society,
- regional development.
In the field of informatisation of society, they provide central management of the informatisation of society and the development of the Digital Single Market policy on decision-making on the use of financial resources in public administration for information technology, the central architecture of the integrated information system of public administration, and coordination of the implementation of tasks in the field of informatisation of society.
Our challenge and objectives
- Creation of an offline internal client module and a public one (central portal) – accessible from the internet,
- setting the privacy of the application -client module is private,
- recording of all collected data in one place,
- creation of a system with ongoing implementation,
- establishment of centralized cybersecurity management.
We have created a central VISKB portal for our client, which is used for
- upload data from a separate client module,
- enter and edit the collected data through a web interface for organizations that do not have a standalone client module deployed,
- completing questionnaires,
- providing documents for the organisation.
The created portal consists of a relational database for storing encrypted data, a web interface for uploading and editing data about the organisation and a web interface for filling in questionnaires. The web interfaces are accessible from the Internet via the HTTPS protocol. Access to the module, which is two-layered, is via a login screen and is secured by the IAM module. The internal portal records all OVM data collected in one place. The application is encrypted in a CROSS – MODULE manner at the level of the uploaded data. The portal is divided into several parts.
Application login process
Logging into the created system is done using the login screen. The user logs into the central portal using his unique username, or e-mail address and password assigned to him. After entering the login name and password and pressing the ‘Log in’ button, the user is logged into the system and is presented with the main CP screen based on the assigned role and the organisation module being used.
We created an application consisting of modules, visible to different layers. The internal application contains a record of all OMV data collected in one place. According to the client’s requirements, the application had to fulfill the information for recording the data delivered to the customer. The portal collects the data. In the first section the user gets access to his own organization, where editing is only allowed for the organization module used. The organization module is an attribute that determines where the organization will record the collected data.
In the data collection section, the user gets access to one of the following entities in which changes could have been made. The user’s permissions determine whether the collection data section is displayed. As long as the section can be displayed, all entities can be edited at will. However, if the collection data is already displayed, the user only sees his organization’s data.
A specific category is the questionnaires category, which is used to send questionnaires to contact persons of organizations. Multiple contact persons can pre-populate the questionnaire for an organization. If the questionnaire has already been completed, the data for the organisation will be displayed to anyone with access. They are editable until the questionnaire is sent. Once processed by the contact person, the response will be displayed in the menu.