A Comparative Study of Ning, Sox Box and WordPress
Abstract
A research problem is that many cybersecurity professionals are not aware of the vulnerabilities present within web-based content management systems. Content management systems (CMS) have been a part of computing for decades; however, these solutions may or may not be connected to networks. Web-based content management systems are always connected to networks; this could present challenges in maintaining its security. The objective is to identify types of threat agents that can cyberattack, security issues relative to cloud computing, and how to use a risk management framework in order to implement a system with effective cybersecurity strategies. The research argues that cybersecurity deciding to include security solutions that take web-based content management systems into account, is a long-term best cybersecurity practice.
Keywords: content management systems, cloud computing, risk management framework
Cybersecurity and Web-based Content Management Systems (CMS)
What is a Content Management System?
A content management system (CMS) is a software application that allows users to develop and management company websites that deal with the storage of client data. There are also many versions of CMSs that manage information for company assets that are not websites. CMSs give users the ability to create, manage and publish digital content through a user interface. A good CMS will provide the opportunity to customize the design and functionality of websites by using design templates. Where the software really shines is that a creative team can access the back-end of the software with all its data at any given time. CMSs are highly functional, versatile and scalable.
Using a CMS provides a solution to one of the primary problems users may have in the beginning; the CMS will provide the website platform for you rather than having to use original code to make one. The CMS will automatically handle HTML, images and other media, as well as navigation on the website. They will also offer CSS and JavaScript in order to provide a design for the project. Users can make adjustments to these areas to create their own brand or design style.
The CMS has it own web hosting that is connected to a third-party server; therefore, there is no need to make request to the server for any reason regarding information security on the user’s end. CMSs are easy to use for new developers, and are great platforms for experienced developers to innovative digital design and content.
CMSs are made up of two parts: a content management application (CMA) and content delivery application (CDA). These two components make up the entire infrastructure. The components will make it possible to produce content and distribute it to search engines, social media, email and other applications. It also gives users the control over how they would like their URLs to read on web browsers and publish any original designs if they are needed. All of the data that has been created is stored on a third-party server that the user does not have to manage.
There are several advantages to using a CMS instead of building a website from scratch. The first reason is that the users will not need to know a scripting language or any code to get started. CMSs offer different layouts and templates that are unique enough that thousands of people can use them and produce websites that are not identical with each other. Another advantage is that it is easy to set the roles and responsibilities for others working in a team without adversely affecting the functionality of the website. This high level of collaboration is what makes CMSs effective for business operations; they improve team productivity. They also provide a convenient way for content to appear on Google, Bing, Yahoo and other search engines. CMSs are convenient for the following objectives: customizing content pages and their URLs, generate XML and HTML sitemaps for search engines to crawl, decrease loading times and feature good website navigation.
Personal Experience: Overview
I have several years of experience with content management systems (CMS) for private and professional use. Every desktop and laptop computer that I’ve had access to throughout my life, I’ve always used CMS for blogging. Some of the blogs that I created were platforms for me to journal, expressing my thoughts and emotions and publishing them for anyone on the internet that would be interested in reading them. My other blogs were professional and were used for monetization. The summation of these experiences has allowed me the opportunity to create my most recent blog which is professional and also a passion project. Using CMS has given me the opportunity to collaborate with other writers and publish information for a global audience. It also has given me perspective on CMS vulnerabilities to cyberattacks.
I used several different blogging platforms in the 90s, but GeoCities is the one that I used the most. The platform was not solely for blogging purposes. It provided a way for users to create a small website within GeoCities’ infrastructure. Users had the opportunity to publish information (which is the feature that I used for blogging), drag and drop features within the user’s web space, and share it with others on the platform. GeoCities existed before social media, there was always a plethora of users on its website to view the pages created by writers who were dedicated to the platform.
I also used many blogging platforms in the 2000s, but I used Xanga the most. I liked the user interface of Xanga better than some of the other platforms because the post made by the users looked like modern blog post (rather than a website like GeoCities). My Xanga blog was about self-reflection and self-improvement. I described feelings that I was going through in my life and grew an audience. I kept the blog throughout high school, and when I was in undergraduate school, I made two friends who also had Xanga blogs. Many people with Xanga blogs, including myself, stopped using the platform when social media became accessible.
At my undergraduate university, the Fine and Performing Arts (FPA) department had a call board with information on Studio Art, Music and Theatre. I used to work in the Theatre department and attend events from Music and Studio Art as well. I discovered there was a lack of participation from some students who did not support all of the FPA events. I was inspired to use my blogging as a way of promoting events. However, I did not have much of a social media presence and the writing I published on them probably had little to no effect on increasing attendance.
My senior year, I stepped away from blogging for awhile because I wanted to build a social media website for artists in order to promote all of their events, featuring a blogging section, and an online portfolio section for artists to promote their creations. I collaborated with a friend who was a software engineer at the time, we set a launch date, but we failed; my friend knew Python scripting well, but not good enough to create the social media/blogging platform that we designed together. He told me I may be better off using a Software-as-a-service (SaaS); there would be no need for a software engineer and the website with all its features would be available as soon as its published online. I ended up creating the website myself and launching it seven days later.
From 2008 to 2016, the arts website had 641 artists from around the world, more than 15 million visitors, and millions of pageviews. At its highest point the website ranked 100,000th on Alexa’s global website rankings.
It was a challenge to reach those data points. In 2008 and most of 2009, I was blogging regularly on the arts website. I received a call from Frank Shifreen who had been reading my blogs and liked them but wanted to pass on some words of wisdom. He made sure that I understood that it would take more than writing to get artist to collaborate and generate economic activity, and that I should always be on the look out to see where I can participate in those areas. I appreciated that phone call. During the call, I did not know that Frank Shifreen pioneered an arts movement in Brooklyn during the 1980s where he produced many artist-run shows.
From the end of 2009 and almost the entirety of 2010, I did not blog regularly. In 2011, I was working in the Food Pantry department at Jewish Family & Children’s Service (JFCS). Two incredible things happened with my employment there: I met a collaborator who got me focused back to blogging to the best of my abilities, and I would be a part of selecting technology for the Food Pantry to use for appointment setting, user accounts as well as company and government (USDA) documents. I learned the importance of working on blogs as a craft instead of something that is insignificant, information technology solutions and cybersecurity. It was a challenge but I am proud that I helped the Food Pantry move to its own building in Creve Coeur, and the arts website existed for another five years on the Ning content management system.
Ning’s CMS was different than any other that I had worked on previously. It was primarily promoted as a SaaS for building a social media website. It also had features like blogging, adding photos or videos, and profile sections where artist can submit their creations. I learned that Ning is a good solution for small groups who want to create a method of communication; however, Ning’s infrastructure was less effective than its competitors in regard to blogging. For example, if there were blog pages that needed to be deleted, there was no way to select all and delete; the user would have to open each individual page in order to edit or delete them.
Before the move to the new building, JFCS was interested in building a software from scratch to handle all of the pantry data. I was tasked with showing software engineers how the pantry operated, what types of data needed to be stored and what needed to be sent to the government. The company ultimately decided to go with a SaaS that is exclusively for use by food pantries. Sox Box is a customizable SaaS that has a CMS for all pantry data. The manager, program assistants and I were responsible for customizing Sox Box’s CMS. Today the pantry is nearly paperless. Clients sign into Sox Box on iPads in order to verify their information; the pantry workers also store data on iPads and only a few desktop computers.
