OCIONEWSLETTER Issue 11 • April 2013
SPOTLIGHT
Course Delivery with Interactive Sessions Using DEC Computing Labs Duncan Wong, Jiying Wang The new 4-year curriculum presented many challenges while providing opportunities for exploring new teaching and learning methods. In the new Year 1 curriculum for the College of Science and Engineering, all students took an introductory computing course as one of their college requirement courses. “CS1102 Introduction to Computer Studies” aims to provide an introduction to computing concepts, skills and the technologies behind the Internet. Students were introduced to software tools, web content scripting and basic computer programming. No prior programming or computer science experience would be assumed.
Delivery Philosophy towards Achieving DEC In this course, we pioneer a new course delivery method in support of the DEC. This is based on the philosophy of reinforcing concepts and skill a student learnt in class with practice and exercises which encourage innovation in a lab environment. Lecture materials are accessible on the eLearning system and also through the open Internet. The lecturer presents key concepts and facilitates the students’ learning in classes. To ensure students’ understanding, lab exercises are designed for students to apply the concepts and skills, while at the same time to nurture their inquisitive attitude. These lab sessions also serve to stimulate innovation and encourage student to actively interact with each other and with the tutors. To achieve the DEC’s emphasis of discovery, innovation and creativity, we believe that one of the key factors is to encourage the interaction, not only between students and lecturers, but also among students themselves. We believe that learning can be enhanced when it is
2
OCIO NEWSLETTER
INDEX SPOTLIGHT 1
Course Delivery with Interactive Sessions Using DEC Computing
FEATURE 4
Engaging Students in Geographically Distributed Classrooms through Echo 360 Livecast – Part 1
10
Web Accessibility at CityU
14
Design for Mobile Web
16
E-Learning Championship Series (2) -- Ideas from Teacher and Student: Lecture Capturing is more than Lecture Capturing
DISCOVER & INNOVATE 8
CityU Tour – 360 Degree Panorama of the Campus
BRIEF UPDATES 5
Brief Report on CityU Blackboard User Group Forum 2013
7
Computerworld Names CityU’s Andy Chun to Premier 100 IT Leaders for 2013
IT SECURITY AWARENESS SERIES BY JUCC 12
Social Engineering
STATISTICS AT A GLANCE 18
Flipped Classroom Survey Results
IT TOOLS 20
The purpose of CS1102 Lab Sessions is to facilitate the learning experience of students on computer programming and computer system development. Through hands-on exercises, students learn and discover how computer systems or software applications are being developed. The students also enhance their problem solving capabilities and creativity on realizing their ideas through computer programming.
Using Pinterest for Education
more of a team effort than a solo race. More efficient and effective learning can be accomplished in interaction and collaboration, instead of competition and isolation. Based on this principle, we tried to organize our cs1102 Lab sessions into a dynamic and engaging environment, in which students could freely discuss with each other and liberally consult the lecturers.
Figure 1. Students were working together and exploring interesting software tools and computer programming
The newly designed “DEC Computing Labs” in AC2 facilitate “flip classroom” mode of teaching and nicely meet the needs of the lab sessions for the course. These rooms have been designed as a student-centric learning space that gears towards teamwork, collaboration, and sharing. The design of these labs allows students to easily interact with one another in designing their programs, while instructors can easily navigate between teams to give guidance and directions.
DEC Computing Lab Sessions In each Lab Session, we provided a notebook computer to each of the students. The student downloaded a Lab Sheet and some sample computer codes from the Blackboard, then followed
the guidelines and instructions provided in the Lab Sheet to complete various tasks using the notebook. In each Lab Sheet, there were “Progress Checkpoints”, at which students had to ask our student helpers to check and sign so that we could keep track of every single student’s progress and provide assistance effectively. The students also needed to complete an “Exit Test” at the end of each Lab Session. The Exit Test summarized all the materials that the students learnt in the Lab Session. We also gave some additional materials at the end of each Lab Session so that students could further study and discover some new information and knowledge based on the directions given in the Lab sheets. The DEC rooms are also equipped with flat-panel TVs and Node chairs. The movable node chairs allow for reconfigurable groups and session arrangements. The students enjoyed the chairs, and the classroom is so much more dynamic and helps facilitate DEC “flip classroom” model of projectbased teamwork-based teaching and learning. Nevertheless, this
Figure 2. Students were discussing and exploring computer graphics concepts
Issue 11 • Apr 2013
was the first time this course was run, and the first time the rooms were used, and there was room for improvement. For example,the current DEC rooms are a bit too small to accommodate 35 students in one class, especially with the lecturer and helpers moving from team to team to mentor/facilitate their work. Either a smaller class or a larger room will make teamwork more effective, as the Node chairs are bigger than conventional ones. To encourage discovery based teaching and learning, each student also needed to work with other classmates on some joint Lab assignments. During such a Lab Session, the students discussed with each other, and tried out the tasks given in the Lab Sheet together. Through active discussions, they worked out some solutions to the assignments, and implemented their solutions using the computer programming techniques they learned in the course and carried out various experiments to test their ideas. Besides the notebook computers, the students also made use of the flat-panel TV sets installed in the DEC Labs in their group discussions and assignments. In some of the Lab Sessions, students also worked with other electronic
Figure 3. Students were designing their computer programs and sharing their ideas
devices, which included Microsoft Kinects and Android tablets. We provide detailed instructions and sample codes to the students so that they could develop some software applications for those devices. The real experience obtained by the students through these Lab assignments was very important and beneficial to students. We were pleased to see that the results of these Lab Sessions were very positive and the students enjoyed those Lab Sessions very much. We believed that through the running of these Lab Sessions, the interest and knowhow on computer science and computer programming of the students had both been enhanced in an effective way.
