GIGW 3.0
-
Focus Areas
-
Quality
Quality criteria for websites/apps are essential to ensure a website/app is trustworthy, reliable and engaging for users. A website/app should be easy to use, accessible to all users, load quickly, have high-quality content, be secure,
optimised for mobile devices and have a visually appealing design. Meeting these criteria can help ensure a website’s success and make it stand out from the millions of websites/apps available on the internet. By prioritising these
criteria, owners can create a high-quality website/app that provides value to its users.-
Risks associated with non-conformity with quality guidelines:
Q.1 Websites/apps can have inconsistent and outdated content on a website/app if the responsibility and ownership of the website/app is not assigned to a person or team.
Q.2 People may not be able to get the information about the website/app.
Q.3 Without correct copyright policy, any information on the website/app may be copied, reproduced, republished, uploaded, posted, transmitted, or distributed without any consent.
Q.4 The overall quality of a website’s content can be degraded if the authenticity and relevance of the ‘linked’ information is not defined through hyperlinking policy.
Q.5 Without terms and conditions on websites/apps it is difficult to uphold and maintain the trust imposed on them by the users to the sites, the government websites/apps should not out rightly ‘disclaim’ the content of another government website/app.
Q.6 If Content is not selected keeping the audience in mind, people from diverse professional, educational and demographic backgrounds cannot easily comprehend the same.
Q.7 People cannot get the right information from the website/app if Content is not up to date, incomplete, inconsistent or scattered.
Q.8 Users cannot identify an authenticated government website.
Q.9 Websites/apps with poor design methodology may not be accessible with slow internet connectivity.
Q.10 Without feedback and help sections, users will not be able to participate in the improvement of website/app quality and the government organisation will not be able to get the information regarding problems faced by users.
-
-
Accessibility
Web accessibility means that people with disabilities can also perceive, understand, navigate and interact with the Web and that they can contribute to the Web. It encompasses all disabilities that affect access to the Web, including
visual, auditory, physical, speech, cognitive and neurological disabilities. The website/app should be designed and developed in such a way that they are accessible by all people, whatever may be their hardware, software, language,
culture, location, or physical or mental ability.-
Legal Provisions
The United Nations General Assembly adopted its Convention on the Rights of Persons with Disabilities on the 13th day of December 2006. India is a signatory to the Convention and has ratified the Convention on the 1st day of
October 2007. To implement the Convention, India has enacted the Rights of Persons with Disabilities Act, 2016 on 27th December, 2016. With regard to ICT, one of the important provisions in the act is that all contents
available in audio, print and electronic media must be in accessible format. -
International Guidelines and Standards (WCAG)
W3C’s Web Content Accessibility Guidelines (WCAG) covers a wide range of recommendations for making Web content accessible. Implementing these guidelines will make content accessible to persons with disabilities. Details are
available at https://www.w3.org/TR/WCAG21/.GIGW has been developed in accordance with level AA of WCAG 2.1 which are the latest guidelines on accessibility.
-
Risks associated with non-conformity with accessibility guidelines:
A1. Visually impaired people cannot access the content.
A2. People with epileptic may get seizures if the website/app has content which blink very fast.
A3. Hearing/Auditory impaired people cannot access the content.
A4. People with cognitive Disability cannot access the time dependent function/content which does not have pause/extend/back/ forward options.
A5. People with Locomotor/Physical Disability cannot access the whole content present on the website.
A6. If the content is not robust enough to be interpreted reliably by a wide variety of user agents, including assistive technologies, the content becomes inaccessible to large audiences suffering from different impairments.
A7. People who do not understand English language cannot access website/app content and services.
A8. The government organisation concerned can face legal actions as per national and international laws if the content of the website/app is not accessible.
A9. Labels or instructions are not provided when content requires user input, which jeopardises the security or purpose of the content.
