Information Security Theory

[catch]

cdupuis,

By the looks of it your site is unlikely to have much private, much less confidential information on it. Disclosure is unlikely to be of any real concern to you, leaving only the site integrity and availibility. Both of these issues can be dealt with via very regular back-ups.

My advice, leave the site as is, make very regular back-ups... if the site is every compromised apply the backup and patch it. This affords you the maximum usability at the minimum cost.

cheers,

catch

ps. http://www.cccure.org is a good site for a number of things, information security theory isn't one of them. Better off at the ACM. ( http://www.acm.org )

[cdupuis]

Thanks for your feedback.

You are correct, I always maintain a local copy of the site where I can do updates, testing, and then I update the online files.

I have two dedicated servers which allow me to perform regular backup between the two.

My approach is the same as yours, I will probably get hacked one day, I will probably get defaced even thou I attempt to protect myself best but such is life of the free portal software.

Best regards

Clement

[catch]

Exactly, your expenses should be directly related to your level of risk... and I'd guess your level of risk to be very low even if using php-nuke makes your ARO quite high.

cheers,

catch

[RoadClosed]

Laws and regulations also regulate risk. Well not risk but mitigation. Many times the expense for compliance out paces profit. Not the case here, I know just adding an angle.

[catch]

Good point, but I never look at it that way... more comparing the cost of compliance vs the cost of a non-compliant solution plus the cost over the likelihood of getting caught. If it is cheaper to be non-compliant... again that is the best choice.

cheers,

catch