In 2014, Google had made some changes to its search algorithm that resulted in my arts website receiving fewer viewers. My collaborator and I at that time did not have the knowledge of how to handle this situation and the website began to fall backwards in the Alexa rankings. Also, I was a resident of Ferguson, Missouri in August of 2014 where the national media were present. I was inspired to cover the news that was taking place in Ferguson. I made a couple of different types of news websites using WordPress as the CMS. In addition to cover the events every day, through using WordPress I finally found the CMS that is perfect for bloggers and writers. At the start of 2020, I combined my arts and news websites together into one passion project, that is currently active.
Cybersecurity and Content Management Systems
Content Management Systems (CMS) are not only a part of IT infrastructure used for blogging, it is present within the technical resources for business and governments. CMSs are always a part of web-based solutions, which creates vulnerabilities and the need for cybersecurity to research and develop methods of mitigating CMSs if they are cyberattacked. There are a variety of cyberattacks that frequently target the CMS: injection flaws, authentication and session management, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, access level, and cross-site request forgery.
CMSs are particularly vulnerable when they are used to develop websites that are continually hosted on the internet. It is important for cybersecurity to continually look for potential solutions for threat agents that are likely to exploit vulnerabilities that can currently be seen or those that can be projected to exist. When cybersecurity conducts an assessment of the vulnerabilities present within a website, they will develop a familiarity with the sections of the infrastructure that they should examine in order to conduct mitigation. Sometimes cybersecurity will have complete access to the CMS, and in other cases they may need to request access to the infrastructures API in order to gain access to the source code for them to discover what kind of security threat is taking place on the website’s CMS.
Sometimes CMSs are taken for granted that they will always work efficiently and will require little security effort from IT or Cybersecurity. It is easy to fall into this way of thinking because when examining the most frequent ways in which threat agents compromise a company’s technical resources, they often find that the cybercriminals gained unauthorized access to networks and systems. However, a CMS is just as likely to be a target area for hackers. For example, a hacking organization could use social engineering techniques on a current employee of a company that they want to compromise, gain access to the employee’s credentials for the CMS, and gain unauthorized access to many areas of the CMS including data that is currently being entered or those that are stored in areas of the CMS.
CMSs are computer applications that give users the ability to create, edit, manage and publish content efficiently and effectively. It is important to note that the use of CMSs is two-fold; there is a user interface that allows users to input data, and there is a back-end to reach data storage. The CMS is not the complete infrastructure supported by source code, but it is rather a component of the overall system that is also maintained through source code, which indicates that a CMS can be compromised on the front-end or back-end of the website or legacy technology it is operating on. It is important to treat CMSs like other company programs by making sure that they are up-to-date with software standards and company policies. Although CMSs are programs just like encryption services and some firewalls, the major feature of a CMS is that it can be edited through source code, which makes it a solution that is built in the infrastructure rather than bolted on.
From a publishing perspective, CMSs are used to make public or store documents relating to news, press releases, brochures and technical manuals. This process is also two-fold; it is possible to publish business and professional documents on the front-end, and store them for later editing on the back-end. All CMSs do not have this capability; some of them are simply used for data entry and data retrieval. However, the CMSs that can publish user content are popular on the internet and are a significant component for use by digital media entrepreneurs.
In the past, before the SaaS programs were available, tech companies would have to build their CMS from scratch. They would often design the CMS, determine how it will function along with other components of the systems and networks, and use html, JavaScript and CSS as popular coding languages for the creation of a CMS. Even though research lists those three coding languages as the most frequently used for developing a CMS, it can be augured that other languages may be stronger in the process of creating from the beginning. It may be more effective to use languages like C, C++ and Python in order to develop a robust CMS. Html, CSS and JavaScript are better choices for when software and web developers choose to develop websites for their organizations, as these three scripting languages have proven to be reliable options for creating a web-based portal for any type of business, organization or individual that develops websites. The three languages can be effective for implementation on parts of the CMS rather than being the only ones applied. These languages are efficient methods of adding an extra layer to data input and connecting the CMS to web browsers and online networks should management find it necessary.
CMSs assist in the process of classification, organization, networking, content storage and editing. CMSs have reached a level of sophistication where they can provide data entry and retrieval across many systems in various locations. Large corporations with staff in various cities and countries can use CMSs to capture and store information at any of the company locations. However, the most widespread use of the CMS leads to it being more vulnerable. Companies take some of the pressure off of CMSs depending on how they design their network. It is common for large organizations to use the same CMS at all of its locations which can lead to slower processing speeds, denial of access for systems within an entire department because it did not receive the most recent update from IT or Cybersecurity, it can also be an area where a hacker may use social engineering to gain unauthorized access to data within the CMS. This is especially true for CMSs that are web-based, if it is connected to the internet it is just as much of a vulnerability as servers, networks and other components of the system architecture. Therefore, CMSs should not be viewed as independent from system architecture, it should be monitored, updated and treated as a potential vulnerability just like another software or hardware operating on system architectures.
It is important to note that CMSs can be applied for personal or professional use. In both circumstances they work exactly the same. However, the individual user that has CMS on their website is far less vulnerable than a company with hundreds or thousands of employees that use the same CMS. For example, a WordPress website with its opensource CMS can prevent data breaches by downloading and installing plugins for security in order to protect data. SiteLock is a popular cybersecurity plugin for WordPress websites, but there are dozens to choose from; each one has its security features and web developers can choose which plugin they would prefer to use. A large company, on the other hand, may have to develop patches instead of using plugins and get them to work on all terminals throughout the company, which can be a very difficult task. For web-based CMS all that is required is an internet connection that the user can open the online database for capturing and storing client information; this is the strategy that most companies take today. However, some companies are still playing catch up because they are using legacy software without an internet connection-which is more secure-but is more challenging for data accessibility and storage which can reach a limit. Web-based CMS are connected to the internet and store information in the cloud, which makes it a little less safe, but more accessible for data entry and retrieval, and the ability to add security services through the Cloud provider that would not be available with legacy software.
One of the best aspects of using a CMS is how flexible the solution is in regards to the storage and retrieval of different types of media. Different companies will require different media to be stored. No matter if it is a large corporation or a sole proprietorship, CMS is excellent at building containers for users to input words, documents, audio and files, and other forms of media that the CMS has been made responsible. Therefore, when looking at CMS as a potential vulnerability, it is an area that hackers may be interested in because there is not only client personal data stored there, but there are a lot of company files that can point hackers in a particular direction to find ways to further compromise the organization. An example would be that a hacker was able to get unauthorized access to the CMS and discovered financial data that shows where the company has bank accounts and which staff members are responsible for them. Once they have this information the hackers could use spear-phishing to gain access to the actual bank accounts and direct currency to bank accounts around the world. North Korea is known for using cyberattacks to gain financial data and steal money from corporations and governments. This can also happen with small companies that have a compromised CMS as well. Typically during a financial breach, North Korea will illegally, and unethically direct stolen currency to banks outside of North Korea-to at least two or more financial institutions before sending the stolen money to Pyongyang. There are currently no international laws that can prevent state actors from doing this, but it is important to highlight because the hackers do not always need to gain access to system architecture on the back-end through servers and networks; they can also compromise web-based CMS in a variety of ways.
