OCIO Newsletter issue 18

Page 1

OCIONEWSLETTER Issue 18 • JAN 2015

INDEX SPOTLIGHT 1

Oracle Exadata for Banner/AIMS

FEATURE 8

Staff Email – Reasons to Move Fast to MS Office 365

12

New CityU Portal

14

Flipped Classroom at City University of Hong Kong

18

Knowledge Management @ CityU

BRIEF UPDATES 7

New Issue of Network Computing

20

Wow! Free Wifi!? (A Fictional Story)

21

New e-Learning Webpage on MOOC

22

CityU Supports HK Government’s Wifi Initiative

FYI 3

Rights Management System for Information Protection on MS Office 365

IT SECURITY AWARENESS SERIES BY JUCC 10

Intellectual Property

ITSM SERIES 4

ITSM Awareness Series (Part 1: Introduction)

STATISTICS AT A GLANCE 23

Help Desk Monthly Statistics

GLOSSARY CORNER 24

Shellshock & Poodle

SPOTLIGHT

Oracle Exadata for Banner/AIMS K C Cheung Online course registration each semester is a system activity that demands tremendous computer power. Processes, such as time-ticketing, have been in place for years to control the system demand at an acceptable level. On the software side, tuning was also done regularly to achieve optimum performance. As the student population and the number of courses increased over the past years, the hardware was also upgraded timely. However, hiccups occurred in Semester B for a few years since 2009. Owing to the new Academic Reform in 2012 in Hong Kong, the University expanded her system to allow open registration for more students to select more courses like Gateway (GE) courses. For the sake of fairness, it is required to schedule more than 3000 students to do on-line web GE course registration simultaneously. This further aggravated performance and capacity problem during student on-line web course registration, affecting not only course add/drop and registration service to students, but also the administrative offices using Banner. To address the problem, existing system architecture was reviewed. Although traditional server and storage upgrade was expected to get improvement, I/O performance would be limited by traditional storage system. We had applied this approach for years, but the course registration problem still prevailed. Inevitably other technologies needed to be explored. We started in early 2013 to explore if Oracle Exadata could be a possibility. It is an engineered based machine with hardware and software components integrated to improve performance and achieve high availability for Online Transaction Processing (OLTP) and data warehousing. In the evaluation process, we studied the literature of Oracle Exadata and IT report on the machine by independent technology and market research company. We also called references from


2

OCIO NEWSLETTER

other universities using Oracle Exadata for Banner. Stephen F. Austin University (SFA) in the USA went live with Banner on Oracle Exadata in April 2012 to solve its course registration problem. SFA can now support up to 2,000 concurrent users enabling students to register for classes more quickly. Several conversations with their IT specialists were made to understand the considerations of moving to Oracle Exadata and we got assured that it would be a solution for us too. We further conducted a proof of concept (POC) for confirming the performance levels demonstrated meeting the University’s requirements. The POC result was positive and showed that the

system can handle 3,000 students to do course registration simultaneously, and there would be up to 100 times performance improvement in SQL reporting. After intensive study and discussions, it was decided to acquire an Oracle Exadata for supporting course registration at reasonable performance when thousands of students add or drop courses at the same time. In late November 2014, Banner/ AIMS database was successfully migrated to Oracle Exadata X4-2 Eighth Rack to prepare for the Semester B course registration in December. In this course registration, AIMS performed extremely well, with 1.5 to 3 times more registrations

Figure 1: Performance before the implementation of Exadata

Figure 2: Performance after the implementation of Exadata

done than before (see Chart 1),10 times faster processing and less system busy pages observed (see Chart 2) in the peak of concurrent student registration. System was found busy only in the first one or two minutes in the peak. The system demonstrated that it can greatly enhance the database performance in Banner system and thus raise the overall user satisfaction. Snap shots of performance report (Figure 1) in last Semester A and this Semester B (Figure 2) were taken on 22 August 2014 and 31 December 2015 respectively. Before the implementation of the Exadata, the CPU was fully consumed and this status lasted for 20 minutes. After the implementation, it lasted only for 2 minutes. Students should have found the course registration process much smoother and quicker. In addition to improving the course registration performance, the performance of other AIMS functions are also enhanced; users (staff, students, alumni and offices) can now get instant response in most functions within a second. Furthermore, other enterprise applications can still be run as usual during the peak usage period. Before, other application user offices were requested to avoid submitting CPU/time consuming jobs during the course registration period. In short, Oracle Exadata has great potential to improve jobs that demand extensive data retrieval, query and reporting.


Issue 18 • January 2015

The Exadata machine has high availability (HA) feature that provides an avenue for moving toward nonstop AIMS services, thus enabling us to provide better support to alumni networking, admissions and recruitment of overseas applicants, and staff who may be working overseas on different time zones. This HA feature also facilitates applying Oracle and OS upgrade to the machine without any system down time. Oracle Exadata has greater capacity to host more databases in it if applicable. This may bring savings to the University on Oracle license. In the past, new Oracle licenses had to be acquired when a machine with higher computing power or when a new system that required Oracle database was bought. Such licenses are expensive. On the other hand, with the Exadata hosting more databases, we can patch, upgrade and monitor the system in a consolidated fashion, thus saving our database administration efforts in the long run. It is planned to migrate the database of Degree Works to the new machine. The time taken for generation of an updated advising worksheet and degree audit report for a student who has his/her courses changed or course grades updated is expected to be much shorter. Furthermore, taking the opportunity in implementing Oracle Exadata, a Banner Disaster Recovery system is being set up. This will mitigate the risk to the University operation brought about by system un-availability at a disaster level. The system is targeted to be available in June 2015. City University of Hong Kong is the first university in Hong Kong to adopt an Oracle Exadata for her ERP, and it took us only three months to install the system and put it to production, thanks to our capable and efficient Central IT team!