- “It covers different practice on lab session (html, java script, android java, etc). It’s a good guidance and clues for student to discover more by themselves.” - “There was a robot competition that everyone in the class was required to make a robot with the provided software and compete with the whole class. It was an amazing and exciting experience that everyone was so attentive in making the best robot they had to compete with each other.” - “Programme codes are learnt for making webpages and games. Very interactive.” - “Seeing the newest technology nowadays in class.” - “The information about the latest technologies encourages students to think about future.” - “The lab is fun.” - “The labs are interesting.”
Feedback from Students We gained some interesting feedbacks from the students in the Teaching and Learning survey. Some of those related to DEC are quoted below. - “The laboratories class is really interesting. Every time when I attend the laboratories class I feel very exciting. This class is very meaningful, it let me know more things about computer and broaden my horizon.”
Having run the course in this mode for one semester, initial feedbacks and experience were encouraging. The Department aims to continually review and enhance the course contents and delivery to achieve full potentials of the method and the DEC lab facilities, and to share the experience effectively with interested parties.
Figure 4. While students were working hard on their computing skills, they were also having fun through interacting with the computer applications they built
3
4
OCIO NEWSLETTER
FEATURE
Engaging Students in Geographically Distributed Classrooms through Echo 360 Livecast – Part 1 K P Mark
Classroom capture technology has long been employed to facilitate flipped classroom activities, e.g. lecture review, student presentation and pre-classroom briefing activities in CityU with Echo 360 classroom capturing solution. Echo 360 is a complete class recording system that captures instructors’ voice, facial expressions, gestures, Powerpoint presentations, whiteboard, or in short, everything used in classes for teaching so as to offer learners a comprehensive and unabridged lecture. To fully utilize the power of Echo360 LiveCast, the e-learning team of the Office of Chief Information Officer (OCIO) has been working with the Department of Information Systems (IS) to conduct a pilot run on a research seminar series
(IS8003) across different campuses (Shenzhen and Hefei, China). Students enrolled in IS8003 included Hong Kong based IS research students and research students in Shenzhen and Hefei under CityU’s joint programme with partner institutions in China. IS8003 was conducted weekly in Hong Kong during the semester. To ensure that all students across different locations were having the same level of learning experience, IS8003 had been broadcasted to remote locations with video conference technology using ISDN solution. The e-learning team launched a pilot run of IS8003 simultaneously in Shenzhen and Hefei on 22 January 2013. Prior to the pilot run, the e-learning team had been working hard with the IS staff and research students to fully test the
solution in Hong Kong and Shenzhen to achieve an optimal setting. To provide training and on site support to the local students and staff for the first LiveCast event in Hefei, one member from the e-learning team visited the Hefei campus and worked together with local students and staff for the LiveCast.
Hefei students and staff working with the e-learning team in OCIO to prepare for the first LiveCast
Issue 11 • Apr 2013
BRIEF UPDATES
Brief Report on CityU Blackboard User Group Forum 2013 Crusher Wong
A question posted by Dr. Paula Hodgson
Annual CityU Blackboard (Bb) User Group Forum began with clapping of over 50 participants from CityU and other local tertiary education institutions in the morning of 6 March 2013. Being mindful of the tight schedule of the forum, Professor Shuk Han Cheng, Director of Education Development and Gateway Education, gave a short opening address to state this year’s theme of the forum – From Student Engagement to Active Learning. Flipped classroom implementation using Echo360 lecture capture solutions was the focus of the first talk. Professor Doug Vogel (IS) and Dr. K P Mark (OCIO) shared their experiences on the application of Echo360 in assessment of student presentations and IS research seminar live cast to campus in Shenzhen and Hefei. In the same session, Professor Jane Prophet (SCM) provided a 7-minute Echo360 capture to demonstrate how short video lecture could be produced in a hotel room (since she was on a
A view on teaching performance evaluation expressed by Dr. Eva Wong at Hong Kong Baptist University
conference trip during the forum) as pre-class study material. Every year we invited a colleague from another institution to keep us posted on the e-learning development in Hong Kong. Dr. Theresa Kwong revealed the trial process of outcomes assessment using Blackboard Outcomes System at the Hong Kong Baptist University. As a long term Blackboard user, CityU had examined the Outcomes System but uncertainties remained. Let’s see if we can learn more from HKBU on outcomes assessment in the near future. Discovery-enriched Curriculum (DEC) was invented at CityU to put emphasis on supporting discovery and innovation by students. Hence, DEC Lab was introduced to enhance student engagement and stimulate creativity in class time. After a briefing from Mr. Edmund Lau (OCIO), Professor Lilian Vrijmoed (BCH) and her students virtually came to the event via Echo360 Live Cast from the DEC Lab in Academic
2 building. Her students confidently delivered their findings in shark fin trade research when Professor Vrijmoed interviewed them one by one. New development from Blackboard Inc. was always expected in User Group Forum. When social learning cloud service was included in Bb 9.1 SP10 and above, the social learning features had been released in very few client institutions. Ms. Francesca Goneconti from Bb Inc. illustrated the roadmap from Blackboard to make Bb social learning cloud service a worldwide learning network at the same level as Facebook being the social network and Linkedin being the professional network. A short video at http://youtu. be/1CMATBAkj4E will help you learn more. In the last session, Mr. Gilbert Ho from APPLE promoted the Challenged-based Learning scheme where students identified a real world issue and tried to resolve it by taking actions
5
6
OCIO NEWSLETTER
Dr. Theresa Kwong illustrating outcomes assessment process at Hong Kong Baptist University
Mr. Gilbert Ho highlighting students’ transformation to active learners during participation in APPLE Challenge-based Learning scheme
Professor Doug Vogel sharing his experience on flipped classroom
accordingly. An example on YouTube (http://youtu.be/ jz4X3jVWDh8) illustrated how this framework helps students “to develop deeper knowledge of the subjects students are studying, accept and solve challenges, take action, share their experience, and enter into a global discussion about important issues”. We would work with APPLE to support CityU students to participate in this scheme. After 2 hours of talks on stage, participants and
presenters all gathered for more discussions during the light lunch. The CityU Bb User Group Forum 2013 was coorganized by the Office of the Provost, the Office of the Chief Information Officer, and the Office of Education Development and Gateway Education at City University of Hong Kong. The event was running in parallel with e-Learning & m-Learning Mini Fair under the CityU Discovery Festival 2013.