Web-based CMSs and Vulnerabilities
Web-based CMSs are software solutions that users gain access to through a web browser or web portal that directs them to the internet. They store data in off-site remote data centers where another company will use their cloud computing resources in order to protect the data. The combination of Web-based CMS and cloud services are a best cybersecurity strategy for content management. While using the cloud services are typically safe for organizations, it is important to keep in mind what comprises a Web-based CMS; they are both a physical software and a virtual web application. Hackers can target the CMS in either two areas. The following 10 vulnerabilities are most present within Web-based CMSs on the web application side: (1) injection flaws, (2) broken authentication and session managements, (3) cross site scripting — XSS, (4) insecure direct object references, (5) security misconfiguration, (6) sensitive data exposure, (7) missing function level access control, (8) cross site request forgery CSRF, (9) using known vulnerable components, (10) unvalidated redirects and forwards.
Injection flaws occurs when a Web-based CMS sends untrusted data to an interpreter. This vulnerability is typically found in legacy systems. Injection flaws occur when the users do not check if the information, they are entering into the CMS is free of malicious code. When this part of the CMS is compromised the hacker will have the ability to view stored data and make requests from servers to find other forms of company data. While injection flaws may be difficult to see in the beginning, they are relatively easy to remove as most security software will be able to scan and delete them.
Authentication and session management is a security measure that protects Web-based CMSs form cyberattacks. It is important for organizations to never have a data breach during this potential vulnerability as it can make all of its stored data and company documents available to be seen by outside entities. Authentication is important for legacy software as well because if a threat agent makes it to the software it is as much of a vulnerability as new, highly functional Web-based CMS. Sometimes authentication can be broken and session management may be a point of entry for some hackers. Authentication that has been compromised is similar to authentication in other parts of system architecture, once they have been broken it makes many documents available to hackers. Hackers often attack the session keys for this part of the CMS in order to gain unauthorized access to information.
Cross-site scripting — XSS is a cyberattack that causes the CMS to forward malicious scripts to user’s computers and web browsers. It also has the capability to move to different systems on a network once it makes its way through the first terminal. This is a common cyberattack that cybersecurity should always lookout for; using firewall settings and anti-virus scanning software can be effective in preventing the XSS from taking place.
Insecure direct object references are a vulnerability that gives hackers access to objects like files and folders and the data stored within them. These often occur when a cybersecurity professional does not set the appropriate access control, which makes its data an easy target for hackers. Web-based objects are generally protected by cybersecurity staff and third-party cloud computing services, but if access control is slightly off it creates a large vulnerability for the CMS.
Security misconfiguration may occur at the CMS or other parts of a system architecture, particular components of the application layer like operating systems. IT and Cybersecurity should collaborate in order to set a configuration that will allow all portions of the application layer to work efficiently. Using scanning programs can help cybersecurity identify areas in which there is a misconfiguration.
Sensitive Data Exposure compromises the integrity and confidentiality of information and data. If the CMS does not provide adequate security in the forms of applications that protect data, then there is a greater chance that it will be affected by hackers. One of the best strategies for a CMS is to ensure that the HTTPS protocol and secure socket layer (SSL) are implemented with encryption services. A good CMS will ensure that the flow of data will end with the encryption process taking place. Hackers can take advantage of this, but sometimes data breaches occur through human error that accidently exposes the sensitive data. When sensitive data exposure occurs, it decreases the confidentiality, integrity and availability of data.
Access level is a significant task that must take place with each user. Cybersecurity needs to assign which employees will have access to the CMS or components of the application layer. Ensuring that everyone has the correct access level will make the CMS and other components more secure. It also makes the staff more efficient that will only be working in the parts of the system that they are required to, while others will work on different components depending on their access level. Sometimes hackers can use spear-phishing to gain unauthorized control of access levels, which can cause organizations to misdirect their data and mistakenly make it available to hackers.
Using known vulnerable components can affect the CMS and the entire system architecture. It makes the application layer much easier to hack. While this can make the system compromised, it can be avoided by cybersecurity being careful not to install software that has been exploited in the past. This occurs sometimes because large companies get new employees all the time and they may be unfamiliar with some of the technology the company keeps as possible solutions.
Unvalidated redirects and forwards gives attacks the ability to direct users to malware and other threat agents. While IT and Cybersecurity are implementing the system architecture they can check for possible redirects and forwards that should not be there. Even though this is something that can easily be avoided by following security policies, human error often brings hackers to the redirects and forwards.
Web-based CMSs and Cloud Computing
The technical relationship between Web-based CMSs and cloud computing services is significant in regards to managing and storing data, and having a healthy and functional system architecture. Since most CMSs are connected to the internet for storing data within the cloud, it is important to emphasize this process as a potential vulnerability. Some critics would suggest that the legacy software that stored information without the internet was much safer to use. However, using the internet and the cloud provides some distinct advantages that legacy programs will not be able to offer.
Cloud services provide CMSs with an on-demand service. Anytime cybersecurity is ready to complete a task or objective that includes the cloud services, they can access all components of the cloud including the parts for storing data and all other processes on the application layer. The reason why the cloud is the better option is because it makes CMSs more accessible and work can be completed more efficiently, and it is useful when certain pieces of data need to move within networks in transit. Cloud computing makes is convenient for cybersecurity professionals to carry out those actions. Even though storing data within a third-party may be a risk if they were to get cyberattacked, in most scenarios cloud services allow CMSs to be quicker and more accessible to the users.
Cloud services are beneficial to CMSs because they provide broad network access. Cybersecurity now has many cloud computing options they can recommend for installation at their agency. There are so many cloud services companies today that if a cybersecurity department chooses not to use the services of an Amazon or Google for cloud services, there is an emerging class of medium sized companies that are offering cloud services as well. These new innovations are compatible with a variety of operating systems, software and hardware. When implemented correctly, cloud services can increase the security of the CMS by creating backups and sending frequent communication regarding what the cloud service is doing in order to keep the CMS protected along with its system architecture.
Unless the company chooses to buy cloud services with its own storage and server, more often than not, many companies invest in cloud computing services with resource pooling; these solutions are most cost effective because a variety of businesses will share server and infrastructure space. This method can be used to assist the company in reducing its budgetary data. It is important to note that many CMSs run on servers with resource pooling; it is a frequent occurrence that cybersecurity should always examine.
Cloud services are also effective with CMSs because they have rapid elasticity; it has a scalability to fit any system architecture. This makes cloud services available to small, medium and large corporates in a secure way. Rapid elasticity is also helpful with storing and protecting government and military networks.
Cloud services offers measured service to CMS. It helps cybersecurity measure and monitor traffic, as well as the protocols taking place on the operating system and virtual machines. The collected data and intelligence can be used to develop business strategies and provide metrics regarding the security of system architecture.