FYI

Rights Management System for Information Protection on MS Office 365 Maria Chin Data security on cloud services for email, social networking, etc. has always been a concern to users. With the University email system for staff being migrated to the cloud Microsoft Office 365 (“O365”) featuring Exchange Online, SharePoint Online, OneDrive, Team Site, etc., the University has subscribed to the Right Management System (RMS) to provide extra protection to staff email and files containing sensitive/confidential information. Currently under release preparation, the RMS will be available to staff in their primary O365 accounts (same as their CityU EIDs) where staff can encrypt email (message and file attachments) with confidential/sensitive information for email exchange. The RMS can also be applied to the Library (folder) in the O365 OneDrive and Team Site*. All files (MS Office and PDF format) added to the Library with RMS enabled will automatically be encrypted, hence sharing of files with sensitive/confidential information amongst authorized staff will be more convenient, and without the need to encrypt file by file and for distribution of decryption password as currently being done with the on-premises email systems and SharePoint (CityUWiki). Further access restrictions to files, e.g. how long they can be viewed by the targeted audiences, abilities for the targeted audiences to print, download encrypted files etc. can be customized and applied as desired to achieve optimal protection to files containing sensitive/ confidential information and in the meantime balancing their ease of access and use. The RMS is a Microsoft data encryption technology to assist users to secure their data; nevertheless, staff should exercise care when using the RMS by following closely the guidelines (to be available with the release of the RMS). Departments/staff interested to pilot the RMS can contact the Computing Services Centre (via the CSC Help Desk or email to csc@cityu. edu.hk). * Further read on O365 OneDrive and Team Site is available at https://support.office.com/en-nz/article/ Start-using-your-team-site-OneDrive-for-Business-and-Newsfeed-to-share-documents-and-ideasabeace23-ffb2-4638-944c-860a2484b4bb

3


4

OCIO NEWSLETTER

ITSM SERIES

ITSM Awareness Series (Part 1: Introduction) By Chadwick Leung The ITSM Awareness Series of articles aims to raise awareness among CityU IT provisioning units (both Central IT and departments) and interested parties of the current best practice in IT service management (ITSM).

The University’s Paperless Office Service, being a highly mission critical system, was selected as a pilot service to be managed following the ISO/IEC 20000 IT Service Management (ITSM) Standard. It is to ensure that the service is managed following the international best practice (for more information on the Paperless Office Service, please refer to the article “HRO Work Simplification through Paperless Office” in Issue #17 of the OCIO Newsletter: http://issuu.com/ cityuhkocio/docs/ocio_newsletter_ issue_17). Wikipedia explains: “ITSM is processfocused and has ties and common interests with process improvement frameworks and methodologies (e.g., TQM, Six Sigma, business process management, CMMI). The discipline is not concerned with the details of how to use a particular vendor’s product, or necessarily with the technical details of the systems under management. Instead, it focuses upon providing a framework to structure IT-related activities and the interactions of IT technical personnel with business customers and users.)” http://en.wikipedia.org/ wiki/IT_service_management Many teams within the Central IT have been collaborating to bring the ITSM standards into operation in CityU. For colleagues who have

not been involved in the ISO/IEC 20000 implementation or other readers who may be interested in this transformation, this article is to share the basic concepts on how the standard works.

Change is Inevitable In our modern world, IT change is inevitable and constantly happening. In fact, the pace of change is quite exponential as more and more aspects of business now rely on IT as an enabler and driver for business value. Consequently, changes in how we provision IT service are also more frequent. In general, changes to IT services are driven by changes in business strategies, business directions and business needs. Almost never, is change in IT service provisioning driven by technology lifecycle alone. These ITSM standards guide a service provider in managing IT changes against changing business strategies and needs. The first step in any change or new IT service is what ISO/IEC 20000 calls the Design and Transition of New or Changed Services (DTNCS).

Design and Transition of New or Changed Services The whole of ISO/IEC 20000 consists of a set of processes (bolded in below diagram). The overarching process is the

DTNCS (highlighted in blue in the diagram). DTNCS helps organizations manage the requirements of introducing new IT services or changes to existing IT services in 3 main stages – (1) plan, (2) design and development, (3) transition. The main purpose of the DTNCS process is to ensure that proper considerations are made to the financial, organizational and technical impact that can result from such change. DTNCS is related to the other processes at different stages to form a coherent (or holistic) view to manage and govern new or changed services. The following diagram depicts the interfaces between processes at different stages of an ITSM project, and the operation stage is adopted by following the best practice of ITIL (IT Infrastructure Library for ITSM) to manage IT services after the transition stage. The following explains the tasks within the 3 stages of DTNCS and the operation stage, some typical deliverables of each stage are listed:

Plan During the planning stage, a proposed new or change to IT service is first evaluated against


Issue 18 • January 2015

ISO 20000 Design and Transition of New or Changed Services Plan

Design and Development

ITIL Service Operation Transition

Operation

Service Level Management and Reporting Service Continuity and Availability Management Service Delivery

Budgeting and Accounting for Services Capacity Management Information Security Management

Relationship

Business Relationship Management Supplier Management Service Request and Incident Management

Resolution

Problem Management Change Management

Control

Configuration Management Release and Deployment Management

Figure 1 Interfaces between DTNCS and other processes

various aspects which generally include business needs, user requirements, available resources, financial and time constraints, and technology limitation. This evaluates whether the outcome (new or changed IT services) can deliver values to business or customers within the timescale and budget. Agreed change will be managed as “project�. DTNCS process must be used to manage a change when it is classified under certain criteria that are organizationspecific. Some typical criteria are: - All new services - Changes with potential high risk/ impact or expected high value to critical services - Changes with high cost and/or benefit - Changes with long interruption to critical services Other changes outside the organization-defined criteria are simply managed through traditional change management processes.