Professor Shuk Han Cheng, Director of Education Development and Gateway Education, giving an opening address
Issue 11 • Apr 2013
BRIEF UPDATES
Computerworld Names CityU’s Andy Chun to Premier 100 IT Leaders for 2013 Office of the Chief Information Officer (OCIO)
Dr. Andy Chun, Chief Information Officer (CIO) at City University of Hong Kong, has been selected as one of the Computerworld Premier 100 IT Leaders for 2013. Organized by IDG’s Computerworld, this international awards program recognizes 100 technology and business leaders from a broad range of organizations who have displayed exceptional leadership, effectively managed IT strategies, established creative work environments and implemented innovative approaches to business problems. Dr. Chun commented: “This award really belongs to the collective effort and dedication of the entire CityU community. It is recognition of our unique and innovative culture of using technology to provide the best education possible for our students. The award reconfirms CityU’s continued leadership in the higher education space. Being recognized by global ICT peers is truly a great honor.” Dr. Chun was recognized for his role in driving innovation and providing IT leadership in transforming the University to
Dr. Andy Chun receiving the 2013 Computerworld Premier 100 IT Leaders Award at Tucson, Arizona, from Ms. Julia King, Executive Editor at Computerworld.
achieve its unique “Discoveryenriched Curriculum”® and its “Discover & Innovate @ CityU”® vision; creating a technologyrich environment to nurture 21st century innovative thinkers and leaders. Over the past few years, Dr. Chun has received numerous CIO awards. In 2012, he was selected by his peers as the Hong Kong CIO of the Year for medium enterprises. In 2011, he was selected as one of the 2010 Top 5 CIOs in Greater China in the annual Top China CIO Awards organised by leading IT professional associations in mainland China, Taiwan and Hong Kong. “The Premier 100 awards program showcases the exceptional work of a dedicated group of senior IT leaders who are driving huge change in their organizations,” said Scot Finnie, editor in chief of
Computerworld. “Every day, these exemplary business leaders make strategic technology decisions that track to their organizations’ top priorities. These men and women keep a keen eye on the changing landscape of political, economic, regulatory and technology trends that are driving significant shifts in IT. We are very pleased to recognize the leadership and achievements of the 2013 Premier 100 honorees.” A panel of Computerworld editors and outside judges evaluated all the nominees and identified winners from more than 1,000 nominations across the industry this year. The Premier 100 awards ceremony was held during Computerworld’s annual Premier 100 IT Leaders Conference, 3-5 March, 2013, in Tucson, Arizona, where more than 350 influential senior IT managers share best practices.
7
8
OCIO NEWSLETTER
DISCOVER & INNOVATE
CityU Tour – 360 Degree Panorama of the Campus Vicker Leung
University Circle in CityU Tour, photo taken by KM YIU
CityU campus is expanding continuously to provide an even better learning and working environment for our students and staff. With the opening of the Run Run Shaw Creative Media Centre (CMC), Academic 2 (AC2) and Academic 3 (AC3) buildings, the campus has been expanded by a total of 60,000 square metres over the past 2 years. To assist our staff, students and visitors travelling around the campus, the Central IT has initiated a virtual tour project called CityU Tour.
time campus information to our users such as daily events, room availability, emergency routes, etc. That is why we have to implement our own solution, i.e. CityU Tour.
Building CityU Tour The very first step to create a virtual tour is to take photos at designated spots. To produce a gapless panorama, Google designed their own camera that is capable to capture a 360-degree photo in a single shot. It not only saves time in taking photos, but also minimizes the effort during postediting.
Alternatives from Google In 2007, Google launched Street View [1] that brought mapping to the next level by enabling users to virtually drive on the street by means of 360-degree panoramic imagery. It is further extended to indoor spots through their Business Photos program [2] in 2012. Google’s solution is feature-rich and mature. However, it may not be able to cope with our needs to provide real-
Once the photos are taken and well stitched into gigantic panoramas, we have to create paths between each of them so that users can virtually navigate around the campus.
For CityU Tour, though we are only using a consumer-grade DSLR with a fisheye lens, the output is exceptional with the help of computer software and handcrafted image stitching. Further than that, this affordable solution allows us to scale up the project, hopefully be able to reach every building, every floor and even every room in the campus.
The magic behind CityU Tour, DSLR with fisheye lens
Photo stitching by identifying key elements within sets of photos
Issue 11 • Apr 2013
AC1 University Concourse in CityU Tour, photo taken by KM YIU
Using Anywhere
Touring Everywhere
CityU Tour is desktop and mobile friendly utilizing a mix of technologies including Adobe Flash and HTML5. Users can simply use their favourite web browser to launch CityU Tour.
The current alpha release of CityU Tour only covers the path from Pedestrian Subway, through University Concourse to University Circle. In the upcoming release, it will also cover some key areas/ features of AC2 including CSC teaching studios, fast printers and Service Counter, etc.
