AikinenOptimizing the Pieces Together

Website Risk

"At the end of the day, the goals are simple: safety, security, and accuracy."

Website Health/Errors/Security Risk Assessment

Aikinen offers a proprietary Website Health/Errors/Security Risk Assessment/Appraisal. A Website Health/Errors/Security Risk Assessment (WHESRA) is a detailed health and risk questionary analysis of a company's website which is used to provide/give individuals a full evaluation of their business website's health/errors/security risks.

Most websites are built and edited by programmers who do not take or have the time to audit the full content of the site for errors/security of all types (spelling, punctuation, broken links/images, broken processes, security holes, database/dataset query problems etc). Websites are constantly being updated and changed and with each change new errors and security flaws show up on the site, most of time unknown to the executives/managers and owners of the company.

Many times a company's website is managed by a variety of people (marketing/sales, owners, managers, programmers). Everyone is so busy trying to get their daily job done that no one has the time, patience and energy to correctly check the ever changing website to see if all the moving parts are working correctly and all parts are accurate. Hiring Aikinen to perform a quality assurance and independent website assessment is the answer.

Each company's website is the public internet face of each organization, so it is important to present a public website that is looks competent, credible, and accurate to guarantee a company's reputation. Each error, misspelling, broken link, or security flaw makes the company look bad and perhaps even untrustworthy to do business with. If the website is wrong in any way, then perhaps the services the company is offering are flawed as well. To ensure the utmost confidence of all clients, a company's website should be as flawless as possible.

Aikinen's Website Health/Errors/Security Risk Assessment (WHESRA) is offered independently or in combination with the personalized Business Coaching/Consulting, vCIO/vCISO, or other IT Risk Assessment services. A person can take just the Website Health/Errors/Security Risk Assessment and then go on and use the assessment in consultation with any other web/IT service providers a company is working with at the time, or the person can elect to use the results of the assessment to begin a series of Aikinen Business Health Coaching or Consulting or vCIO/vCISO sessions to work on the areas discovered in the assessment.

Aikinen's Website Health/Errors/Security Risk Assessment is offered in two forms. The Basic Website Health/Errors/Security Risk Assessment is designed to be completed in 1-4 hours. The Advanced Website Health/Errors/Security Risk Assessment is designed to be completed in 1 or more days. Contact Aikinen for more details...

  

Available via Annual Retainer/Per Meeting/Project/Hourly

Website Health/Errors/Security Risk Assessment Options:

• Proofreading all the spelling/grammar/punctuation of all words/pages on the public website and intranet/extranet portal sites.
• Testing all the hyperlinks and images for accuracy and functionality, ensuring no broken links or images are on the sites.
• Checking of all webpage titles (title tags) for page/title accuracy.
• Checking basic database calling functionality of the various web pages and processes. (Select, Insert, Update, and Delete functions).
• Checking quality and correct sizing of datasets returned to ensure correct performance tuning and optimization.
• Checking the overall security controls of datasets returned ensuring proper user/group security configuration which allows limited access to proprietary information.
• Checking quality of queries to ensure queries are in alignment with standard practices to prevent database locking/blocking, cascade failures, memory leaks and application deadlocks.
• Checking for basic database optimization practices (indexes, clustered indexes) for websites.
• Analyzing DNS failover technologies and concepts to ensure correct configuration and best practices which ensure maximum uptime of websites
• Analyzing security configurations and protocols surrounding the websites (firewalls, VPN, internal DNS records etc) to ensure correct network access to the sites is set correctly.
• Checking for other miscellaneous broken processes at the site level.
• Analysis of change management procedures and protocols for updating websites.
• Analysis of users/groups that have access to change websites and protocols and approval processes to make changes to website content.
• Analysis of how change requests are initiated, documented, and approved for sites.
• Analysis of rollback procedures for all change implementations in the event of site or page failure.
• Analysis of backup methods and processes in place to ensure continuous protection of web site files/data both on-site and off-site.
• Analysis of technical and programmatic support for website, how problems are reported, documented, and how they are managed to completion.
• Analysis of load balancing technologies/configurations.
• Analysis of error pages, removing 404 default pages and replacing with company maintenance pages for uptime image purposes.
• Analysis of architecture of web servers (dedicated and shared resource servers).
• Analysis of disaster recovery and business continuity plans in the event the website goes down.
• Analysis of development, user acceptance testing (UAT), and production web servers and separation of duties/rights.
• Analysis of procedures/protocols to ensure non production testing of proposed changes on a test server before implementing on production servers.
• Analysis of overall DNS security (who controls the DNS records and changes).
• Analysis of DNS account renewals and payment methods.
• Analysis of overall SSL certificate security and renewals for web servers.
• Analysis of networking monitoring and alerting/notification for uptime/downtime in the event of site failure.
• Checking of outdated copyright dates on website pages.
• Testing of all primary and secondary domain names and the pages they land on or redirect to.
• Checking of Forms on site for Form Validation and correct error messages.
• Analysis of website payment /credit card processing and security protocols.
• Analysis of Website Communications
• Management of Web Application Issues, Bug Reporting, and Technical Support for Resolution