Deliverables: - New or changed IT Service proposal - Service removal proposal - Project plan

Design and Development Service Requirements The first step in the Design and Development of DTNCS is to define the service requirements. Details of the requirements will be gathered through the following processes: - Service Level Management and Reporting o Service level and catalogue o Service hours o Service request agreed time - Service Continuity and Availability Management o Support hours o Availability requirement in percentage o Time to restore service during incident

- Budgeting and Accounting for Services o Capital Expenditure (CAPEX) o Operational Expenditure (OPEX) o Asset Management - Capacity Management o Storage requirement o Response times o Backup requirement Service Design and Development Service design and development will be carried out based on the agreed service requirement. This step will provide detailed specifications on all related areas within the requirements. This aims to ensure the requirements will be fulfilled and solutions will be delivered accordingly during the Transition stage. The following are some typical areas within the scope of service design and development:

5


6

OCIO NEWSLETTER

- Service Level Management & Business Relationship Management o Operation level o Roles and responsibilities o Human resources (training, skills and competencies) - Capacity Management o Service monitoring o Infrastructure o Testing and deployment approach - Information Security Management o Information or data security o Information or personal privacy - Service Continuity and Availability Management o Service high availability or continuity provision - Supplier Management o Suppliers and contracts o Support level Deliverables: - Functional / technical requirement specification - Service level requirements and plan - Capacity requirements and plan - Service Continuity and Availability requirements and plan - Cost model, charging scheme and price book - Information security requirements and risk assessment report - Service catalog update - Service level agreement, operational level agreement and supplier contract

Transition The following three control processes will manage the service rollout and deployment, including the subsequent changes:

- Change Management o Manage evaluation, scheduling and approval of change request o Manage unexpected outcome of change/release deployment - Configuration Management o Manage the Configuration Items (CI) registration and change via Change Management process o Define relation between CIs and relation between CI to service - Release and Deployment Management o Manage deployment of approved new or changed services o Manage development and test cycle Deliverables - Service report - CMDB audit report - Change and Release schedule and report

Operation After a new service goes live, the operation stage will also turn two resolution processes into action from preparation in the transition stage - Service Request and Incident Management o Handle service request and incident in accordance to the defined procedure and within agreed service or resolution time - Problem Management o Identify root causes of incident and produce proven resolution o Prevent incident with the same cause from reoccurrence

Deliverables - Service report - Knowledge base and known error records This article provides a very high-level overview of ITSM and the DTNCS process. For more information on the individual stages or tasks, interested readers can refer to: - ISO/IEC 20000 – design and transition of new or changed services http://blog.apmg-international.com/ index.php/2013/04/24/isoiec-20000design-and-transition-of-new-orchanged-services/ - ITIL Processes http://wiki.en.it-processmaps.com/ index.php/ITIL_Processes - ISO 20000 Sections and related ITIL Processes http://wiki.en.it-processmaps.com/ index.php/ISO_20000#ISO_20000_ Sections_and_related_ITIL_Processes Please stay tuned for Part 2 of this series when we introduce the Configuration Management Database (CMDB) – a repository that acts as a data warehouse to support ITSM. Contents in the CMDB represent the IT assets as well as the relationships among them. The CMDB is an important tool to help IT organizations understand how critical assets are composed and their relationships/dependencies with others, and consequently facilitates better IT service management.


Issue 18 • January 2015

BRIEF UPDATES

New Issue of Network Computing Computing Services Centre

“Issue #82 - December 2014” of the Network Computing online magazine from the Computing Services Centre (CSC) is now available at: http:// wikisites.cityu.edu.hk/sites/netcomp/

This issue contains the following articles: • Lync: How to Make Use of Unified Communication • Difficulties of Supporting Wi-Fi

• Learn at Your Own Pace with Lynda. com • IT Security Awareness - Protection against Hacking - Technique / Tools

7


8

OCIO NEWSLETTER

FEATURE

Staff Email – Reasons to Move Fast to MS Office 365 Maria Chin

As announced in August 2014, the Information Strategy and Governance Committee (ISGC) has endorsed the immediate migration of the University email system for staff from the onpremises Microsoft Exchange system (“Exchange”) to the cloud Microsoft Office 365 (“O365”), and the entire email migration for all staff is to be completely by June 2015. Migration of all email in the 7,000+ staff email accounts (primary and secondary accounts) within a year might not seems a difficult task; however, when all staff need to find time for email migration and to adapt to a new email system, despite the similarity of the two systems, the time and efforts added up has proven to be a challenge. The Computing Services Centre (CSC) will assist staff to migrate their email from both the Exchange and the JSMS (the older staff email system) to O365, and in order to streamline the migration process, a departmentby-department schedule has been worked out.

The cooperation of staff to comply with the planned migration schedule for their respective department is sought since shuffling migration dates amongst departments within a tight timeframe will adversely affect staff in departments involved in terms of rescheduling; after all, it will be impractical, if not impossible, to find a date that can fit every staff.