Inside the 360-degree spherical panorama, they can freely pan or zoom at a spot. Making use of the mobile device’s gyroscope, CityU Tour can even pan automatically according to the users’ posture to produce a very different user experience.
Offices and departments which are interested in including their venues in CityU Tour may contact the Office of the CIO at cio@cityu. edu.hk.
CityU Tour (alpha release) Available on Desktop and Mobile http://go.cityu.edu.hk/tour
Reference: [1] Street View – Google Maps http://www.google.com/streetview [2] Business Photos – Google Maps http://maps.google.com/help/maps/ businessphotos/ Virtual paths for Academic 1 in CityU Tour
9
10
OCIO NEWSLETTER
FEATURE
Web Accessibility at CityU TAM Kin Hing
“The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.” Tim Berners-Lee, W3C Director and inventor of the World Wide Web
CityU Social Responsibility
WCAG 2.0
City University of Hong Kong (CityU), in fulfilling its social responsibility to care for the community [1], is committed to making its online information accessible to all people, regardless of abilities or disabilities.
WCAG 2.0 was published as a W3C Recommendation in December 2008, and was accepted as an ISO/IEC International Standard in October 2012 (ISO/IEC 40500). It covers a wide range of guidelines and recommendations for web accessibility, making web content accessible to a wider range of people with disabilities, including blindness and low vision, deafness and hearing loss, learning disabilities, cognitive limitations, limited movement, speech disabilities, photosensitivity and combinations of these. Following the guidelines also makes web content more usable to users in general.
The University websites contain a lot of useful academic information and research knowledge that may be beneficial to anyone around the world. It is essential that such information is easily accessible to people with diverse abilities, including those with disabilities and the elderly with changing abilities due to aging, thus providing equal access and opportunity for everyone.
University-Wide Web Accessibility Policy To ensure an adequate and uniform coverage of web accessibility, the Task Force on Campus IT Needs (TFCIT) at its meeting in September 2012 endorsed the University-Wide Web Accessibility Policy [2], which requires all University websites to comply with international web accessibility standards. Under this policy, all websites that are built, updated or revised must include reasonable efforts to conform to the Web Content Accessibility Guidelines (WCAG) 2.0 standard [3], and Level AA conformance [4], unless granted an exception by the CIO. This policy establishes minimum standards for web accessibility. Web developers are encouraged to go beyond the minimum whenever possible.
Web Accessibility Features through Template In 2011, CityU underwent its first ever wide-scale Web Redesign Project [5] to revamp all the websites of the departments, colleges, schools, and administrative units within the University, which covered over a hundred websites, spanning half a million pages. Through the use of centrally maintained web templates, each website has been facilitated with a rich set of accessibility features, including: • Perceivable content with sufficient color contrast and resizable text • Operable navigation through keyboard and mechanisms to bypass blocks through skip links and WAIARIA landmarks • Predictable interface by maintaining a high level of consistency across web pages and websites throughout the University
• Maximized compatibility among browsers, mobile devices, and assistive technologies like screen readers.
Web Accessibility within Content While the web templates delivered by the Web Redesign Project already come along with accessibility in mind, web developers and content providers have an important role to ensure their web pages accessible as a whole. Below is a list of some common accessibility issues which have to be done within web content: • Always use semantic markup, in a meaningful and correct reading sequence • Provide descriptive headings for each section • Provide meaningful text for hyperlinks • Provide text alternative for images • Provide captions or transcripts for video and audio • Provide descriptive labels for form inputs and buttons • Minimize the barrier of Flash and CAPTCHA • Minimize the number of links per page • Use the clearest and simplest language appropriate for the content • Avoid justified text that causes poor spacing between words or characters. In addition, as reported by WebAIMS in 2012 [6], the most
Issue 11 • Apr 2013
problematic items for screen reader users were ranked in the following chart, showing the overall rating of difficulty and frustration for each item. Web developers and content providers should be well aware of these potential problems:
For more reference, in 2012, the Office of the Government Chief Information Officer (OGCIO) has released the Web Accessibility Handbook, which also based on the WCAG 2.0 criteria. Web developers are welcome to reference to this easy-to-read guide with full of useful examples. Our CityU websites are also compliant to the OGCIO standards as well, since they are a subset of WCAG 2.0.
Web Accessibility Evaluation Tool For web accessibility evaluation, we recommend AChecker [8] for its simplicity and thorough alignment with the WCAG 2.0 standard. Simply enter your website URL and it is ready to go for accessibility review. All websites are recommended to clear the known problems, and revise those likely and potential problems.
Achievements and Awards
Moving Forward
With the joint efforts of the academic and administrative units and Central IT, our websites not only extended their reach to a wider audience, but also provided a better user experience to the average users. Our collaborative efforts towards digital inclusion was well perceived and won numerous international awards. For example, the University was named a “2012 Computerworld Honors Laureate” and one of the top 5 Finalists for the “21st Century Achievement Award” in Digital Access by the Computerworld Information Technology Awards Foundation, which was founded in 1988 to recognize those who use IT for the good of society and to change the world for the better. CityU also received the First Prize “2012 FutureGov Award” in Digital Inclusion, which recognizes excellence in projects that use technology to bridge the digital divide. CityU received the “2012 CIO Award” from CIO Asia for making exemplary use of technology and a role model for the IT community.
To essure and improve the quality of our web assets, continuous awareness and support from all parties is essential. Looking ahead, the Central IT will be actively seeking for every possible enhancement, while offices and departments should validate and update their web contents regularly. As a user, should you find any area of the University websites inaccessible or encounter any difficulty in use, please direct it to the OCIO (cio@ cityu.edu.hk) for investigation or referral.
