Security

From Sunshine Review

Jump to: navigation, search

Implementing a variety of security measures into a government web site is a vital component of maintaining open access to the information being published. While leaving out a variety of unseen measures and tactics, there are still a variety of techniques that can/should be implemented to help keep the conduits clear of clutter and secure in containment that an end-user can see with little technological knowledge.

Contents

[edit] Email Address Assignment

A municipality should not embed the full name of any official or employee into any email address coding scheme for the following reasons:

  • Various harvesting methods are used to crawl the Internet (both welcome and unwelcome) to acquire email addresses for a variety of purposes. Through the email assignment pattern, a bot can quickly match up full names to the email address, thereby creating too great of a direct-connect for a bot.
  • When an employee or official is authorized to distribute and/or publicize their email address, it still offers up a similar invitation to quickly build a database with full names matching the email addresses.

[edit] Email Address Protection From Harvesting

Although data can now be parsed from the various graphics formats, embedding the email address in a .jpg or .gif and posting it without a link is one method to "trick" the bots into not seeing the information while revealing to the viewer what the actual email address is. Although this places keystroke responsibility on the part of the end-user, such a strategy can help reduce automated acquisition of the information. A variety of other methods and tactics continue to be developed and should be monitored and researched by the website designer.

[edit] Financial Transactions

All financial transactions should be conducted using a secure server. You can quickly verify this by looking in the address bar for https:// rather than just http:// and there should be other markings on the page that signal such transactions will be conducted using a secure connection. There should also be a clear privacy policy, other documentation stating how the data will be collected, stored and used and a contact name and/or number if there are problems with the transaction. You should also be able to print a receipt from the transaction.

[edit] HR1633 - The Personal Information Protection Act

Effective January 1, 2006, this law requires any entity that collects personal data to notify those consumers affected by a breach in security without delay, except in circumstances where it would jeopardize a law enforcement investigation. There should be a statement of awareness and acknowledgement of the Act somewhere within the privacy policy or other user agreement displayed on the website.

Retrieved from "http://sunshinereview.org/index.php/Security"