Isomer Guide (Legacy sites)
UpdatesOfficial WebsiteGithub Repository
  • Introduction
  • Accounts & Setup
    • Github Account Setup
      • Set up 2FA
    • Site Access
  • Get started
    • Your first edit
    • Create a new page
    • Create a new collection
    • Format your content
      • HTML cheatsheet
      • Markdown cheatsheet
    • Page config
  • Configurations
    • Config.yml file
      • Site color
    • Homepage
      • Basics
      • Hero Banner
      • Infobar
      • Infopic
      • Resources
      • Sample configuration
    • Pages
      • Configuration
      • Second and Third Level Navigation Pages
    • Navigation Bar
      • Configuration
    • Resources
      • Setup
      • Posts
      • Resources with v2 migration
    • Contact Us
      • Configuration
    • Footer
  • Features
    • Analytics and tracking
      • WOGAA
      • Google Analytics
      • Facebook Pixel
      • LinkedIn Insights
    • IsomerSSL
    • Content Recommender
  • Publish your changes
    • Overview
    • Creating a pull request
    • Approve a pull request
    • Merge a pull request
    • Site Launch
      • How to make records changes on ITSM?
  • Frequently Asked Questions (FAQ)
    • General
    • Security
    • Pull requests
    • Digital KPI
    • Migration v1 to v2
  • Updates
Powered by GitBook
On this page
  • How does Isomer handle website defacement?
  • How are sites being monitored?
  • What are the user access types?
  • How are accounts logs managed?

Was this helpful?

  1. Frequently Asked Questions (FAQ)

Security

We understand security is important to you, hence, we've dedicated this section specifically for your security related questions

PreviousGeneralNextPull requests

Last updated 4 years ago

Was this helpful?

How does Isomer handle website defacement?

While Isomer does not offer website defacement monitoring, we do implement a series of checks and layers of security to minimize the possibility of defacement:

In order to successfully publish content on isomer, you have to:

  1. Gain access to the site repository on Github

  2. This means either, through an existing account of a user on isomer or getting unauthorised access to the site repository

    • Getting unauthorised access to the site is close to impossible as granting access to the site requires Isomer team's manual intervention and agency's administrator approval

    • To gain access to a existing Github account of a user on isomer, you have to figure out the password combination (Github enforces that user has implemented passwords that are either eight characters long, if it includes a number and a lowercase letter, or 16 characters long with any combination of characters). On top of that, 2FA has also been enforced on all isomer users.

  • Lastly, after gaining access to the repository, a single user cannot publish content on his/her own, you have to get another officer/user who has access to the site to approve a request.

With the multiple hurdles to overcome in order to publish content on isomer, the chances of site defacement is slim.

If your agency is still interested in implementing defacement services, you're welcomed to do so.

How are sites being monitored?

We monitor all isomer sites on monitoring systems (Pingdom and Uptime Robot). Pings to the sites are sent at regular interval to make sure that your sites are running and is sending responses.

In situations when our monitoring systems detected that your sites are down, the isomer team will immediately receive a phone call to rectify the issue.

At the same time, we will inform you about the issue through email. Alternatively, you may also visit to check the status of your sites.

We're looking into the possibility of implementing RSS feeds so that you can subscribe to this and receive notifications when sites are down.

What are the user access types?

All users on Isomer holds the same access type, editor access.

With editor access, you'll be able to make changes to your site, create a pull request before you launch it, and approve someone else's request.

We do not provide pages specific restricted access but do note that all changes are tracked (even a single full stop you add to or remove from the page). That being said, do make changes to your site responsibly as all these changes are being tracked.

All isomer team members are admin users (with the ability to create new site, add and remove users, and grant permissions to users)

How are accounts logs managed?

We do not monitor account log in behaviour on Isomer. Any abnormal log in will be handled at Github's level.

Accounts on isomer are managed by Github (note: Isomer subscribe to the free tier of Github). On Isomer Organisation, .

If you have any questions regarding how

https://status.isomer.gov.sg/
we enforce all users to have their 2FA set up
Github keeps your account secure here.