There are three different types of cloud services that impact CMS. The first being software as a service (SaaS) which allows users of CMS to use applications running on the cloud on any company device. However, it does not provide the company with the ability to make adjustments to cloud architecture. Infrastructure as a service (IaaS) gives the CMS user the ability to run software in the cloud, many different types of metrics, and the ability to make changes to the cloud infrastructure. Platform as a Service (PaaS) gives the CMS user the ability to run specific applications with the ability to develop them within the parameters set by the cloud computing service.
There are four cloud computing deployment methods that impact CMSs. The private cloud is when cloud infrastructure is only available for one specific organization. It can be managed by cybersecurity staff or with a third-party. They can be implemented on-premise or off-premise. Private clouds are usually the safest storage services to work in collaboration with CMS.
Public cloud makes cloud infrastructure available to the general public. While they may be helpful in places of public accommodations like libraries and coffee shops, it is the least secure cloud deployment, making it much easier for hackers to gain unauthorized access to the CMSs, find the credentials for cloud services and gain access to client information.
Community cloud offers cloud infrastructure to several organizations using the same technology. Companies that provide community clouds often try to place organizations with specific missions on the same infrastructure. If CMSs are hacked, they can potentially cause data breaches for any of the organizations involved in the community cloud.
Hybrid clouds offer a mixture between the previous three deployment methods. Sometimes companies may want a public cloud for the customers in their store and a private cloud for exchanging critical information. While this is considered a safe cloud computing option it can be viewed as two separate targets for hackers to compromise should they break through CMSs.
In order to provide the most security for CMSs it would be effective to use private cloud services. It would also be a good idea to write within company policies to refrain from using the public cloud (depending on the type of business). Hybrid and community clouds are generally safe but are bigger targets for cybercriminals; therefore, when using either of these it is important to ensure that the CMS is up-to-date and functioning properly.
CMSs and Risk Management Framework
CMSs are impacted by every level of Risk Management Framework (RMF) and should be considered an integral component of any new or existing RMF strategy. RMF has six steps that should be applied in sequence: (step 1) categorize all components of system architecture as having a low, medium or high impact, (step 2) select the controls needed to upgrade system architecture, (step 3) implement how the controls will be installed, (step 4) assess the functionality of the controls, (step 5) authorize that the implemented controls are meeting company standards, (step 6) monitor the implemented controls on an ongoing basis. CMSs are important for these six steps because they mediate the input and output of data, and if they are not made secure by RMF then the strategy will need to be re-evaluated.
Controls are actions that may be technical or non-technical methods of reducing risk. When cybersecurity professionals implement effective controls, they increase the security of CMSs. An enhancement adds new functionality to the controls chosen by cybersecurity staff. Controls can be implemented on their own or in conjunction with enhancements depending on the security objectives. Controls possess three baseline levels: low, medium and high impact. The level is selected in step 1 and provides a direction for the remaining steps in RMF. Throughout the six-step process, settings for the CMS may need to change in order to correspond with the new baseline level.
While every control will have some connection to CMSs there are some that have more of an impact than others. The Physical & Environmental (PE) Protection controls provide methods of security from the perspective of real-world access to company assets. This takes into account the potential cyberattacks or physical damages that can take place within CMS or other parts of system architecture. PE controls are responsible for the physical security for company systems, which often include access to CMSs, servers and other components. Since CMSs are usually on the front-end of the system and may interact with both staff and clients, it is important for PE to provide physical security for CMSs in order to make sure that an insider threat or other malicious action may be taking place.
Auditing and Accountability (AU) controls assign who is responsible for the CMS and how their work will be reviewed going forward. AU is a technical control that gives organizations the opportunity to view their progress. It is important to have specific personnel responsible for the CMS rather than random employees. The system will work more efficiently if there is a go-to person or a team that constantly monitors the auditing and accountability.
System & Information Integrity (SI) controls promote the integrity and security of systems. SI are policies that determine how to prevent malicious code from entering the system. Since CMSs are responsible for storing and putting data in transit; it is a target for hackers and its setting should be considered when implementing SI.
Awareness & Training (AT) controls ensure that staff know their particular role in the system, and how to implement the controls they have access to. All companies need some form of AT in order to run efficiently. Cybersecurity professionals may be trained on what the CMS does and how they can ensure that it runs without errors.
Contingency Planning (CP) controls put a plan of action in place should there be a natural disaster or some other unexpected threat that exploits the system. It is recommended that these controls are frequently updated with best cybersecurity strategies that correspond with how the system architecture functions. The data that CMSs store and move should be outlined in the CP just in case there is a need to prevent a data breach.
Identification & Authentication (IA) are controls that verify who the user is and what they are capable of accessing on the system. CMSs may collect many different types of data including documents, personal information, scanned documents and other forms of important media; therefore, a good IA strategy will always feature a solution for CMSs to follow.
Security Assessment & Authorization (CA) controls gives cybersecurity the ability to assess risk and verify authorization. These controls can identify risk across the entire system architecture; when CMSs have errors, they are typically discovered during the CA control process. The issue is then mitigated and the cybersecurity professional or team may need to make adjustments to other controls within the RMF in order to complete all six steps.
There are thousands of different types of controls that can be implemented through RMF. It is important to evaluate them because all of them will have some connection to the company’s CMS. In some cases it may not be necessary to make changes to CMS settings, and for others it may require significant change. After examining CMSs, cloud computing and RMF, it is safe to assert that cybersecurity professionals working in risk assessment or system security has a chance that these three areas will be company assets that upper management and executives will want to review before implementing a new solution.
Customization of CMSs
There is a CMS for every kind of business or organization that needs to categorize and classify stored data. CMSs are everywhere and are a part of people’s daily lives. From the CMS that manages the data within self-check out machines at grocery stores to the management of health information at pharmacies, CMSs make it possible for people to gain access to the things they need during their daily lives. Even though every organization uses some form of CMS, the various software that makes up CMS is often taken for granted that it will always work in the same way each day. For the most part, CMSs are reliable for daily use, but it is important to assert that they require updates just like any other component of system architecture. Many critics may think that CMSs are simply software for data entry and retrieval. However, if you examine some of the intellectual property regarding CMSs there may be surprises for skeptics.
Invention: Content Management System
One of the best places to learn about new innovations in technology is the United States Patent and Trademark Office (USPTO). A new kind of CMS has been invented by Sarah Baxter and Lisa Vogt. They took the framework of a traditional CMS and added some innovations to it. Their invention includes an apparatus, software and method of organizing a variety of different content that is connected to a web server that will present the data on web pages automatically (Baxter & Vogt, 2003). In order to create this new CMS they built an infrastructure with multiple containers for different types of data and media; the inventors then connected the media to a server that runs a protocol to turn the data and media into web pages. Their invention is unconvententional in the sense that the CMS has its own server, but in most solutions, it shares server space with the other components of system architecture. These two inventors are among many who create innovations in CMS and patent them before using it.
Invention: Classification Based Content Management System
Inventors Parnell, Uzquiano, and Royston created a CMS that generates meta data that causes the system to classify the data in a variety of categories. For some organizations, data has more than one function within the system, their invention aims to process data through a classification system that will make it more efficient for application within the company and retrieval for professional services (Parnell, Uzquiano & Royston, 2003). Typical CMS solutions do not offer the ability to classify data; therefore, the inventors were able to develop and implement a unique solution to their company in ways that corresponded in its need for data storage, transition and retrieval.