References [1] CityU Social Responsibility, CityU http://www.cityu.edu.hk/usr/ [2] University-Wide Web Accessibility Policy, CityU http://wikisites.cityu.edu.hk/sites/upolicies/ wapolicy/ [3] Web Content Accessibility Guidelines (WCAG) 2.0, W3C http://www.w3.org/TR/WCAG20/ [4] How to Meet WCAG 2.0, W3C http://www.w3.org/WAI/WCAG20/quickref/ [5] Web Redesign Project, CityU http://www.cityu.edu.hk/redesign/ [6] Screen Reader User Survey #4 Results, WebAIM http://webaim.org/projects/ screenreadersurvey4/ [7] Web Accessibility Handbook, OGCIO http://www.ogcio.gov.hk/en/community/ web_accessibility/handbook/ [8] AChecker, ATutor http://achecker.ca/
11
12
OCIO NEWSLETTER
IT Security Awareness Series by JUCC With an aim to enhancing the IT security awareness of the CityU community, the KPMG was commissioned by the Joint Universities Computer Centre (JUCC) to prepare a series of articles on IT security and they will be adopted and published here for your reference.
Social Engineering I. Background Industry Story Ball State students fooled by phishing attempts The warnings about password protection from University Computing Services are simple and common sense, but somehow we look past them. 108 students’ accounts have been compromised in January 2011, representing a spike on the charts that rivals July’s chaotic phishing spree. Hackers are getting better at fooling us. Loren Malm, assistant vice president for Information Technology, said students need to stay accountable. The most recent attacks are coming from websites in the United Arab Emirates and Indonesia, but the hackers might actually be from anywhere and may have just hacked into these vulnerable websites. The e-mails warn students their webmail account has expired and urge them to follow a link to update and access their account. At second glance, it’s easy to see when an e-mail is being sent from an illegitimate source. See the article: http://www. bsudailynews.com/news/ballstate-students-foiled-by-phishingattempts-1.2435626 What is Social Engineering? Social Engineering is a technique used to trick an individual into giving up sensitive information that can be used in a malicious activity. The social engineer may use e-mails, voice messages, or even in person visits masquerading as a legitimate or trusted source. The basic goals of social engineering are the same as hacking in general, which is to gain unauthorised access
to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network. Typical targets include larger entities such as government agencies, research institutes and hospitals. Examples of security risks of social engineering include:
triggers of authority and diffusion of responsibility or moral duty.
• Machines falling into control by Hackers • Theft of credentials leading to financial loss and reputation damage • Launch of local attacks to the whole network • Bandwidth and performance downgrade • Legal liability arisen from the hacking activities
2. Security Awareness Training for All Users
II. Management Although advanced technologies have been developed to preserve information security, people are usually the weakest link in the security chain. That is why social engineering is still the most effective method getting around security obstacles. Since the vulnerability is not only related to technology, social engineering is the hardest form of attack to fight against as it cannot be defended with hardware or software alone. A successful defence depends on having good policies in place to ensure that all employees follow them.
1. Security Policy addressing Social Engineering The fundamental level of defence is to set up relevant security policy against social engineering attacks. The security policy can help students or staff to defend against the psychological
The policy should explicitly set out the responsibilities for students or staff to exercise due care in detecting any potential social engineering activities before giving away sensitive information or privileged access.
Once the foundation of a security policy has been established and approved, all staff or students should be trained in security awareness. Security trainings can make a difference in how staff or students apply the security policy in their real life. The following areas should also be covered in the security awareness training: • Identification of valuable data or sensitive information related to the universities and their members in accordance with the information classification standard • Protection of valuable data or sensitive information based on the information handling standard • Necessary procedures required for detecting suspicious social engineering events • Escalation procedures of possible social engineering incidents and preservation of relevant evidence
3. Resistance Training for Key Personnel Apart from the security awareness training delivered to all students and staff, more advanced resistance trainings should be offered to key personnel within the universities. Key personnel are usually responsible for
Issue 11 • Apr 2013
provision of support to others especially the general public and possess most privileged access to universities information systems. Good resistance training should include the techniques such as Forewarning and Reality check
4. Regular Reminders After a series of trainings, staff or students should have a basic concept of information security and the risks of social engineering. However, the resistance to social engineering may only be effective for a short period of time. By using e-mails, newsletters or memorandums, universities need to regularly reminder their staff and students of the possibility of a hacker attempting to steal information from them and specifically informed of any recent attempts.
5. Centralised Security Log Having a centralised log of security events that is being monitored by information security personnel can help prevent an effective attack. Any time a staff or student is asked to give out information or reset a password or even has a suspicious call, it should be logged in this central log file. If a hacker is getting information from one staff or student and using it to talk to another staff or student, the patterns could be noticed in the log. As soon as the pattern is noticed, security personnel can take action to stop the attack by warning all staff or students about the attacker. Staff or students who are trained and know that they must report all security related requests will be less likely to give
out confidential information without taking time to think it through first.
6. Incident Response There should be a well defined incident response process that a staff or student can begin as soon as he or she suspects something is wrong. This process should aggressively go after the hacker and proactively inform other potential victims. As soon as a social engineering attempt or incident is discovered in any part of a university, the attack should characterised by the incident response procedure. Meanwhile, any relevant staff or students should be alerted so that immediate counter actions can be taken.
and should understand their responsibility to protect it. They need to know how to say “no” when it is necessary and have the backing of their management on the occasion where it might offend.
Use the Internet Safely Staff or students should not send sensitive information over the Internet before checking a website’s security. They should pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g. “.com” vs. “.net”).
Verify legitimate Requests
It is important to have one person or a department working very closely tracking these incidents so that the attack can be detected quickly and effectively. This should be the same person that is watching the centralised security logs, independent from anyone who is likely to attract suspicious social engineering attempts.