Migrating to O365 - the Sooner the Better • Staff should note that migrating to O365 at their earliest convenience is to their advantage, since no enhancement resource has been allocated to the on-premises email systems, meaning that neither the systems nor the hardware (servers, disks, backup) will be upgraded. Both the systems and the hardware are hence already prone to software bugs, hardware failures, security vulnerabilities and attacks from hackers, and these deficiencies will further deteriorate with time. The software licenses for the applications, anti-viruses, etc. for the on-premises email systems will expire after 30 June 2015, and without valid licenses

these systems must be shut down and accounts/emails that have not been migrated to the O365 will be irretrievable. • Staff can enjoy the added and advanced features on O365, and please see details in the FAQ at http://www.cityu.edu.hk/csc/ deptweb/support/faq/email/ o365staff/features.htm. • Apart from the advanced features, the University has recently subscribed to the Rights Management System (RMS) on O365, and with RMS, email and files with confidential/sensitive information can be encrypted hence strengthening information protection during email communication and files sharing. • Staff can enjoy the use of Microsoft Office Pro Plus for their work which can be downloaded from their O365 accounts. MS Office Pro Plus allows each staff member free installation of MS Office software on up to a maximum of five PCs or Macs used by the staff for work related activities during their employment at the University. Staff can also run


Issue 18 • January 2015

Office Mobile for iPhone or Office Mobile for Android on up to 5 mobile devices.

When and How to Migrate Email Accounts to O365? The CSC is contacting the Departmental Network Administrators of respective departments/offices to confirm the planned migration schedule for their departments. Departments who have not yet been contacted and wish to migrate sooner can contact the CSC (via the CSC Help Desk or email to csc@cityu.edu. hk) and the CSC will try to move forward the planned date. Prior to email migration, staff should read the FAQ (http:// www.cityu.edu.hk/csc/deptweb/ support/faq/email/o365staff/ o365.htm), and upgrade the operating systems and applications on their PCs and mobile devices to the latest versions before the migration; otherwise, they may not be able to connect to O365.

On the date of migration, all email accounts and email of all staff in the department scheduled for migration, even those for the staff on leave, will be transferred to the O365. Staff from the CSC will be on-site at the department to provide technical support to staff to configure the email clients (MS Outlook) on their PCs to connect to the O365. The O365 server information will be available to staff using other IMAP/POP3 email clients who can then configure their own email clients accordingly. Staff who are not in office, on leave, etc. on the date of migration and have missed the on-site support from the CSC can follow the DIY steps (item 3) in the FAQ (http://www.cityu. edu.hk/csc/deptweb/support/faq/ email/o365staff/o365.htm), or contact

the CSC Help Desk or email to csc@ cityu.edu.hk for assistance.

Access Migrated Email and New Emails on O365 via OWA It is worth noting that the email migrated to the O365 and the new email sent to you can always be accessed conveniently from any web browsers (via Online Web Access “OWA”) at http://email.cityu.edu.hk/ notice/weblogon_o365um.htm (with login instruction and URL to the O365). The OWA enables staff to access their old and new email right after email migration even they have not yet configured their email clients and mobile devices to connect to the O365.

9


10

OCIO NEWSLETTER

IT Security Awareness Series by JUCC With an aim to enhancing the IT security awareness of the CityU community, the KPMG was commissioned by the Joint Universities Computer Centre (JUCC) to prepare a series of articles on IT security and they will be adopted and published here for your reference.

Intellectual Property I. Background Industry Story Illegal downloading on campus can lead to hefty fines Unless the University of Oklahoma (“OU”) students are willing to fork over $750 for the latest Beyonce single, they might want to think twice before illegally downloading songs from the Internet via OU Wi-Fi. The Recording Industry Association of America (“RIAA”) has been suing individuals for a minimum of $750 for each illegally downloaded song, according to the OU IT website. OU IT is working with the RIAA by implementing the Affirmation of Compliance, a digital contract for OU users. When students register with the OU network, students agree to avoid copyright infringement while on the OU network, and in turn IT will investigate any questionable downloading through the network. What is Intellectual Property? Intellectual property refers to a group of separate intangible property rights. It is a number of distinct types of creations and ideas for which a set of exclusive rights are recognised. These include trademarks, patents, copyright, designs, plant varieties and the layout design of integrated circuits. Why is Intellectual Property important? Stealing a physical asset is obviously illegal. If you take an asset away without the owner’s permission, you are stealing his or her asset. In the other words, you try to take or use an asset without the ownership of the asset.

However, when it comes to any intangible assets stored in the information systems or shared on the Internet, such as e-books, graphics, software, it is usually not an easy job to identify their ownership. To protect such intangible assets or avoid unauthorised usage, it is important to understand the concept of intellectual property and the relevant regulations protecting it.

II. Management Identification of Compliance Requirement on Information Security Management should identify the following types of intellectual property before planning the strategy to safeguard intellectual properties. • University-owned Intellectual Property Many universities are now expected to interact more with industries as well as governmental and non-governmental organisations in consultancy, research contracts and commercialisation of inventions, innovations and research findings. As a result, more collaboration between universities and external bodies increased the universities’ productivity of intellectual properties and their reliance on these properties as a source of income. If the intellectual properties are stolen, the potential income from the properties will be deteriorated or even lost, which can lead to very high economic loss as well as reputation damage. • Non-university-owned Intellectual Property

Non-university-owned intellectual properties may impose adverse impact on universities’ intellectual protection objective if the usage of such properties is not well regulated. Some universities may run singleuser licensed software on most of their computers. Some computer vendors may even sell hardware to the universities with software preinstalled but without appropriate licences. Using unlicensed software without the permission of the vendors can pose the universities at a risky position to be sued and penalised. This can incur a very high compensation or litigation cost if universities fail to identify and rectify such violations timely.

Responsibilities of Management • Establishing Intellectual Property Policy The establishment of Intellectual Property Policy can protect both the rights of the students and researchers, and the intellectual property itself. The policy should address how members in the universities should create, identify, maintain, safeguard and protect the intellectual properties owned by themselves or the universities. • Implement Information Security Intellectual property protection is part of the overall information security within the universities’ network.


