Institutional Repository information for grant applications:
The Mississippi State University Libraries provides support to faculty, staff, students, and researchers by offering access to our institutional repository (IR), Scholars Junction, to deposit material related to Mississippi State University research activities. The IR provides unlimited capacity to preserve and provide access to scholarly content, including articles, presentations, data sets, theses, dissertations, and more. The system hosts many different file formats to accommodate the need of researchers to deposit all necessary files associated with their research. Scholars Junction provides open access to hosted content and enhances accessibility to grant funded research materials. Security and privacy for the IR is provided by the vendor for our hosted platform, Digital Commons, and is outlined below. Those seeking to deposit content in the IR must be affiliated with the University and must create an account using their university email address.
Key points of the system:
- Production servers are hosted through Amazon Web Services and maintained in a high availability, redundant configuration across multiple Availability Zones. For increased stability, all servers feature monitoring to automatically detect failures, notify support organizations, and rebuild themselves.
- All hosts, databases, and computing resources are contained within an Amazon VPC (Virtual Private Cloud), separating and securing hosts with sensitive data from public-facing resources.
- Databases have real-time redundancy that runs continuously, and full nightly backups of our entire database are performed.
- The storage for the production files (including all uploaded files) uses AWS’s S3 service which features 99.999999999% durability and 99.99% availability.
- The S3 configuration gives the capability to control access to files with fine granularity, ensuring the integrity of information that is intended for specific users or time frames.
- The personal information we collect for a user account is less than the information available on a typical faculty web page or business card. Here are the fields we collect in addition to a password, and only two are required (*):
- Email address*
- User accounts feature strong password requirements and require verification of a user’s current password when making changes.
- Digital Commons offers options to notify users and obtain their consent: at the point that they create accounts and at the point that they submit their scholarly content to be published on Digital Commons.
- We provide granular user account management capability to enforce user security levels within the system.
- The only method of alteration of any published document in our system is via our administrator interface. All activities and versions are tracked so changes are apparent and recoverable.
- We monitor and install necessary patches to software as they are available and firewall all internal resources.
- We monitor against attacks and suspicious behavior such as automated crawling or other targeted threats to the service and take appropriate action.
- Our security also includes protection against SQL injection, buffer overflow, XSS, CSRF, and other attack vectors.
- Our operations team monitors the CERT advisory and updates the system based on new vulnerabilities.
- We monitor and update web server configurations based upon industry and browser standards. As an example, all sites are tested in SSL Labs site certificate and configuration tests. Ongoing security updates are addressed to maintain an A or A+ score.
- We safeguard user information by encrypting data transmissions through 2048 bit SSL and by integrating with LDAP and CAS subscriber authentication systems when possible.
- We implement reCAPTCHA on account creation and login forms to defend against brute-force attacks and fraudulent accounts. We also make reCAPTCHA available for submission forms to reduce spam.
For additional information, please contact MSU Libraries’ Scholarly Communication Services at email@example.com.