If any staff or student is unsure whether an e-mail request is legitimate, he or she should try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request. Instead, check previous statements for contact information.
III. General Users
Identify Suspicious Conversations
Make Use of Relevant Software or Features
Staff or students must know the general types of information a social engineer can use and what kinds of conversations are suspicious. They should be sceptical of unsolicited phone calls, visits, or e-mail messages from individuals asking about internal information. If an unknown individual claims to be from a legitimate organisation, try to verify his or her identity directly with that organisation.
Staff or students should install and maintain anti-virus software, firewalls, and e-mail filters to reduce some of social engineering attempts according to the guidelines in the universities security policies. They should also take advantage of any antiphishing features offered by the e-mail clients and web browsers provided by the universities.
Protect Confidential Information
Conclusion
Staff or students should know how to identify confidential information
Social engineering is easy to accomplish but difficult to detect.
13
14
OCIO NEWSLETTER
FEATURE
Design for Mobile Web TAM Kin Hing
Because it relies on fooling end users into revealing information, the users or the organisation are often reluctant to admit that they have been deceived. To protect the sensitive or confidential information in the universities, students, staff and the management should not ignore or underestimate the growing security threats arising from social engineering.
Copyright Statement All material in this document is, unless otherwise stated, the property of the Joint Universities Computer Centre (“JUCC”). Copyright and other intellectual property laws protect these materials. Reproduction or retransmission of the materials, in whole or in part, in any manner, without the prior written consent of the copyright holder, is a violation of copyright law. A single copy of the materials available through this document may be made, solely for personal, noncommercial use. Individuals must preserve any copyright or other notices contained in or associated with them. Users may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the copyright holder of the materials. Contact information for requests for permission to reproduce or distribute materials available through this document are listed below: copyright@jucc.edu.hk Joint Universities Computer Centre Limited (JUCC), Room 223, Run Run Shaw Building, c/o Computer Centre, The University of Hong Kong, Pokfulam Road, Hong Kong
Reference: http://www.american.edu/oit/security/SocialEngineering.cfm http://www.symantec.com/connect/articles/socialengineering-fundamentals-part-i-hacker-tactics http://technet.microsoft.com/en-us/library/cc875841. aspx http://www.sans.org/reading_room/whitepapers/ engineering/multi-level-defense-socialengineering_920 http://www.iwar.org.uk/comsec/resources/securityawareness/social-engineering-generic.pdf http://www.antiphishing.org http://www.us-cert.gov/cas/tips/ST04-014.html
The Mobile Age is Here! Ever since the World Wide Web became popular in the mid-1990s, people have been accessing the web via their desktop computers through a fixed Internet connection. However, over the past few years, with more reliable and faster wireless connections and lowercost mobile devices, there has been a greater demand for mobile access anytime, anywhere to the Web. According to Cisco’s Visual Networking Index (VNI) published in February 2013, [1] the global mobile data traffic has grown 70% in 2012, and is expected to grow further by 13-folds by 2017.
has the luxury of a large screen and precise mouse control. The following is some mobile web design best practice that we have used at CityU.
Desktop is Still There Firstly, one needs to keep in mind that mobile web is not a new separate platform, but simply introduces a new use case into the existing Web development. According to Google’s research on consumer behavior in August 2012, [3] a majority of people tend to move between different devices to accomplish a task, whether between smartphones, tablets, laptops, desktops, or TVs. Therefore, it is important to be able to deliver the same satisfying user experience and interaction-style across these devices. At CityU, making websites universally accessible is our goal. A deviceagnostic approach will allow the same level of service and information to be delivered uniformly across all devices.
Design for Varying Screen Sizes
Mobile Web Mobile Web refers to accessing the World Wide Web, i.e. browser-based Internet services, using a handheld mobile device, such as a smartphone or a tablet, through a cellular or a Wi-Fi Internet connection.[2] Mobile Web applications use the same technology as any other browser-based applications, such as HTML/CSS, except that they are optimized for use by mobile devices. The shift to mobile access poses new design challenges not found in traditional web development, which
While screen size and resolution are rather standardized in desktops and laptops, there are great variations across mobile devices. Over the past couple of years, a wide range of smartphones and tablets have been released in the market, featuring numerous screen size and resolution combinations, not to mention each of them can switch between portrait and landscape modes in different orientations. “Responsive web design” is a new design approach introduced in 2010 that allows websites to gracefully adapt to these variations in a manageable way.[4] In simple
Issue 11 • Apr 2013
drop-down menu. Alternatives or work around may be used to balance the user experience between mobile and desktop counterpart.
terms, a responsive web design uses “media queries” to determine client device screen size and resolution to automatically adjust as needed. Flexible images and fluid grids automatically re-size correctly to fit different screen sizes. In fact, as responsive web design is so important now, Mashable called 2013 the Year of Responsive Web Design.[5] Responsive web design permits many degrees of design freedom. For instance, a “mixed” approach allows fixed-width layout for large and medium screens, while a fluid layout is used only for small screens in order to minimize development and maintenance cost.[6] You should select the best combination of “responsive” features to fit your application needs.
Responsive web design concept
Start with the Smallest Screen No matter which responsive web approach you take, there must be an optimal layout design that works for the smallest target device. Generally, a single column layout that fills the whole width of the screen would be the preferable way to go. In fitting your contents to such a small screen, you must be mindful of usability issues. For example, any visible content
Design for Slow Connection
CityU homepage in a single column layout
should be made large enough to be readable without zooming. Text links and buttons should be spaced far apart enough to be selectable without interference. Images should be flexible enough with the right size in the right place under different orientation. Navigation menu and functions may need a rethink so that they are usable and work effectively in a small screen. Once you have these fundamentals solved, it will be much easier to scale up to other screen sizes.