Issue 18 • January 2015

The reason is that, in many circumstances, intellectual properties are part of the critical data held within the universities’ information systems. In other words, strong protection of intellectual property requires well-established information security policies and procedures. A good example is the implementation of logical access controls. Management should make sure that the access to information assets with intellectual properties is only assigned to the staff members or students based on their specific job functions or study needs. This control is able to prevent intellectual properties from being used by unauthorised users. Therefore, strong implementation of information security in the University is crucial to keep intellectual properties away from malicious thieves. • Appoint Security Officer Any potential violation of the security of intellectual properties should be reported to the right person in the Management group. A person, like an Information Security Officer, should be assigned to supervise the overall security status of the university’s information systems and assets, including intellectual properties. He or she should also be responsible for the governance and implementation of the information security policy. • Asset Inventory Tracking The inventory of all information assets such as workstations, laptops and CDs with student personal information owned by the

universities should be continuously tracked and maintained. An asset inventory should be created to record the asset details and the respective asset owners. This can help to prevent information assets involving intellectual properties from being accessed or possessed by un-intended personnel like ex-staff members of the universities. • Promote Awareness and Education Management should consider raising the awareness of intellectual property protection by organising trainings for its staff and students. This can align their expectation and help to better protect the universities intellectual properties. On the other hand, the training should also put emphasis on the avoidance of using unlicensed software or unauthorised duplication of information assets with intellectual properties. Well-received trainings can effectively lower the possibilities of intellectual properties infringements and the consequent litigations.

III. General User Responsibilities of General Users General users may not be aware that they are actually playing an important role with regards to the protection of the intellectual properties as well as prevent the corresponding infringements. • Manage your intellectual property Any general users such as students, researchers and faculty staff can be an owner of intellectual property. They should be aware of

their intellectual properties, and manage their rights relevant to their intellectual properties. For instance, they should consider reserve some or all rights to copy or republish their work, and transfer only those rights to the publisher whom you have agreed to use your work to conduct their business. • Do not use unlicensed software Staff members and students should observe the universities’ acceptable usage policies by not installing any unlicensed software on campus workstations / laptops. In addition, universities may consider deploying Software Asset Management (“SAM”) solutions for monitoring any installation of unlicensed software. • Do not illegally duplicate intellectual property General users may duplicate intellectual properties like DVDs for personal use if they have purchased from the owners or universities have bought the licences for them. However, using the duplicated copies for commercial distribution or sharing with others who possess no valid licenses is not allowed. • Do not use P2P software to share copyright material over the Internet Although the use of P2P software provides an efficient way to search and exchange material over the internet, people often use the P2P software to download copyright material such as music, movie over the Internet. This kind of activities is illegal and may cause law suits with copyright owners or their agents such as BayTSP, Inc.

11


12

OCIO NEWSLETTER

FEATURE

New CityU Portal K H Tam

Conclusion While enjoying the benefit from the information technologies, universities should pay sufficient attention to the protection of intellectual properties by implementing adequate information security mechanisms. General users should follow the policies and procedures established by the universities when using the intellectual properties and be alerted on any possible infringements. Reference: http://thedartmouth.com/2011/08/16/news/Cyber http://en.wikipedia.org/wiki/Intellectual_property http://www.wipo.int/uipc/en/guidelines/pdf/ ip_policy.pdf http://www.ipd.gov.hk/eng/pub_press/ publications/cpr_ed_e.pdf http://www.csoonline.com/article/217964/ intellectual-property-security-don-t-lose-yourhead?page=1 http://www.cio.com/article/22837/ How_to_Avoid_Intellectual_Property_ Theft_?page=2&taxonomyId=3089 http://www. riskvue.com/articles/fs/fs9911.htm http://www.lib.utexas.edu/services/faculty/protect_ ip.html http://www.dartmouth.edu/copyright/peer2peer/ http://www.cuhk.edu.hk/itsc/about/p2p-risk.html

Copyright Statement All material in this document is, unless otherwise stated, the property of the Joint Universities Computer Centre (“JUCC”). Copyright and other intellectual property laws protect these materials. Reproduction or retransmission of the materials, in whole or in part, in any manner, without the prior written consent of the copyright holder, is a violation of copyright law. A single copy of the materials available through this document may be made, solely for personal, noncommercial use. Individuals must preserve any copyright or other notices contained in or associated with them. Users may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the copyright holder of the materials. Contact information for requests for permission to reproduce or distribute materials available through this document are listed below: copyright@jucc.edu.hk Joint Universities Computer Centre Limited (JUCC), Room 223, Run Run Shaw Building, c/o Computer Centre, The University of Hong Kong, Pokfulam Road, Hong Kong

With the University’s migration from Blackboard to Canvas as our unified learning management system (LMS), we have replaced the previous e-Portal that was built on top of the Blackboard platform with a brand new “CityU Portal” (www.cityu.edu.hk/ portal). The new portal was designed and coded in-house through a collaboration of technical staff from the three Central IT units – the OCIO, the CSC, and the ESU, and supported by contribution of ideas from content owners and users. The project began in July 2014 and Version 1 of the portal was soft launched in early December 2014. The new CityU Portal extended the functionality of the previous e-Portal as a one-stop information gateway for staff and students. The new portal totally replaced the e-Portal starting from January 2015 to align with the full adoption of Canvas in Semester B. The project involved several key development tasks – enriching the user experience, revamping the information architecture, redesigning the user interface, and designing

a new .NET single-sign-on module. For example, the user experience has been enhanced by providing a more flexible and controllable user interface to consolidate the most useful or popular services for staff and students, categorized by service types. In the portal homepage, users have access to our core IT systems, password management services as well as our news and the academic calendar. The CityU Portal search bar allows users to quickly find any protected CityU Intranet webpages and CityU SharePoint “wikisites” that the user has access rights to view. Also, depending on your role, you may access the tabs specifically designed for staff or students, where you can find additional teaching and learning services, facilities booking services, and other useful services provide by various offices. For the information architecture, the project team thoroughly analyzed, rationalized, and recategorized the existing content, and created a new information architecture design that is more intuitively


