Introduction to VIVA#
VIVA stands for aVailability, Integrity, confidentiality (Vertraulichkeit), Authenticity and is available as an add-on.
VIVA supports, as an essential part of an Information Security Management System (ISMS), the documentation of all IT security-related processes. This documentation serves as the foundation for achieving the objectives set out in standards such as ISO 27001 or IT-Grundschutz. With the help of VIVA, all data required for the IT-Grundschutz methodology and a risk analysis is recorded. Through the structured, partly automated preparation of data, continuous quality analysis, and extensive report generation, VIVA accompanies the process from the very beginning.
VIVA integrates seamlessly into i-doit. The focus is on the meaningful reuse of data that is maintained in only one place and always placed in the context of IT security. Much of this data can come from discovery/inventory tools and LDAP/AD, which minimizes manual maintenance effort. Likewise, the use of the data for other areas such as monitoring, help desk, change management or reporting is supported. Automation and wizards facilitate additional work steps. VIVA is rounded off by extensive customization options and the ability to manage multiple IT-Grundschutz catalogs, information domains, and audits.
The following chapters provide a detailed insight into the functionality of VIVA.
IT-Grundschutz#
A detailed introduction to the topic of IT-Grundschutz is available on the website of the German Federal Office for Information Security (BSI). There you will find all information about BSI standards 100-x, the IT-Grundschutz catalogs, and certifications according to ISO 27001 based on IT-Grundschutz.
VIVA covers all topics from the two BSI standards 100-2 "IT-Grundschutz Methodology" and 100-3 "Risk Analysis Based on IT-Grundschutz". Which IT-Grundschutz catalogs are supported is described in the article Importing catalogs.
Who this document is aimed at#
The content of this document is aimed at those persons who are responsible for or oversee IT security in an organization. In our Knowledge Base, this role is consistently referred to as Security Manager. Familiarity with i-doit is assumed.
Structure of this documentation#
To make it easier to navigate VIVA, this section describes the structure of the following chapters. It also explains which chapters are referenced in which BSI standard.
| BSI standard | Chapter |
|---|---|
| 100-2, chapter 4.1 Definition of the scope | Modeling information domains |
| 100-2, chapter 4.2 Structural analysis | Creating target groups, Assigning target objects |
| 100-2, chapter 4.3 Protection needs assessment | Defining protection needs categories, Determining protection needs |
| 100-2, chapter 4.4 Selection and adaptation of measures | Assigning modules, Implementing measures |
| 100-2, chapter 4.5 Baseline security check | Implementing measures |
| 100-2, chapter 4.6 Supplementary security analysis | Performing supplementary security analysis |
| 100-2, chapter 5.3 Cost and effort estimation | Implementing measures |
| 100-3, chapter 3 Creating the threat overview | Evaluating threats |
| 100-3, chapter 4 Identifying additional threats | Evaluating threats |
| 100-3, chapter 5 Threat assessment | Evaluating threats |