Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Estate Technical Audit

Published byBetty Shelton Modified over 6 years ago

Similar presentations

Presentation on theme: "Web Estate Technical Audit"— Presentation transcript:

1 Web Estate Technical Audit
Project Kick-Off 13 July 2017

2 Agenda Introductions Project overview & roles Internal web estate audit Introduction to Secarma Approach & plan Meeting, reporting & collaborating AOB

3 OVERVIEW A devolved approach in managing the University web estate has resulted in an uncharted growth of websites and associated web applications. Non-captive ISG services for developing websites and a ‘dispersed core’ of devolved services The suppliers, technology base or current state of these solutions is not recorded centrally A recommendation was made by Internal Audit in September 2015 that there should be a record of locally managed websites to: - to mitigate risk to the University - ensure that there is a mechanism to detect any new websites

4 OBJECTIVES & DELIVERABLES
Gain an understanding of the University’s web estate in relation to size, solution quality and ownership Gain an understanding of the risks associated with the web estate and actions that should be taken to mitigate the risks Deliverables A website register listing University websites and associated technical information A report summarising and analysing the findings of the audit

5 RISKS Specific areas of risk identified include:
• Information security • Privacy legislation compliance • Business continuity • Cost inefficiencies • User experience • Content quality • Impediments to strategic objectives

6 REWARDS Benefits which can be realised by conducting the audit include: Mitigate the risks Understand the scale of the web estate Build a picture of solution quality across the web estate – in terms of technology, design and user experience Enable colleagues to understand what they are managing … and how they can better manage it Help prioritise the standards and tools which should be developed Inform the long-term strategy and governance of the web estate

7 PROJECT APPROACH Two-phased approach to tackle the need for a basic register and deeper technical overview: Phase 1 Internal activity to form an interim register of website – initial close date of 6 July but returns still coming Phase 2 Technical audit of the web estate conducted by an external supplier to be completed by September 2017

8 ROLES Name Title Role Melissa Highton Director LTW Project Sponsor
Colan Mehaffey Head of Web Strategy & Technologies Project Manager Stratos Filalithis Head of Website & Communications Senior User Paul Ritchie Senior Penetration Tester, Secarma Limited Senior Supplier Bruce Darby Project Manager, University of Edinburgh Project Assurance Clare Cavanagh Account Manager, Secarma Limited Project Team Member Victoria Dishon Academic Liaison Officer, CSE Paul Clark Head of College IT, CMVM Sarah Morrison Senior Internal Auditor Alain Forrester Service Manager Patrick Chen Web CMS Research & Enhancement Intern

9 INTERNAL AUDIT Extracted information from a number of sources:
ISG Hosting Service - Linux and Windows web servers Domain names and IP addresses from the firewall and load balancers EASE-protected web services Survey issued to Schools, Colleges and relevant Support Groups (four-week period to 6 July)

10 HEADLINE NUMBERS Technical extract 792 websites from Linux servers
191 from Windows servers 2814 unknown domains from other technical sources (to be investigated – majority are not websites) Survey Participation 3 Colleges, 3 Support Departments and13 Schools 52 returns 651 websites Total 1,634 websites (not validated)

11 OWNERSHIP OF WEBSITES

12 ISSUES TO RESOLVE There are a variety of issues with returns which will need to be addressed in Phase 2 to achieve a clean register with meaningful information. These include: Duplication of URLs across returns Legacy URLs which are no longer active URLs which redirect to the University Website or elsewhere URLs pointing to a test or development environment

13 INTERIM FINDINGS Lack of well-managed registers or basic controls for managing websites The University is particularly vulnerable in terms of data collection and management controls, with limited corporate knowledge in this area Wide variety of technologies in use - even a sample has revealed outdated websites Strong probability that there will be associated security vulnerabilities Large disparity in design styles and the application of the brand varies User journeys between websites are uneven and incongruous Cannot estimate the size of the web estate at this point or the ‘known unknowns’