Issue 18 • January 2015

Figure 1: CityU Portal

organized, allowing easier and faster access to information. The portal is also intelligent, and automatically remembers individual user preferences in how much information he/she wants to be displayed, thus providing a personalized user experience while reducing information clutter. The user interface was totally redesigned using a “keep it simple” philosophy while adopting the latest in Web technologies and standards. The CityU Portal was designed with both desktops and mobile devices in mind, and was coded using responsive Web technology that allows the CityU Portal to automatically optimize itself to fit different screen sizes and orientations. You can access

Figure 2: CityU Portal in mobile phone

the portal and its services anytime, anywhere, across all platforms, including desktop, mobile phones, and tablets. Aesthetic wise, the CityU Portal follows a modern “flat” design while adhering strongly to University branding. To provide a cleaner looking user interface, carousels are used to consolidate “banners” while maintaining functionality of highlight new events/ activities. This new platform will allow us to better integrate with our major systems, including AIMS, so that users can access to various services more easily without logging in multiple times. The Portal leverages the existing “red door” login form for Active Directory (AD) authentication. And a new .NET singlesign-on (SSO) module was created for seamless sign-on to LDAP-based AIMS.

Also launched together with the CityU Portal was the re-designed CityU Work Desk menu, which can be accessed by clicking on the “Work Desk” icon on your desktop. New versions of the CityU Portal will be launched in 2015 with additional services and functionality to make it even more useful and personalized. Please try out the new CityU Portal and, as always, Central IT welcomes any comment or suggestion you may have to improve our applications to serve the University better.

13


14

OCIO NEWSLETTER

FEATURE

Flipped Classroom at City University of Hong Kong Crusher Wong, Patrio Chiu, Angel Lu

What is Flipped Classroom? In a traditional classroom, students are taught passively in front of a chalkboard for an hour or more and then homework is assigned to students for application of the taught skills. Research has shown that students’ attention span usually lasts less than 15 minutes in such a submissive learning environment [1]. In addition, timely help may not always be available when students are working independently on their assignments. To reach a compromise between learning effectiveness and learning experience, teachers are recommended to keep students engaged and provide them with feedback promptly. Flipped classroom [2][3][4], which is any attempt to alter the order of teaching and learning activities in the traditional classroom approach, has become a popular pedagogical practice in recent years. Perhaps, the term “blendedlearning”, which is a simpler form of flipped classroom, may ring a bell. Blended learning [5] also permits learners certain autonomy over their learning time, place, path or pace as semi-learning processes are conducted online. Such re-arrangement of learning process and order aims at

improving learning effectiveness and efficiency with a closer monitor of study progress by offering extra pre-class studies in exchange of fewer after-class assignments.

Why Flipped Classroom? We all want to improve the quality of learning within certain restrictions in time and space. The good old “60-minute plus” lecture simply does not work for the current generation of university students. It is sensible to include formative assessment in class so as to maximize students’ engagement. Simultaneously, moving the lecture outside the class can free class time. Students can then seek for vacant time to benefit themselves in active problem solving as a group or individually with immediate support from the teachers and tutors. Among students with flipped classroom experience, roughly half of them agreed or strongly agreed that their learning had been enhanced and they felt more engaged in class, according to e-Learning Survey for Students 2014 [6]. In the teacher’s version of the same survey [7], twothirds of the staff respondents revealed their adoption of flipped classroom in their courses.

Among this population, 68% concurred with the improvement in student engagement while 44% acknowledged the reusing of learning materials at ease. In a nutshell, flipped classroom enriched students’ learning experience by improving the quality of class hours without taking extra time from students and teachers.

How does CityU support Flipped Classroom? CityU has been dedicated to providing the best learning environment with the following provisions:

Learning Management Systems LMS, from WebCT, Blackboard to Canvas, helps transcend the barriers of traditional classrooms. From distributing pre-class learning materials, conducting in-class activities, to reviewing learning process, everything can be initiated from the LMS automatically without the need to request. The teaching and learning process is streamlined by utilizing available built-in tools and third party apps. Further information can be retrieved from Instructure Canvas – CityU’s new LMS. • Get to know Canvas http://vimeo.com/35336470 • Canvas Interface Overview http://vimeo.com/69658933


Issue 18 • January 2015

Echo360 Thanks to its rapid development, Echo360 evolves from a lecture capture tool to a full-fledged e-learning solution suite. Mini video lectures, student presentations, livecast, video file import, and much more can be facilitated by any Echo360 software installed computers in the designated venues. Read more about new pedagogies supported by Echo360 at http:// go.cityu.hk/echo360.

