Security Questions

  • Unknown's avatar
    katrinashaw · Member ·

    I work for a corporate organisation who are wanting to create a WordPress blog. Before we can do this we need to have our standard Security questions answered. I was hoping you could put me in touch with someone within your organisation who can do this. The questions that I need answering are below:-
    Security Component
    1) Security Policy
    a) Does the organisation have a Security Policy? If yes, how is the awareness and compliance with this policy promoted within the organisation and with its business partners?

    2) Physical Security
    a) What physical access controls exist within the organisation’s Data Centre(s) to restrict access to systems that may directly or indirectly handle Customer data to authorised personnel?
    b) What environmental controls exist within the organisation’s Data Centre(s) to protect Customer data stored on systems within this environment?

    3) Back-ups
    a) What process is employed by the organisation to back-up critical data? Has this process been documented?

    b) How regularly are backups performed?

    c) Are back-up logs maintained to track when and what data has been backed up? Who has access to these logs?

    d) Are the backups stored securely offsite? If so where?

    e) Does regular testing of backups occur? If so how regularly and what type of testing is performed?

    4) Disaster Recovery Plan (DRP)
    a) Does the organisation have a documented disaster recovery plan?

    b) If the organisation does has a disaster recovery plan how regular is this plan tested?

    c) What priority would be given to restoring services provided to The customer in the event of a disaster?

    5) Logging/Auditing/Monitoring
    a) What logging occurs at the network, system and application levels on hosts that may directly or indirectly handle Customer data?

    b) What type of information is captured in these logs and is it sufficient enough to allow a particular event to be traced back to its source?

    c) Are all logs “read only” and tamper proof? Where are they stored (i.e. locally on the host or in a central location)?

    d) Are the logs reviewed? If so how regularly?

    e) How long are the logs archived for?

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    honeysilvas · Member ·

    Hi,

    For what you need, you might be better off with a self-hosted WordPress.org site instead of a site hosted here at WordPress.com since you have a lot of back-end stuff that you need access to.

    For more info about the differences between .com and .org, see here: http://en.support.wordpress.com/com-vs-org/

    If you go the self-hosted route, you would have to get your own hosting where you would have more control over the logs, backups, security, etc.
    If you have more questions about a self-hosted WordPress.org site, you can ask support from WordPress.org instead. Their support forum is at http://wordpress.org/support/

    Just create an account there if you don’t already have one and they should be better able to help you there.

    Good luck!

  • The topic ‘Security Questions’ is closed to new replies.