Bagpipe Society Online Security and Contingency
This document covers the online operations of the Bagpipe Society. It lists every noteworthy component, enumerates the risks and the mitigations we have taken. This document also describes the extent of our operations should a responsible person be hit by a metaphorical bus.
This document was compiled at the request of a Bagpipe Society member with the agreement of the Committee. It includes worst-possible scenarios, and how we have mitigated against, or prepared for them.
Prepared by Joe Wass 2017-05-30
1: Public Website
Privacy concerns arising from user tracking
Risk: Users of the web are at risk from privacy breaches as a result of online tracking. This is a part of every-day life, and the choices of users. The Bagpipe Society uses Google Analytics to track users.
Mitigation: The website does not collect any personal information or require accounts in order to browse. Members are only invited to log in where necessary.
Mitigation: Users are free to block Google Analytics. There are many tools available for blocking trackers, including Privacy Badger.
Security breach via HTTP man-in-the-middle and shared passwords
Risk: Users who browse with HTTP may suffer man-in-the-middle attacks. This may leak personal or secret information. If a user is attacked when logging in, the email can be leaked.
Mitigation: The amount of personal data stored on the website is minimal. The email address is not considered to be secret information. If a user session is hijacked then the worst that can happen is that the email address is leaked.
Risk: The Membership List is an opt-in feature that takes data from the MemberMojo database and displays it on the members-only section of the website. It contains the name, email address and first half of the postcode for all members who opt in. A username/password combination that allows access to the members-only website might be leaked to a non-member.
Mitigation: This is a calculated, low, risk. The data in the list is compiled expressly for the purpose of being made available to any member of the public who wants to sign up for an account. If the credentials are leaked to a member of the public, members are no worse off than if that person had signed up. Members are free to opt in to, or subsequently opt out of, the list.
Risk: The members’ site is served with HTTP. A user viewing the Membership List could suffer a man-in-the-middle attack.
Mitigation: As above, the risk of the Membership List being made available to any member
Risk: Membership List being harvested for spam.
Mitigation: The list is password-protected so no automated harvesters will be able to access it.
Data loss due to hardware and service failure
The data behind the website (including the public website, all articles, images and scans) are stored using the Git source control. It is stored on a private GitHub account. A copy is kept on the server and automatically updated.
Risk: Data may be lost if the server suffers disk problems or a malicious attack.
Mitigation: The data is stored on GitHub. If the server crashes, no data is lost. This has happened twice with only minor annoyance.
Risk: GitHub account may be closed
Mitigation: Three copies of the data are stored at all times: on the website manager’s computer, on the server and in GitHub. If two of these suffer failure, they can be easily replicated.
Risk: Website manager may be hit by a bus
Mitigation: The Chairman has access to the GitHub repository and may make a full copy of the website data.
Loss of domain
Risk: The bagpipesociety.org.uk domain name may lapse.
Mitigation: Renewal reminders are set up to avoid the domain name lapsing.
Interruption of service due to personnel loss
Risk: The Website Manager may be hit by a bus.
Mitigation: The site uses the popular Hugo templating system to generate HTML. It uses Github to store data. In the worst case, the society can hire any competent web developer or system administrator, who will be able to re-create the site. Although there is some custom data munging for the Membership List, the essential functionality of the site is off-the-shelf.
In addition to this the Website Manager will also strive to look both ways before crossing the road.
2: Social Media
The Society has accounts on Twitter and Facebook.
Risk: Single point of failure with accounts.
Mitigation: Two members of the committee have access / credentials to each account.
The Archive, which includes all back-issues PDFs, is stored and hosted on Amazon Web Services Simple Storage Service (S3).
Risk: Single point of failure with accounts.
Mitigation: The data is stored on a Bagpipe Society AWS account. Two members of the committee have access to this account.
Risk: Data loss due to service cancellation or interruption
Mitigation: The primary copy of the data is stored on the Website Manager’s computer. If S3 suffers data loss or the account is closed, a copy is kept locally.
4: Membership Records
The membership system is operated and stored by MemberMojo. We rely on them for operations, continuity and compliance.
Risk: Membership records may be lost due to irrecoverable data loss.
Mitigation: We rely on MemberMojo to keep backups of their own data.
Risk: There may be Data Protection or financial breaches.
Mitigation: We rely on MemberMojo to handle records professionally. It is much more likely that an organisation whose business is storing and processing this kind of information get it right than a custom solution.
It is also more likely that records will be more secure hosted solution in which access to data is provided through an authentication system than in a custom solution on an unencrypted computer.
Day-to-day administration is performed by the committee: answering emails, maintaining the membership list, updating the website, organising the blowout.
Risk: A committee member’s computer suffers data loss or a malicious attack
Mitigation: Most communication is done via email. If a member loses data then a certain amount of information is present in the inboxes of other committee members.
If a member suffers data loss whilst performing a task, for example producing the latest Chanter or organising the Blowout, then interruption will be limited to that task.
Risk: Loss of past archive material
Mitigation: Most valuable (public) information, such as AGM minutes, should be in the Archive, as above.
Risk: Single point of failure for preparing accounts and treasury activities.
Mitigation: We are looking into adding
This document will be reviewed in preparation for every AGM at the least.