DEC Labs and GE Labs DEC Labs and GE Labs are designed from the ground up with the aim of supporting group work and handson activities, which are essential in a flipped classroom. Furniture was installed with flexibility in GE Lab Room 1 (P4801) to allow easy group interaction and space reallocation. While in GE Lab Room 2 (P4907), a 60-inch touch screen monitor, as well as the sophisticated Echo360 Capture System, is equipped to offer a splendid presentation experience to lecturers and students. Furthermore, students can take a hands-on approach on the latest technology, such as 3D Printers, 3D Scanner, Scanning Electron Microscope etc. More information on the GE lab can be found at http://www.cityu.edu.hk/ edge/ge/lab.htm.

support of campus-wide Wi-Fi since 1997 to promote a bringyour-own-device culture. With mobile learning apps introduced in 2011, lecturers and students have attained effortless access to Wi-Fi and BYOD enabled classroom assessment, information search, field study with geographic positioning and a collection of learning artifacts with their smart devices and computers. For all kinds of Wi-Fi services provided by the Computing Services Centre on campus, in Hong Kong and at other partner institutions around the world, please visit http://go.cityu.hk/wifi

according to the real time feedback is a key component of a flipped classroom. By adopting short URLs (Uniform Resource Locator) and QR (Quick Response) codes, students are able to launch an exercise promptly on their mobile devices. A short URL simplifies a traditional long URL to a less trivial address for easy web navigation while a QR code simply eliminates the need to type in any URLs by scanning the embedded URL in a QR code to start their web-surfing. The Short URL service of CityU is available at http://go.cityu.hk for all users while the CityU QR Code generator is coming out soon.

Qualtrics

CityU Google Apps

Provided that there is sufficient authentic input from students’ feedback, classroom assessment is always an effective way to evaluate students’ comprehension and induce students’ curiosity. Qualtrics supplements LMSs, which are designed mostly for summative online quizzes, by allowing lightning feedback collection from students without authentication. One can find out more about Qualtrics at http:// www.qualtrics.com/university/

Google apps have been popular cloud based services. CityU Google Apps help to tighten security by providing a dedicated Google Apps domain with branding. Integration with LMS also enables co-creation of documents for learning activities.

Wi-Fi & BYOD for Mobile Learning

QR Code / Short URL

CityU has had a long history in

Adjustments on in-class activities

Virtual Classroom Tools Web conferencing system was adopted to conduct classes online for courses with specific needs. When Echo360 Listcast supports a limited one-way learning experience, the conference feature with Canvas satisfies the need of

15


16

OCIO NEWSLETTER

TEACHING & LERNING ACTIVITIES a virtual classroom system by providing a full set of tools to create an interactive online learning environment with multi-media communication tools. Find out more at http:// vimeo.com/79260576

FACILITIES USED

Pre-class Self-learning LMS

In-class Exercises

How May You Start Running Flipped Classroom? This table attempts to help you flip your classes by identifying the teaching and learning activities.

• Distribute key reading materials • Search the web for video contents and provide access to students

Echo360

• Record your own mini-lecture video and release to students via LMS

LMS Online Quizzes Qualtrics QR Code / Short URL

• Ask students to bring their mobile devices with browser, LMS apps and QR code scanner installed • Conduct classroom assessments to collect immediate feedback from students via LMS or QR code • Adjust the progress of class based on feedback collected • Include summative assessments to keep students engaged

DEC Labs GE Labs CityU Google Apps LMS Assignment Tool LMS Peer Assessment

• Facilitate discussions and group work • Ask students to complete mini-group projects and present their results • Recommend students to record their findings by co-editing a Google document • Collect mini project artifacts and report via LMS • Supervise students to peer evaluation

Office365 Application Suite Office365 (O365) SharePoint Online provides Facebook-like newsfeed to communicate in social network style. Instead of an official e-learning platform like Blackboard or Canvas, it allows students to take the lead for their learning activities without instructors’ supervision. Such practice helps develop students as self-directed life-long learners. Currently, all students have O365 accounts and all staff will enjoy the same service soon. Apps such as Yammer and Lync online will also be made available in 2015. Please visit http://www.slideshare. net/Microsofteduk/o365education-e-book-final-version for an overview.

POSSIBLE ACTION(S) BY COURSE INSTRUCTORS

Tool

Echo360

• Capture class activities for reference

Echo360

• Recommend students to review class capture or mini-lecture videos

LMS Mobile App Echo360 Video Booths

• Assign study projects to individuals or groups • Request students to collect artifacts and store on LMS • Recommend the use of mobile apps for field studies • Request students to record their presentation at video booth in Library or GE Lab • Enable peer assessments

Synchronous Virtual Classes

Virtual Classroom

• Introduce virtual meetings with students to supplement physical meetings • Enable guess lectures without the need of traveling

Social Learning Community Building

O365 SharePoint

Post-class Assignments

Tools Echo360 Livecast

Online Facebook WhatsApp

• Encourage students to build their own learning community • Allow self-directed learning


Issue 18 • January 2015

Showcase of Successful Flipped Classroom Pedagogies With high success rate and encouraging results across different departments adopting flipped classroom on our campus, the learning and teaching process has been made more fruitful and meaningful. Professor Douglas R. Vogel (retired Chair Professor of Information Systems) has been actively employing flipped classroom to foster effective student learning by time-shifting student presentations. Professor Lilian Virjmoed (two-time winner of the Teaching Excellence Award) formerly with the Department of Biology and Chemistry (BCH) has utilized mobile devices in her courses to facilitate classroom assessments and field studies. Students with “outstanding” grades in Commercial Law courses have increased after Dr. Avnita Lakhani’s integration of flipped classroom since 2012. Through the perspectives of Professor Jane Prophet from the School of Creative Media, flipped classroom is an indispensable pedagogical practice to engage students’ view as extra effort can be spent on discussions and applying the knowledge in tutorials. Alternatively, more

collaboration and classroom interactions have been achieved with flipped classroom in Dr. Bin Li’s (Department of Linguistics and Translation) courses. Dr. Terence Cheung from the Department of Information Systems, Dr. Ray C.C. Cheung from the Department of Electronic Engineering and Dr. Sylvia Kwok Lai Yuk-ching from the Department of Applied Social Studies strongly adhere to learning and collaborating around the clock without geographical boundaries. Details of their successful implementation of flipped classroom can be referred to in previous issues of the OCIO Newsletter at http://issuu.com/ cityuhkocio.

