While Isomer does not offer website defacement monitoring, we do implement a series of checks and layers of security to minimize the possibility of defacement:
In order to successfully publish content on isomer, you have to:
Gain access to the site repository on Github
This means either, through an existing account of a user on isomer or getting unauthorised access to the site repository
Getting unauthorised access to the site is close to impossible as granting access to the site requires Isomer team's manual intervention and agency's administrator approval
To gain access to a existing Github account of a user on isomer, you have to figure out the password combination (Github enforces that user has implemented passwords that are either eight characters long, if it includes a number and a lowercase letter, or 16 characters long with any combination of characters). On top of that, 2FA has also been enforced on all isomer users.
Lastly, after gaining access to the repository, a single user cannot publish content on his/her own, you have to get another officer/user who has access to the site to approve a request.
With the multiple hurdles to overcome in order to publish content on isomer, the chances of site defacement is slim.
However, if you agency is still interested in implementing defacement services, you're welcomed to do so.
We monitor all isomer sites on monitoring systems (Pingdom and Uptime Robot). Pings to the sites are sent at regular interval to make sure that your sites are running and is sending responses.
In situations when our monitoring systems detected that your sites are down, the isomer team will immediately receive a phone call to rectify the issue.
At the same time, we will inform you about the issue through email. Alternatively, you may also visit https://status.isomer.gov.sg/ to check the status of your sites.
We're looking into the possibility of implementing RSS feeds so that you can subscribe to this and receive notifications when sites are down.