Invention: Secure Electronic Content Management System
Another interesting innovation is a CMS that stores data and create meta data that is encrypted and sent to another server that automatically transforms it into promotional data for a company (Downs, Gruse, Hurtado, Medina, & Milsted, 2007). This is another unconventional type of CMS because it is storing client information and turning it into promotional documents simultaneous while using an encryption process. This kind of an innovation would work well with department stores and various shops that want to capture client data but also use it in a way that promotes the business. In many cases, companies sell this type of information to third-parties and they use it for promotional work. It is the reverse in this case, the company that is using the CMS, content and meta data are creating promotional documents for their own customers.
Invention: Content-Management System for User Behavior Targeting
An innovation in CMSs for user behavior targeting involves the creation of multiple servers to send specific data to in order to provide a certain type of content to the user (Liu & Madhaven, 2010). This kind of CMS is used for online digital media or e-commerce solutions. This CMS would be most effective for a digital media companies with a broad audience. The segmentation of sending data types to specific servers has the potential to increase the speed of the data going from storage to another server. An advantage of this innovation is that if one server is damaged it will not take out all of the servers. Therefore, cybersecurity could focus solely on the server that needs to be patched or replaced.
Invention: Method and System for Operating a Content Management System
Inventors have found a method for CMS that will store data and send it to a server where it can be edited and published on behalf of a company (Dabney, Hill, Trujillo, Washington & Lee, 2004). This CMS has been deployed in the financial sector and tech corporations. It would also be a benefit to digital media platforms that produce their own content for distribution. The CMS is available for any type of organization that needs to acquire data and edit for purposes of publishing content to customers or internet users.
Invention: User Interface for a Digital Content Management System
The user interface for a digital content management system uses a graphical user interface that can filter inputted data and transform it into files and folders for display (Abramoff & Blumenthal, 2010). The user has the ability to see their information stored in one specific display area. These media files can be viewed through a web browser that connects to the CMS. This kind of CMS could be beneficial for photographers, and people in creative disciplines that sell prints and other arts and crafts that use classified media like audio and video.
Invention: System for Web Content Management Based on Server-Side Application
The system for web content management based on server-side application takes users data and media files, sends them to a server, and transforms them into web pages (Dan & Brown, 2003). It is essentially a method of deploying as SaaS without the need to sign in and verify every page that is generated through the CMS. While most CMS solutions focus more on storage and transmission on the front-end, this invention is probably safer than the traditional CMSs because it is server-side, which gives the cybersecurity professional the ability to process the information rather than the client.
Invention: Advertising Content Management System and Method
The advertising content management system and method is a CMS that manages the advertisements found on websites (Chambers & Tefft, 2008). Users have the ability to create advertisements on the CMS and pay for them to be distributed on a chosen selection of websites. This practice takes place with all of the major digital media companies, online magazines and newspapers. Most advertising programs for websites require the user to insert their HTML code in order for them to generate random advertisements that are managed by companies. This solution, on the other hand, gives the users the ability to decide on what type of advertainments they would like to display rather than another company making the decision for them.
Invention: Personalized Content Management and Presentation Systems
This CMS has a visual user interface that features images that function like windows. Each window is on a different topic and it is up to the user which one they would like to bring to the forefront (Herrington, Manolis, Wright, Climan, & Quek, 2004). Whatever image the user selects an associated publication will pop up on the screen. The user interface is also unique in the sense that it has its own design. Around the images are designs that look like magazine racks. This was developed to give the user the experience of virtually picking a publication from the magazine racks. Underneath the title of the publication are links to the various categories that are within the publication. Clicking on the links will present the user with additional links to digital content. After the user has finished reading, they can put the virtual publication back on the magazine racks.
Invention: Method and System for Using File Systems for Content Management
Typical CMSs have the ability to store input data and encrypt it if it has the capability to do so. This invention has that feature but also has data containers for metadata that it creates. These “Phantom files” are associated with different attributes that causes the input data to create metadata that is associated with a category (Chatterjee, Ericcson, & Clark, 2001). It is a relatively simple CMS that helps the organization categorize and classify its information.
Invention: System and Method for Providing Content, Management, and Interactivity for Client Devices
This CMS provides content, management and interactivity for client devices. The CMS automatically captures data and transforms it into a digital data that can be used as recommended items on the user interface (Janik, 2001). The CMS can be connected to televisions and serve as a digital recommendation application for the device. This CMS was forward-thinking but is now obsolete by smart TVs that have this capability and the ability to download apps to broaden their digital content library.
Invention: Client Content Management and Distribution System
The CMS is for the distribution to and management of inventory of digital content through a digital content vending machine (DCVM) (Muyres, Rigler & Williams, 2001). DCVM is an infrastructure and inventory for clients using software on their computer. Once the infrastructure is loaded the user will see various icons from vendors who have agreed to promote their products and services on the software. Users can view items and buy them over the internet from the selected group of stores. This CMS is supported by two master servers that share responsibilities in order to keep the software’s infrastructure operational.
CMS Dependency
The amount of digital content available on the internet has increased dramatically over the past six years (McKeever, 2003). Since companies are dependent upon networks, it would be safe to assert that many of them are also dependent upon CMS solutions. McKeever states that CMSs has reached a high level of sophistication in regards to content production and publishing tool. These are the same tools that are being used for social media and digital media platforms. Each has user-generated content that goes through the publishing process that specific companies have. Comparing the needs of digital media and social media results in finding a stark difference between the two. A digital media company like BuzzFeed may use this CMS to publish content, send to the search engines and share on social media. However, social media requires the user to post information in Facebook’s CMS which probably involves hundreds of servers and a large amount of storage space for all of its user-generated content.
Most cybersecurity professionals would agree that there should be more innovations in CMS. There is a difference of accessibility and functionality when you’re comparing the CMSs found in libraries to those at major corporations (Seadle, 2006). Research indicates that many organizations start off with a proven security software solution that may include cloud services and the conduction of RMF; however, as the company grows and they raise capital, sometimes a top budget priority is to develop an original CMS that meets the company’s needs, or to find an already proven strategy and use part of the budget to implement it.
CMS and Class Concepts
Cybersecurity professionals should be able to identify the differences between CMSs that are used for public or private use. While the technology is identical in most situations the information it captures is different. It is important for private and public organizations to identify the types of data they need to collect. This will help them determine if the CMS they are using is appropriate for use by a public or private entity. HIPPA, for example, would be a public government law and standard that CMSs should follow in regards to storing HIPPA information on CMSs. If cybersecurity does not comply with HIPPA and other Federal laws, the inappropriate data within the CMS can be viewed as a legal violation. However, when CMSs are used appropriately in regards to HIPPA it protects patient health information and protects it from cyberattacks and data breaches. Private organizations, on the other hand typically pass down a set of procedures that worked during a previous time in the business and expect them to work well today. It does not usually turn out well for organizations with this strategy. It is also important to check the legacy software and the new solution to figure out what is best for the company. Usually, changing setting or installing an entirely new CMS is a better option for private and sometimes public companies.
