Download
1 / 11
110 likes | 175 Views
RochISSA.org. Web Site Design Refresh By Robert Combo, CISSP, SCSA EDS@Xerox, Network Security Services rcombo@rochester.rr.com. Current Issues. 100% all static HTML - Inefficient to maintain Time consuming for updates Meager content; “boring”. Objectives. Updated content
E N D
RochISSA.org Web Site Design Refresh By Robert Combo, CISSP, SCSA EDS@Xerox, Network Security Services rcombo@rochester.rr.com
Current Issues • 100% all static HTML - Inefficient to maintain • Time consuming for updates • Meager content; “boring”
Objectives • Updated content • Add RochISSA.Org documentation such as by-laws, meeting minutes, presentations, “The Top 10 Reasons to Join RochISSA.Org”, etc • Links to relevant sites such as ISSA National, SANS Internet Storm Center, security tools and education, etc, etc • Local relevant job postings • Possible additional features • Calendar of Events, newsletters, RSS news feeds, blog, sponsored links, surveys, moderated forums, security tip of the week??, other? • Consider Updated Site Theme
Site Theme (cont) • Build upon current theme? – Beige/Tan • Copy ISSA national theme for continuity? Such as the route of the NYC ISSA chapter
Solution: CMS • Content Management System • WCM – Web Content Management • A system used to facilitate publication of content to the web easily and quickly • Allow multiple content authors to publish directly to the web without knowing coding techniques • Many use the idea of a “Workflow”, AKA content authors submit to an approver • Version control/Rollback functionality • Templates and object reusability
CMS Product Varieties • Over 1700 CMS products, both commercial and open source available • Ranges from very simple, to “Enterprise level complexities” for deployment • Various foundations: PHP, Perl, JAVA, and others
CMS Products Evaluated • Magnolia – JAVA, LGPL, supposed ease of use - is used by www.OWASP.org site. JSR-170 supported • OpenCMS.org – Java/XML based, GPL, complex, recent updates - looks to be designed with large CMS deployments in mind. • Lenya – Apache foundation - Java based, GPL, recent updates, complex. Not all functions available in GUI, some CLI required • Cofax.org - Java based, GPL, simple, but not recently updated • Nukes – Java based, GPL, looks quick/easy, but requires JBoss (GPL) app server • Mambo/Joomla – PHP, GPL, ease of use, possible security issues but apparent quick patching cycles, limited versioning, not search engine friendly URL's, but large development community • Typo3 – PHP, GPL, complex, possible security issues • Moveable Type – commercial, but free for non-profit. Perl, Apache, limited functionality
Final Candidates Magnolia • Good: • JAVA, can be launched in any J2EE container, extensible with any Java API • Browser based admin and content editing • JSR-170 compliant • Role based user management • Bad: • Lack of real development community Mambo/Joomla • Good: • Large development community, lots of plug-ins and templates available • Scored 10/10/10 for ease of use, admin interface, and flexibility on cmsmatrix.org • Bad: • Possible security issues but apparent quick patching cycles, limited version control, not search engine friendly URL's
CMS - The Final Answer? • NO! A Content Management System is just a tool • To attract existing and potential new members to the site, there should be interesting and updated content • Web site should infuse a concrete value add of membership to visitors - first impression • Group involvement! – Looking for article contributors, graphic design ideas/assistance, and possibly bloggers • Email us your site ideas: webadmin@rochissa.org
References • http://www.cmsmatrix.org/matrix Comparison tool for 532+ CMS products • http://www.cmswire.com/ - CMS News and Info • http://www.cmswatch.com/Feature/123 - "JSR-170: What's in it for me?" • http://www.optaros.com/pdf/optaros_cmsReport_012206_sgg.pdf - Comparison of 15 top Open Source CMS packages