14 MEETING, REPORTING & COLLABORATING
Project meetings monthly (August & September while live, project retrospective in October) Projects website will be used for internal tracking and management of relevant files Lightweight weekly report with RAG to all (beginning 21 July) Secure FTP for file transfers between University and Secarma Exception & urgent issue reporting to Sponsor in first case, then Project Team Develop an ‘Immediate Action’ file PM will communicate urgent actions to relevant stakeholders Develop Action Plan for post-audit as the project progresses

15 Questions Observations Challenges Case study placeholder

Download ppt "Web Estate Technical Audit"

Similar presentations

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.

VALUE OF INTERNAL AUDITING: ASSURANCE, INSIGHT, OBJECTIVITY A PRESENTATION TO STAKEHOLDERS ABOUT THE VALUE OF INTERNAL AUDITING.
HR Manager – HR Business Partners Role Description

HR Manager – HR Business Partners Role Description
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Imperial College Web Review 2002 1 Imperial College.... An audience-focused realignment of our web strategy with our College strategy, our market, technology.

Imperial College Web Review Imperial College.... An audience-focused realignment of our web strategy with our College strategy, our market, technology.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Project Governance Structure

Project Governance Structure
Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative ANF IT Consolidation Website Publishing / IA Working Group Kickoff.

Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative ANF IT Consolidation Website Publishing / IA Working Group Kickoff.
Roles and Responsibilities

Roles and Responsibilities
INTOSAI Capacity Building Committee Meeting Stockholm, 8-10 September 2015 SAI capacity from a Post-2015 development agenda perspective The PASAI cooperative.

INTOSAI Capacity Building Committee Meeting Stockholm, 8-10 September 2015 SAI capacity from a Post-2015 development agenda perspective The PASAI cooperative.
Oracle Universal Content Management Standard Edition.

Oracle Universal Content Management Standard Edition.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Building our Future: Programme Board TOR PURPOSE To be the governing forum for the design & effective delivery of the Building our Future Programme To.

Building our Future: Programme Board TOR PURPOSE To be the governing forum for the design & effective delivery of the Building our Future Programme To.
Executive Invitation – Oracle Data Finder Service Oracle Corporation.

Executive Invitation – Oracle Data Finder Service Oracle Corporation.
INTERNAL AUDIT AND INVESTIGATION SERVICES PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE UNIT’S ACTIVITIES FOR THE YEAR ENDING 31 MARCH 2006 Z MXUNYELWA,

INTERNAL AUDIT AND INVESTIGATION SERVICES PRESENTATION TO THE PORTFOLIO COMMITTEE ON THE UNIT’S ACTIVITIES FOR THE YEAR ENDING 31 MARCH 2006 Z MXUNYELWA,
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.

U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
1) Establish & Identify Scheme 5) Evolve Scheme 4) Review & Modify Scheme Deliverables 3) Operate the Framework 2) Manage Performance Assurance Scheme.

1) Establish & Identify Scheme 5) Evolve Scheme 4) Review & Modify Scheme Deliverables 3) Operate the Framework 2) Manage Performance Assurance Scheme.
Making the PMO the beating heart of the NHS Change Agenda Mike Pryor, 7 th October 2015.

Making the PMO the beating heart of the NHS Change Agenda Mike Pryor, 7 th October 2015.
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.

Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.
Improving Departmental Information Search Processes (Concurrency Corporation) (Marketing Department)

Improving Departmental Information Search Processes (Concurrency Corporation) (Marketing Department)
Major Project Governance Assessment Toolkit Mark Ritchie, University of Edinburgh Pauline Woods-Wilson, Lancaster University Project and Change Management.

Major Project Governance Assessment Toolkit Mark Ritchie, University of Edinburgh Pauline Woods-Wilson, Lancaster University Project and Change Management.

Similar presentations

Ads by Google