Even though the majority of cyberattacks take place through network vulnerabilities or social engineering through computer terminals, CMSs are also a big target because it is where a large portion of the company’s client data is made secure. For example, acts of cyberterrorism may begin with hackers breaking into the CMS and gathering enough personal information on clients to steal their identities. They can subsequently make fake social media pages and websites that are authorized by the fake aliases and use them as recruitment centers for cyberterrorism and cybercrime. In order to protect the CMS against cyberterrorism and cybercrime it is essential for the system to be updated and staff trained to identify parts of the CMS that appear to be compromised.
CMS can be installed on the same system architecture as supervisory control and data acquisition (SCADA) controls and programmable logic controllers (PLCs), which can lead to vulnerabilities. Hackers do not have a direct shot at the SCADA or PLCs without having the authentication to access them. If they are seeking to gain unauthorized access, they will have to find a vulnerability within the network and exploit it, use social engineering to get access to employee’s computers, or cyberattack the CMS. Therefore, it is critical for the protection of critical infrastructures that all aspects of system architecture are updated, which includes a dependable CMS.
CMS can be targeted by both state and non-state actors. It is probably easier to gain access to networks from breaking authentication or using social engineering, but if a CMS is compromised hackers can gain a lot of access to client personal information. It can be more challenging for hackers to initially break into the CMS, but if they ever do, they would find where data is stored on the CMS or if it has been sent to servers or other storage locations.
CMS may be more likely to be compromised by an insider threat than any other threat agencies. If a staff member has the authority, authentication and access to the back-end of the CMS, they will know how the company stores its client data and it would be made available to the insider threat. It is important for companies to hire ethical personnel for having access to the CMS and trust that they will not do anything with client personal data. What makes the insider threat dangerous is that they can compromise data without managers and executives seeing it take place. They would essentially be a zero-day attack for as long as they wanted to be. The insider threat would only have to worry if the management generates a report on their activity and can see the numerous times the employee has opened profiles without reason, many managers would terminate the employee because they have the potential to be an insider threat or they are already doing so.
The most efficient way for a hacker to get to the CMS is through other parts of the system architecture, Spear-phishing is a common social engineering technique that is effective in gaining authentication details from employees. Once the hacker has the ability t0 move from system to system, they will eventually get to a point where they would need to enter authentication details for entering the back-end of the CMS. If the hacker already has this information they can simply enter and see data in storage. This occurs more frequently than cyberattacks taking place on the front-end of the CMS, it is also possible for hackers to use malware and ransomware on the CMS or other components of system architecture.
Recent CMS Cyberattack
According to researchers at Imperva, they have discovered a highly sophisticated botnet which is responsible for compromising hundreds of thousands of CMSs on company computers (Spadafora, 2020). The threat agent has not been successfully mitigated yet. The botnet is called KashmirBlack and it has been around since November of 2019. Its technical capabilities have increased over time, creating a snowballing affect for the botnet that allows it to compromise CMSs on thousands of websites every day. KashmirBlack is most frequently found in the following CMSs: WordPress, Joomla, PrestaShop, Magento, Drupal, vBullentin, osCommerce, OpenCart and Yeager.
KashmirBlack targets the most frequently used CMSs. It targets vulnerabilities in system servers on system architecture on as many CMSs as they can worldwide. It has been discovered in more than 30 different countries. Its infrastructure includes a server as the main point of directing malicious code to over 60 other servers that cyberattack CMSs in a variety of territories. It is a serious threat because the botnet has the ability to quickly replicate itself and spread to other infrastructures in a short amount of time, the botnet can also execute brute force attacks and install backdoors to CMSs. The botnet focuses on outdated CMSs with server vulnerabilities, which is more common than many may think.
Cybersecurity analyst have not yet affirmed where the botnet organization and which state or non-actor has deployed it. There is some intelligence on one of the hackers with a social media handle of “Exect1337”. Analyst are suggesting that this hacker is a part of an Indonesian hacking group-Phantom Ghost. There is more research taking place in order to determine if Phantom Ghost is responsible for KashmirBlack which is the most devastating cyberattack on CMSs over the last year.
Mitigation and Security Policies for CMS
In order to mitigate KashmirBlack and other viruses that attack CMSs it would be helpful to look for data in the opensource. There may be another person or organizations that has come into contact with the virus and have some advice as to how to mitigate it. Trying to figure out where the virus exploits systems may be a good place to start. If there is no information in the opensource it is still important to implement a mitigation strategy. First it is important to isolate the virus whenever possible, go through an identification process where intelligence can be collected on the virus, and then implement a strategy of removing the malicious code.
The following mitigation steps will remove KashmirBlack from any CMS: (1) disconnect infected devices from the network, (2) block all outbound traffic to external networks, (3) update filters on routers, firewalls and other networking equipment, (4) review log files to identify the threat agent’s point of entry, (5) examine internet browser history and files downloaded, (6) conduct a forensic examination, (7) backup all files, update passwords and encryption, (8) if necessary, apply security patches to the infected computers and networks, (9) clean all infected systems, re-connect devices to the network and monitor traffic, (10) notify staff of any data breach, (11) submit a report. This is an effective mitigation strategy to remove viruses that have the ability to replicate themselves. Once everything is put back online it is important to monitor traffic for awhile to ensure that the threat agent has been removed.
After a report has been sent to management and executives, the next step is the creation of new security policies for the CMS and other components. All businesses that use CMS are targets for cyberattacks and social engineering scams. Spear-phishing is by far the most frequently used method of a hacker getting to the back-end of a CMS. Once the hacker has the credentials CMSs are not difficult to compromise. Therefore, they need strong security policies to support them. Protecting data is a much more difficult process that involves the daily allocation of resources, cybersecurity staff that know and excel with roles and responsibilities, and an ongoing commitment to identifying risk and threats as early as possible.
Companies with effective security policies will demonstrate the following: the ability to identify what technology is needed for business operations and train authorized employees accordingly, clarify resilience requirements, build a secure infrastructure, continuously validate recoverability business requirements, use content filtering, backup critical data, devise an offline recovery strategy, prevent corrupt backups, and have a flexible policy structure that can be changed in different directions every day.
Companies can also stay safe by using network segmentation, ensuring that all systems are patched and updated, the ability to constantly monitor traffic, analysis and investigation of CMS and other components, use multi-factor authentication, have data loss prevention solutions, incorporate a strong encryption strategy, determine how to safely move data from one place to another, scan for vulnerabilities, and block access to external ports during monitoring.
When implementing a new or patched CMS it is important to follow any government regulations. Look out for any type of ransomware or malicious code that tries to hijack systems in exchange for currency. Ensure that intrusion detection prevention systems (IDPS), firewalls and other security technology have the proper settings. It is also important to have Advanced Threat Protection (ATP)(which includes network devices, email gateways, a management platform and malware protection). APT solutions give the company the ability to prevent, detect, and mitigate threat agents.
When updating security policies, one of the most important features is how employees should behave regarding the CMS and other technologies: never download anything on company assets, notify IT or Cybersecurity if they notice anything malicious, never click on suspicious links through email, not to login to any personal accounts, never share credentials, avoid using flash drives if not related to work.
