Security Review : MidWest GiveCamp Experience

I been hesitant in posting after GiveCamp because well I don’t know but I finally got the nerve to start posting all my drafts to public little by little here is a post a created the beginning of last year:

I’ve had some people in real lifetell me that they enjoyed my first post about my experience at MidWest GiveCamp, but what does it have to do with Information Security? Simply put, a lot! The objective for Dreams for Kids was to become self sufficient and to deliver new website that could help increase productivity while getting to focus more on content and the kids than the website.

From an Architecture perspective we provided Dreams for Kids a single system. In the past they had one person to update and maintain two separate websites. The problem is what if that sole person leaves Dream for Kids? Who would update and maintain the system? One fundamental tenant of security is Availability. In our implementation we were able to allow multiple users to have access to write, update and maintain content. As well, it added Integrity because you know who is providing the content. By incorporating roles we can have multiple administrators if we would want ,in order, to maintain the system. No longer do we have a problem of counting on one person to keep this system up and running. We also can have specific roles that only let certain people modify,update, delete content or pages. The whole website is built on the concept of “Secure Innovation, By Design” that I mention in this site.

In general, By Design is a lot like K.I.S.S. (Keep It Simple Stupid). Instead of having two systems we migrated them to use one system. The focus was to keep promote the mission of Dreams for Kids, by getting rid of the complexity they already had going. The system was innovative to them because they had a hard time navigating Drupal. WordPress tends to be much more simple. As, well much more secure HP Security Report stated that WordPress is more secure than all the rest of the CMSs on the web mostly due to its automatic patching.

Overall, we delivered the new secure system that allowed them to meet their objective of increasing productivity while getting to focus more on content and the kids than the website. Security is a lot about educating the users so it was not like we just presented them a new system and left them high and dry we also took time to train people in how to use the system. In the end training the end user in use and some simple security principles like not shared each others passwords ,as they were doing previously, help them become more secure.


Comments are closed.