Security on the web

Security is an important element of a well managed website. See also: Security Policy page 

The Lancashire County Council website and all related elements must be secure to build trust and maintain the reputation of electronic government. This will be seriously damaged if websites are defaced, services are unavailable or sensitive information is released to the wrong people. To protect citizens, the site and data must be secure.

The security of a website is determined by the security of the following:

• the operating system of the web server computer
• the local area network of the web server computer
• ‘backend’ (eg database) applications supporting the web server
• the authoritative domain name server for the web server network
• remote web server administration, eg, use of FTP, use of server extensions (not addressed here), and
• physical and personnel measures in place to ensure that the web server environment is secure the web server application

To help ensure security, it is essential that the following security precautions are taken:

• regular penetration testing / independent security review
• back-up procedures
• quickly providing updates to security and installing patches
• disaster recovery

Do not use Microsoft Office document attachments, such as Word or Excel - these are a security risk, as deleted text can be recovered. These documents can also reveal the document author, password protection and other details that may be of use to an attacker.