CMSs and Multinational Policies
Companies and governments need to consider the development of policies and treaties after they conduct a mitigation and develop new security policies. Richard Clarke in his book, Cyberwar, claims that large state actors have the ability and responsibility to create treaties in order to prevent cybercrime between two or more countries. Since CMSs are a major target, they should be considered when creating national and multinational treaties. If entities within different companies collaborate on security policies it can increase the protection of CMSs on all system architectures. Countries should consider the development of multinational policies due to the fact that cybercrime has become an international issue.
Personal Experience: Comparative Study between Ning, Sox Box and WordPress
As mentioned earlier in the research paper, I have experience with a lot of different CMSs. The three I would like to focus on are Ning, Sox Box and WordPress because I learned valuable lessons working on these three platforms. Before engaging in comparative study, I think it is important to make a distinction regarding the type of CMSs that are available. Most of them are designed to store user-generated information, and others are used to assist users with the development, publishing and sharing of user-generated content. I also think it is important to note that CMSs are common and most people interact with them every day because any technology that can manage bank card information, there is a CMS attached to the technology. When we pay to pump gas, grocery shop and order things online there is also a CMS at work. It is up to Cybersecurity, IT, upper management and executives to decide on the right CMS solutions, how to implement it within the business, and how to ensure that it can function properly at all times.
My CMS experience was with Ning 2.0. I never had the opportunity to use the 1.0 version but from what I have read about the company they are similar to each other and the later version rolled out very quickly. The first thing that made me drawn to Ning is its name. “Ning” stands for “peace” in Chinese. There was something comforting about knowing that while working on Ning 2.0. Another thing that I found striking about Ning 2.0 is that there was very little options for customization in regards to web site visuals and assigning roles for others on the back-end. All websites that used Ning 2.0 for CMS looked similar in design. Many web developers and designers tried to use CSS in order to make their websites have a different look, but they were all unsuccessful to a certain extent; after they add their original CSS code their websites still look like any other on Ning 2.0, just with a little bit better visual. In the Ning community forum the lack of customization was frequently discussed and became one of the major reasons why users were migrating their websites to other infrastructures. Even the most popular websites on Ning 2.0 migrated to WordPress in order to gain more customization.
In 2008, I knew very little about web design. Ning 2.0 became my way of closing the skills gap between me and seasoned web developers on the platform. It was extremely easy to use. All the user has to do is sign in with their authentication information and they will automatically be directed to a limited version of the infrastructure’s back-end. In the back-end environment you can see the database where the CMS has stored names and profile information on every user. It also provided the opportunity to drag and drop new features into the website. However, it did not provide complete access to the website’s source code. An API key can be requested to gain broader access to the website’s code, but this became one of the most frustrating aspects about using Ning 2.0 as a CMS. It is also one of the main reasons why everyone’s website looked the same.
When Ning was ready to have a Beta launch of its 3.0 service, users were excited because they thought the company would release a more customizable CMS. Unfortunately, the new CMS was still limited, all web sites still looked the same, and they even removed some of the features like the ability to upload videos. Ning offered a migration process from transferring 2.0 websites to 3.0, but they had a difficult time with it and it was delayed by several months. At this point, all of the most popular websites were leaving Ning and going to a different CMS (most of which moved to WordPress).
After experiencing two different versions of Ning’s CMS I would like to assert that I would not recommend using their SaaS for professional use. It may be a good platform for a person or company with a small niche audience, but for everyone else Ning’s CMS is not worth the price and fails to give users the functionality that they are looking for.
On the other hand, some CMS solutions perfectly correspond with business needs. I would highly recommend the use of Sox Box cloud-based solution for anyone that is managing a food bank. When I was hired as a Program Assistant for a company with a Food Pantry department, I had no idea that there were so many pieces of information that needed to be stored. The problem was that the pantry started off as a small operation for the Jewish community in St. Louis; however, the company decided to expand in order to serve the general population as well. I believe the company did an excellent job in fundraising for this expansion, which included a large grant from the United Way. I wish the company would have used some of the grant money for information security purposes sooner. Over time we found ourselves working in a large operation without a CMS that organized business operations and data.
We used ETO solutions as a CMS for entering the number of families we served, in order to generate reports for managers. However, there was no CMS for appointment scheduling, USDA eligibility documentation, as well as accounting and distribution of inventory. All of these data points were expected to be stored on paper or ETO. The company knew that in order to serve the 7.000 families we were able to distribute products to each month, we needed a robust CMS in addition to ETO solutions.
Sox Box became our online cloud solution and I would recommend the SaaS because it is fully customizable for any data metric that a food bank may need. After we made adjustments to the CMS, we found that business operations required almost no paperwork; everything could be stored and encrypted in the cloud. Our operations had products donated from private sources and government through USDA. Sox Box could handle the documents and metrics for both types of products and give us the ability to provide management with detailed reports with more accurate information than using ETO solutions alone. The company managed other services through which they managed data in ETO, but the Food Pantry no longer needed it because it had found the perfect CMS solution through Sox Box.
WordPress CMS has many different features, can be used in a variety of ways for individual or professional services. Where Ning has limited customization, WordPress offers seemingly unlimited customization through web design and CMS settings. WordPress is mostly used for e-commerce and digital content creators but it can also be used as an online CMS for other business purposes. Between 24% and 30% of all websites for business use WordPress as their CMS. Unlike other options for CMS, WordPress has a dashboard that gives access to all components on the back–end including all source code. On the left side of the dashboard area links to all the parts of the CMS for customization. On the right of the dashboard are windows that show the part of the CMS that is being edited. Every project that is created using WordPress as a CMS has a unique visual design that can be distinguished from others using the same platform.
WordPress excels at providing a CMS system for digital websites and blogs. It makes it convenient for the user to create, publish and organize data. It gives the user the ability to use custom templates, buy templates within their infrastructure or create an original design through HTML and CSS. When other users sign up for the website it will log their username, name, and email addresses; however these fields can be adjusted to add more or less data There is no need to request an API key because all of the source code is available and is organized into folders that can be edited at any time.
WordPress is a free download that is easy to install and use. It has a user-friendly interface to direct users to the parts of the CMS that needs to be adjusted. A person without coding skills can still use the CSM and create an original platform. WordPress also provides free updates whenever people within the opensource create a new one. One of the best features of using WordPress is the ability to download and install plugins that adds new features to the CMS. There is also the ability to assign roles and access to other collaborators which helps the RMF process.
Conclusion
Nearly all businesses need some form of a CMS. If it is an online business then WordPress is the best solution for the company. For all other types of businesses, it is important to do research in order to find a CMS that matches the businesses’ need or one that can be customized to do so. CMSs are used everyday and still remain targets for cyberattacks because they contain a lot of client personal information. Adding technical solutions especially those based in encryption can make CMSs even stronger. It is also important to note that companies should not feel locked into using a particular legacy CMS, there is always another option that will be more fitting; all it takes is the backing up of data, creating an export file, and importing the file into the new CMS. At this point the company would have all of its previous data stored on the new CMS. It is important to note that CMSs can be complex depending on the solution that companies choose. However, when they find one that fits the business it is going to increase productivity because a good CMS selection will be a supportive technology that can make running a business a more efficient process.
