Security

We understand security is important to you, hence, we've dedicated this section specifically for your security related questions

How does Isomer handle website defacement?

While Isomer does not offer website defacement monitoring, we do implement a series of checks and layers of security to minimize the possibility of defacement:

In order to successfully publish content on isomer, you have to:

  1. Gain access to the site repository on Github

  2. This means either, through an existing account of a user on isomer or getting unauthorised access to the site repository

    • Getting unauthorised access to the site is close to impossible as granting access to the site requires Isomer team's manual intervention and agency's administrator approval

    • To gain access to a existing Github account of a user on isomer, you have to figure out the password combination (Github enforces that user has implemented passwords that are either eight characters long, if it includes a number and a lowercase letter, or 16 characters long with any combination of characters). On top of that, 2FA has also been enforced on all isomer users.

  • Lastly, after gaining access to the repository, a single user cannot publish content on his/her own, you have to get another officer/user who has access to the site to approve a request.

With the multiple hurdles to overcome in order to publish content on isomer, the chances of site defacement is slim.

If your agency is still interested in implementing defacement services, you're welcomed to do so.

How are sites being monitored?

We monitor all isomer sites on monitoring systems (Pingdom and Uptime Robot). Pings to the sites are sent at regular interval to make sure that your sites are running and is sending responses.

In situations when our monitoring systems detected that your sites are down, the isomer team will immediately receive a phone call to rectify the issue.

At the same time, we will inform you about the issue through email. Alternatively, you may also visit https://status.isomer.gov.sg/ to check the status of your sites.

We're looking into the possibility of implementing RSS feeds so that you can subscribe to this and receive notifications when sites are down.

What are the user access types?

All users on Isomer holds the same access type, editor access.

With editor access, you'll be able to make changes to your site, create a pull request before you launch it, and approve someone else's request.

We do not provide pages specific restricted access but do note that all changes are tracked (even a single full stop you add to or remove from the page). That being said, do make changes to your site responsibly as all these changes are being tracked.

All isomer team members are admin users (with the ability to create new site, add and remove users, and grant permissions to users)

How are accounts logs managed?

Accounts on isomer are managed by Github (note: Isomer subscribe to the free tier of Github). On Isomer Organisation, we enforce all users to have their 2FA set up.

We do not monitor account log in behaviour on Isomer. Any abnormal log in will be handled at Github's level.

If you have any questions regarding how Github keeps your account secure here.

Last updated