-
-
Cybersecurity
Cybersecurity is the activity of protecting websites/apps from unauthorised use, access, changes, destruction, or disruption. website/app security can be a complex (or even confusing) topic in an ever-evolving landscape. GIGW provides
a clear framework for website/app owners seeking to mitigate risk and apply security principles to their web properties.It is important to keep in mind that security is never a set-it-and-forge-it solution but is a continuous process that requires constant assessment to reduce the overall risk. Sometimes websites/apps become unavailable due to denial-of-service
attacks or display modified information on their homepages. Millions of passwords, email addresses and credit card details have been leaked into the public domain exposing website/app users to both personal embarrassment and financial
risks. The purpose of website/app security is to prevent such risks.Website/app security requires vigilance in all aspects starting from requirements through design and implementation to testing and deployment. Organisations should implement appropriate security analysis, defences and countermeasures
for protection of a website/app against malfunctioning, phishing, cyber-crimes, or cyberattacks to avoid data loss of the organisations or customers.-
Risks associated with non-conformity with security guidelines:
S1. Malicious users can deface the website.
S2. Any harmful actor may get access to confidential information.
S3. The availability of the website/app can be hampered.
S4. The malicious user may change/modify the content on the website.
S5. Security failures typically lead to unauthorised information disclosure, modification, or destruction of all data or performing a business function outside the user’s limits.
S6. A file upload flaw allows an attacker to retrieve the password database. Security of web applications determine the protection needs of data in transit and at rest. Attackers can steal such information for example, passwords, credit card numbers, health records, personal information and business secrets require extra protection, mainly if that data falls under privacy laws, Personal data protection bill etc.
S7. An attacker monitors network traffic (e.g., at an insecure wireless network), downgrades connections from HTTPS to HTTP, intercepts requests and steals the user’s session cookie. The attacker then replays this cookie and hijacks the user’s (authenticated) session, accessing or modifying the user’s private data. Instead of the above they could alter all transported data, e.g., the recipient of a money transfer.
S8. Almost any source of data can be an injection vector, environment variables, parameters, external and internal web services and all types of users. Injection flaws occur when an attacker can send hostile data to an interpreter.
S9. Attackers have to gain access to only a few accounts, or just one admin account to compromise the system. Depending on the domain of the application, this may allow money laundering, social security fraud and identity theft, or disclose legally protected highly sensitive information.
S10. Security flaws can be used to extract data, execute a remote request from the server, scan internal systems, perform a denial-of-service attack, as well as execute other attacks. The business impact depends on the protection needs of all affected applications and data.
S11. Attackers acting as users or administrators, or users using privileged functions, can create, access, update or delete every record.
S12. Security misconfiguration frequently gives attackers unauthorised access to some system data or functionality. Occasionally, such flaws result in a complete system compromise.
S13. The impact of XSS is moderate for reflected and DOM XSS and severe for stored XSS, with remote code execution on the victim’s browser, such as stealing credentials, sessions, or delivering malware to the victim.
S14. While some known vulnerabilities lead to only minor impacts, some of the largest breaches to date have relied on exploiting known vulnerabilities in components.
S15. Most successful attacks start with vulnerability probing. Allowing such probes to continue can raise the likelihood of a successful exploit to nearly 100%.
-
-
Lifecycle Management:
Maintaining a website/app is just as important as developing it because a website/app is a dynamic entity that requires regular updates and monitoring to remain relevant, functional and secure. Without proper maintenance, a website/app can become vulnerable to security breaches, performance issues and content that is outdated or irrelevant, which can negatively impact the user experience and drive away potential visitors. Regular maintenance can help prevent security breaches, ensure functionality, keep content up-to-date and optimise the website/app for search engines. Therefore, website/app life cycle management, including ongoing maintenance, is crucial for the success and longevity of a website.
After launching a website, ongoing maintenance is essential to keep the website/app up-to-date and functioning properly. This involves updating website/app content, monitoring performance, ensuring security, fixing bugs and errors and optimising the website/app for search engines. Establishing policies and procedures for website/app maintenance is important, including a change management process, backup and disaster recovery plans, security policies and a content management plan. Regularly monitoring the website’s performance, user engagement and search engine optimization is crucial to ensure that the website/app is meeting its objectives and to identify areas for improvement.
The risks already identified under ‘Quality’ are also associated with the non-conformity of the Lifecycle Management guidelines.
-