Conclusion: Practical Experience
Today I feel like I know many things I need to know in order to use a CMS as a web-based solution. However, getting to this point was far more difficult than I could image when I started. I find it interesting when I go to YouTube and I see video advertisements for website builders that are not WordPress like Wix and Joomala. These other CMSs are good for people with small audiences and who do not need a lot of customization with their website. The truth is that many of these solution function like Ning 2.0 and 3.0 services. Many of their design templates look similar, which causes many user’s websites to look identical. They may be good options for the right person or organization, but I would like to assert that using WordPress is better because it is free to download, customize and launch a web project that is unique. For every person that has seen one of their advertisements, I wish they would be able to experience a WordPress.org commercial; however, since it is an opensource project there probably are no commercials for it. WordPress.org is the CMS that I recommend for all users. There is another version called WordPress.com but they are really for individual bloggers. For writers that want to use a CMS to create a business, I would highly suggest downloading WordPress.org. It would save users a lot of time and money if they would decide to work with WordPress from the beginning.
As a cybersecurity student that is interested in learning as much as I can about the subject, I also plan to use my experience to write articles about cybersecurity. When I read articles about the academic concept of cybersecurity, many analysts are projecting that the major will become much more popular over the next 10 to 15 years because of all the innovations made in the internet of things (IOT), and the accessibility of smart devices, all of which need security in order to give users privacy when they are using their products. I am currently working on only one blog with multiple writers. It is an arts and entertainment website that uses WordPress as the CMS. I’ve been an arts critic since undergraduate school, much of my content is focused on artistic areas. However, I also have a strong desire to learn about technology and cybersecurity. On the same blog, I write articles on cybersecurity because it is the part of entertainment that ensures that intellectual property, technical productions and any part of a performance that uses tech should understand how to protect their creative data. A good example would be the 2014 hack of Sony Pictures by North Korea due to the fact that the film studio was producing a movie that satirized their leader Kim Jong Un. The cyberattack not only compromised the film, but it also breached a lot of company private information like emails and management reports. While Sony never released any information regarding the cybersecurity measures, they had implemented at the time, it is same to assert that the studio needed to strengthen its networks, perhaps with a more secure CMS, network security and system architecture. My writings are about how cybersecurity will impact all of the fields within arts and entertainment, and I make recommendations on what readers can do to make sure their devices are secure. It may seem like it is too early, but I know that cybersecurity will be a major part of popular culture going forward because there are over 3 billion smart technology users today. This number is going to continue to raise and I think that people that work in arts and entertainment are going to need to know about security solutions as their productions become more dependent on complex lighting and sound equipment for stage plays, TV shows and films. Cybersecurity, particularly encryption supported CMSs can play a major role in reducing the cyberattacks that we’ve seen like the one at Sony, and those that are constantly going on today. I would like to be at the forefront of discussing how cybersecurity can impact creative fields.
Throughout my pursuit of a master’s degree in cybersecurity, I think one of the most important messages that I have learned is that cyberattacks are constantly occurring and they have seemingly reached a point of no return. At this point, every day there will be attempts by state and non-state actors to target organizations and governments. It is up to cybersecurity professionals to reduce risk and promote the confidentiality, integrity and availability of data. Selecting a good quality CMS is a good first step for any individual or company that is looking to build an online presence, especially if they plan on monetizing and securing their content.
I would like all computer users to have security and privacy. However, my interest in creative disciplines come from my previous experiences as an actor and director in high school and college, as well as being an amateur playwright and screenwriter. At the same time, I am equally interested in cybersecurity and technology. My plans are to combine both of my interest through writing and see if I can get out ahead of the future of cybersecurity being more frequently discussed in creative circles. I am desperately trying to create a type of content that has never been seen before; one that is part tech, part art, part culture and influence. I would not be able to get my articles published and shared without a good CMS like WordPress. I am looking forward to what I can create as I am combining my creative and tech interest together; hopefully it will lead to something informative for my current audience.
I would like to assert that anyone that has an interest in an idea that they want to share on the internet through websites (and some other portals), it is possible to do so by following a few steps: (1) develop an idea, (2) buy a website domain, (3) download WordPress.org, (4) buy a web hosting plan, (5) use a design template or hire a designer on a service provider like Fiverr.com, (6) share your ideas with the world. It is also important to never underestimate or take for granted that the CMS will always work perfectly. Remember to keep it updated in order for the website to run to the best of its abilities (WordPress will notify users when updates are available).
References
Abramoff, C. S., & Blumenthol, L. D. (2010). User interface for a digital content management system. USPTO. doi:https://patents.google.com/patent/US8548992B2/en
Baxter, S., & Vogt, L. C. (2003). Content management system. CGI Technologies and Solutions Inc. doi:https://patents.google.com/patent/US6356903B1/en
Chambers, G. C., & Tefft, B. R. (2008). Advertising content management system and method. USPTO. doi:https://patents.google.com/patent/US20080126515A1/en
Chatterjee, S., Ericcson, G., & Clark, R. (2001, September 28). Method and system for using file systems for content management. Retrieved December 18, 2020, from https://patents.google.com/patent/US6826582B1/en
Dabney, M. B., Hill, D. T., Trujillo, L. M., Washington, M. M., & Lee, R. G. (2004). Method and system for operating a content management system. USPTO. doi:https://patents.google.com/patent/US6643663B1/en
Dan, N., & Brown, A. C. (2003). System for web content management based on server-side application. USPTO. doi:https://patents.google.com/patent/US6560639B1/en
Downs, E., Gruse, G. G., Hurtado, M. M., Medina, C., & Milsted, K. L. (2007). Secure electronic content management system. USPTO. doi:https://patents.google.com/patent/US6574609B1/en
Herrington, D., Manolis, E., Wright, P., Climan, D., & Quek, H. (2004, July 23). Personalized content management and presentation systems. Retrieved December 18, 2020, from https://patents.google.com/patent/US20050033657A1/en
Janik, C. M. (2001, August 7). System and method for providing content, management, and interactivity for client devices. Retrieved December 18, 2020, from https://patents.google.com/patent/US7130616B2/en
Liu, H., & Madhaven, A. (2010). Content-management system for user behavior targeting. USPTO. doi:https://patents.google.com/patent/US8180769B2/en
McKeever, S. (2003). Understanding Web content management systems: Evolution, lifecycle and market. Industrial Management & Data Systems. doi:https://www.emerald.com/insight/content/doi/10.1108/02635570310506106/full/html
Muyres, M., Rigler, J., & Williams, J. (2001, March 1). Client content management and distribution system. Retrieved December 18, 2020, from https://patents.google.com/patent/US20010010046A1/en
Parnell, T. C., Uzquiano, M. G., & Royston, S. C. (2003). Classification based content management system. USPTO. doi:https://patents.google.com/patent/US6647396B2/en
Seadle, M. (2006). Content management systems. Library Hi Tech. doi:https://www.emerald.com/insight/content/doi/10.1108/07378830610652068/full/html
Spadafora, A. (2020, October 26). This CMS cyberattack has affected thousands of sites worldwide. Retrieved December 18, 2020, from https://www.techradar.com/news/this-cms-cyberattack-has-affected-thousands-of-sites-worldwideDominic Richardson
I am a writer and cybersecurity professional