Design for Touch Screen The use of touch screen in mobile devices constitutes another big difference from traditional mouse and keyboard interactions. As such, when designing for mobile web, you must carefully think through the interaction from both touch event and mouse event. Developers should also note that there is no “mouse-over” state on touch screens, rendering any functions and effects that rely on “mouse-over” action inoperable. A typical example is the
Compared to a stable Wi-Fi or cable connections, mobile users who rely on a cellular network signal may suffer from slow or dropped connection from time to time. Therefore, reducing load time is vital to maintaining mobile user experience. This can be achieved by keeping the page size small, such as reducing the number of images, reducing image size, and removing unnecessary code and scripts from web pages. In addition, a website should be organized in such a way that any destination page could easily be reached with least number of clicks and without confusion. For large websites, web designers should try to optimize navigation and prioritize content in their early stage of web design.
Continuous Testing Just like any other software project, remember to test early and test often - in every stage of development and for every change. Testing helps identify problems early on. Most importantly, it helps you understand any behavioral differences across platforms and devices. Try to run tests on as many different physical devices as possible. Use different combinations of browser, device orientation, and Internet connection. Make sure everything works as intended and conforms to
15
16
OCIO NEWSLETTER
FEATURE
E-Learning Championship
Ideas from Teacher Lecture Capturing accessibility standards before moving onto the next stage. Of course you need to test for the desktop counterpart as well.
highest quality standard for our web, and to further enhance usability and user experience.
K P Mark, Angel Lu
Future Challenges CityU’s Mobile Web Initiative In early 2011, City University of Hong Kong (CityU) initiated the Universitywide Web Redesign Project,[7] where one of the targets is to meet the growing demand for mobility. Since January 2012, over a hundred of University websites were made available for mobile web through the use of centrally supported web templates. Compared to starting from scratch, with our templatebased approach, the effort needed to convert individual websites to mobile web was greatly minimized. In fact, through this accelerated development approach, City University of Hong Kong is one of the very few Universities in the world that has achieved a campus-wide mobile web presence.
With growing BYOD and the advent of Internet of Things, the future will be very interesting. We will need to support an even greater number of diverse devices connecting to our web, such as cameras, game consoles, glasses, watches, appliances, gadgets, and everyday objects. The complexity needed to achieve a device-agnostic approach will be even more challenging than before. With the possibility of richer and more diverse interactivity via mouse, keyboard, touch, gesture, pen, sketch, speech, etc., future web design will bring new levels of user experience never faced before. All these exciting future developments will open up new challenges as well as opportunities to provide more personalized and more flexible access to the wealth of information and services available on the web.
Reference: CityU Homepage in 2013
The Way Forward The CityU Web Redesign Project was crucial in kick starting our mobility strategy and enabling campus-wide mobile access to a vast amount of the University’s valuable web content. Since then, we have many updates on our centralized mobile web interface and mobile web accessibility features. As Web technology and mobile devices continue to evolve, we will fine-tune our technology platform to ensure the
[1] Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2012–2017, Cisco http://www.cisco.com/en/US/solutions/collateral/ ns341/ns525/ns537/ns705/ns827/white_paper_c11520862.html [2] Mobile Web, Wikipedia http://en.wikipedia.org/wiki/Mobile_Web [3] Navigating the new multi-screen world: Insights show how consumers use different devices together, Google http://googlemobileads.blogspot.hk/2012/08/ navigating-new-multi-screen-world.html [4] Ethan Marcotte, Responsive Web Design, A List Apart http://alistapart.com/article/responsive-web-design [5] Why 2013 Is the Year of Responsive Web Design, Mashable http://mashable.com/2012/12/11/responsive-webdesign/ [6] John Polacek, What the Heck is Responsive Web Design? http://johnpolacek.github.com/scrolldeck.js/decks/ responsive/ [7] Web Redesign Project, CityU http://www.cityu.edu.hk/redesign/
Technology has brought enormous possibilities in the way of teaching and learning. In this issue, through the eyes of Professor Jane Prophet from the School of Creative Media and her student, Mr. Edmund Lau Chun Man, we are going to explore effective learning in two distinctive perspectives.
Teacher’s View: Connecting Teaching and Research Learning is not, and should not be, a one-off process. Professor Prophet extends her lectures by Echo360, an integrated lecture capturing solution, in a continuous learning resource. Students will now not only be inspired by her sparkling ideas during scheduled lessons, but also be able to review the lectures through BlackBoard to immerse themselves in the material more fully. In addition to just a simple recap of the lectures, Echo360 makes it easier to insert additional content on the Powerpoint slides after recording. In case instructors may not have sufficient time to cover all materials in the class, students can turn into the electronic platform to study the full texts carefully when they are reviewing the lectures. Hence, students are allowed to crack the nutshell themselves according to their progress. Although there were concerns that students would concentrate on the computer screen capture rather than the teachers’ capture, the
Issue 11 • Apr 2013
Series (2)
r and Student: is more than Lecture Capturing
reality is students request a good quality teachers’ capture as well. To fully maximize the benefits of Echo360, Professor Prophet is exploring the possibility of bringing research and teaching together. The capturing technology is being planned to implement by her research partners, and research students across various institutions. The capture of those intricate topics can act as valuable references, as well as a great supplementation for undergraduate teaching. At the same time, Professor Prophet is considering an augmentation of Echo360 as she believes a flipped classroom approach is trustworthy with the supplement of handy capturing functionality. A 15-minute short lecture video released prior to meetings frees the classroom hours into effective interactions and hands-on activities among students. Students are exposed in genuine activities more frequently in the classroom.
Student’s View: Engaging through Personalization From the student’s perspective, Edmund appreciates the function that enables him to view previous lectures as it eliminates learners’ misapprehension in class. They can always revisit blurry parts in the delivered lecture upon their personal arrangements, which
Professor Jane Prophet
permits them to have a timely and flexible revision. Apart from the on-demand captured lectures, Edmund pays particular attention to another benefit derived by Echo360, i.e. conducting peer appraisals and self-evaluations on how good their presentations were. Presenters are, thus, self-motivated by understanding and remedying their pitfalls. Those exchanges are further facilitated by mobile seats in DEC Lab, where students can freely settle down into any groups to show their research through separate screens and are engaged in spontaneous discussions to share and explore any interesting findings during tutorial lessons. On the forthcoming implementation of flipped classroom, Edmund holds the same belief as Professor Prophet. In contrast to the traditional approach, students will be benefited through the extra effort spent on discussions and applying the knowledge in tutorials. He also believes that the newly introduced ‘Turnitin’, a global leading platform that highlights originality check and credible feedback system in plagiarism prevention and online grading, will help researchers
Mr. Edmund Lau
rectify their reports and assignments. Consequently, researchers can check their originality effortlessly instead of skimming over the whole work.
Advice from Teacher: Good Practice on Content Production Upon the high expectations on Echo360, Professor Prophet pointed out several good practice to perfect the user experience of the system: (1) don’t abridge the lecture capture to prevent accidental deletion of useful content; (2) keep the lecture natural to ensure viewers’ comfort; (3) offer the screen and speaker capture simultaneously which students are in favor of; and (4) avoid interrupting the system during the uploading phase. Even though there are varied emphases on the benefits brought upon by e-Learning between instructors and learners, there is no doubt that technology has once again broken through the traditional ways of research, teaching and learning. Stay tuned for more innovative ideas on e-Learning in the next issue.
17
18
OCIO NEWSLETTER
STATISTICS AT A GLANCE
Flipped Classroom Survey Results Flipped Classroom [1-3] refers to a variety of teaching and learning activities that reverse the traditional way of lecturing - a type of blended learning. Typical approaches include using online learning materials (including pre-recorded videos) as replacement/ supplement of part of the lecture followed by active-learning, projectbased learning, or interactive exercises
Figure 1 Flipped Classroom Adoption
during class time as well as student presentation through pre-recorded video and interactive peer discussion online and in the classroom. An online survey to gauge the adoption of Flipped Classroom practice was posted to CityU staff members between February and March 2013. 51 responses were collected.
[1] (Knewton) http://www.knewton. com/flipped-classroom [2] (Flip classroom in Stanford) http://www.youtube.com/ watch?feature=player_ embedded&v=cHPvW-pLJqE [3] (Wikipedia) http://en.wikipedia.org/ wiki/Flip_teaching
Issue 11 • Apr 2013
Flipped Classroom
Figure 2 Useful support in order to institutionalize Flipped Classroom (multiple answers)
Figure 3 Advantages of using Flipped Classroom (multiple answers)
19
20
OCIO NEWSLETTER
IT Tools
Using Pinterest for Education Andy Chun In the last “IT Tools” column, we introduced several social networking tools, such as Ning, Grou.ps, and edmodo, that can be used to create a “social learning” environment for your class. In this issue, we introduce how the popular Pinterest application can be used for education.
(http://www.pinterest.com/) is a pinboard-style photo sharing website that allows users to create and manage theme-based image collections such as events, interests, hobbies, and more. Users can browse other pinboards for inspiration, ‘re-pin’ images to their own pinboards, or ‘like’ photos. (Wikipedia)
Launched as beta in March 2010, pinterest had over 10 million unique users in 2012. That number has now grown to over 30 million users over the past year! What does a virtual pinboard software have to do with education? Interesting infographics from WorldWideLearn.com provides some examples:
• Share quotes and inspiration – create a pinterest board “pin” interesting quotes/inspiration relating to the class. Boards can be shared, if you like, to allow students to add their “pins” too. • Visual sharing for architecture, photography, design, art classes – visual sharing is what pinterest was originally designed for. Classes with lots of visual material will benefit most from creating a pinterest board. Again, allowing students to share is a great way to engage View full infographics here: students in learning. • Suggest reading materials – create a pinterest board and http://edudemic.com/2012/12/ a-straightforward-guide-to“pin” images of books for students to read. using-pinterest-in-education/ • Encourage student participation – have students create their own boards as a learning journal to share with other students. • Show student work - a pinterest board can be used as an e-portfolio for students to highlight their own work. • Student peer critique – have students create pinterest boards and allow other students to send comments. The possibilities are endless. In addition, Pinterest also has an “education” category that highlights useful resources. You can also use the search bar to quickly locate related material for your class. Just like Twitter, pinterest allows you to “follow” others and vice versa. For mobility, there are mobile Pinterest apps for iOS and Android (http://about.pinterest.com/ goodies/). For desktop, there are browser plug-ins that makes it super easy to “pin” photos to your board. Let me know if you use Pinterest in your class and whether the experience was successful or not. Also let me know if you have other tools/platforms to recommend.
Editorial Box OCIO Newsletter Advisory Board Dr. Andy Chun (OCIO) Ms. Annie Ip (OCIO) Mr. Raymond Poon (CSC) Mr. Peter Mok (CSC) Mrs. W K Yu (ESU) Publishing Team Ms. Noel Laam (CSC) Ms. Annie Yu (CSC) Ms. Joyce Lam (CSC) Mr. Ng Kar Leong (CSC) Mrs. Louisa Tang (ESU) Ms. Doris Au (OCIO) For Enquiry Phone 3442 6284 Fax 3442 0366 Email cc@cityu.edu.hk OCIO Newsletter Online http://issuu.com/cityuhkocio