17


18

OCIO NEWSLETTER

FEATURE

Knowledge Management @ CityU References [1] Khan, S. (October 2, 2013). Why Long Lectures Are Ineffective. In Time. Retrieved August 4, 2014, from http://ideas. time.com/2012/10/02/whylectures-are-ineffective/. [2] 7 Things You Should Know About Flipped Classrooms. In Educause. Retrieved August 4, 2014, from http:// www.educause.edu/library/ resources/7-things-youshould-know-about-flippedclassrooms. [3] Flipped Classroom - The Flipped Classroom Infograhic. In Knewton. Retrieved August 4, 2014, from http:// www.knewton.com/flippedclassroom/. [4] Flipped teaching. In Wikipedia. Retrieved August 4, 2014, from http://en.wikipedia.org/wiki/ Flip_teaching. [5] Blended learning. In Wikipedia. Retrieved August 20, 2014, from http://en.wikipedia.org/ wiki/Blended_learning. [6] Results of e-Learning Survey for Students 2014 at City University of Hong Kong. Retrieved August 4, 2014, from http://go.cityu.hk/q0ncwm. [7] Results of e-Learning Survey for Teachers 2014 at City University of Hong Kong. Retrieved August 22, 2014, from http://go.cityu.hk/yjmpyl.

Office of the CIO Thomas Davenport, a pioneer in knowledge management (KM), defines it simply as “the process of capturing, distributing, and effectively using knowledge.” At CityU, knowledge management is encompassed in the University’s Paperless Office Strategy, which defines an overall architecture and a set of technology platforms to share knowledge online and reduce paper consumption. For a university, KM means providing effective means to capture, organize and share knowledge, such as university or departmental best practices, guidelines, and procedures as well as policies, and standards. Central IT categorizes knowledge into 3 different tiers, depending on how dynamic or ephemeral the knowledge is, and provide appropriate set of technologies to support KM activities: • Archival Knowledge – the least dynamic of the 3 categories, representing permanent historical records. This includes personnel records and personnel decisions, financial records, research outputs, etc. At CityU, we use EMC Documentum as our Enterprise Content Management (ECM) system to archive and manage knowledge contents in a secured environment. Currently, close to 2 million pages have been archived into our ECM. In addition, the University Library maintains an Institutional Repository (IR) as an archive of our intellectual outputs, such as thesis, papers, and reports.

• Operational Knowledge – this represents knowledge sharing and knowledge management to support daily operational needs. For example, KM portals to collect and share administrative policies, guidelines, and practices as well as documents, papers, and minutes, etc. These knowledge portals can be at the department, school, college, or institutional level. For day-to-day, knowledge management needs, CityU has an Intranet Portal for institutional-wide knowledge sharing. The CityU Portal provides single sign-on to all our enterprise applications. In addition, the University provides departments with Microsoft SharePoint sites as departmental KM portals. Most of the University’s various committees also have SharePoint sites for knowledge management and paperless meetings. For simple departmental sharing of documents, the University provides Office 365 SharePoint Online. • Dynamic Knowledge – this represents knowledge sharing that is highly transient and dynamic, such as knowledge sharing within a course or team. This type of interaction is best done using social media. At


Issue 18 • January 2015

CityU, our teachers and students share dynamic knowledge through social media capabilities found in our learning management system (LMS) as well as through University-provided Google+ or Office 365 Team Site, which provide a Facebook-like interface.

Technology Platforms Based on the previous classification and depending on the nature of the data, content, information, or knowledge being shared, different technology platforms will be leveraged to balance cost versus functionality and security needs. The following diagram highlights some of the platforms CityU uses at the institutional level to satisfy these different needs. In addition, CityU provides technology platforms to various departments and individual for information or knowledge sharing needs, such as paperless meetings and departmental KM portals for academic departments and administrative units, or team-project knowledge-sharing/collaboration and document sharing for staffs/ students.

Overcoming Information Silos

KM in Central IT

CityU overcomes information silos between various departments and units by providing them with a standardized departmental KM portal for KM activities, i.e. Microsoft SharePoint. Central IT provides individual SharePoint KM portal to each school, college, department, and administrative unit, so that staffs within each of the dept/units can share documents, practices, procedures, guidelines, policies, etc. internally within the dept/unit. In addition, various committees within the University each gets a SharePoint portal as well. Since the platform is standardized, staff with membership in multiple SharePoint sites can easily find documents across sites through the built-in search engine. Because of the search capability across SharePoint sites (provided user has access privilege) even though knowledge is organized according to organizational structure and committees, they are not separate “silos.” CityU has been using MS SharePoint as its standard departmental KM portal platform since 2008.

For Central IT, besides the standard Sharepoint KM portals, we have other systems to support the specific needs of managing our IT best practices and knowledge sharing. Firstly, our Paperless Office service, which is the overarching project for KM, has been ISO 27001 certified since early 2013, and we are in the process of getting it ISO 20000 certified as well. Consequently, our best practices, guidelines, procedures, and policies relating to IT security and service management for paperless office service are comprehensive, welldocumented and shared within our KM portal. In addition, our IT security practices are implemented as use cases in our SIEM (built using HP ArcSight ESM) which was first deployed in 2011, with subsequent yearly enhancements to expand its scope. Our service management best practices and operational knowledge are coded into our IT Service Management (ITSM) system and shared. The ITSM provides a convenient means to capture, store, and access knowledge to enhance our user services, i.e. supports a KM cycle.

19


20

OCIO NEWSLETTER

BRIEF UPDATES

Wow! Free Wifi!? (A Fictional Story) Andy Chun

control of it. They saw everything Mike did online and showed him some fake pages as well. The hackers quickly collected all Mike’s logins and passwords to the online accounts that he accessed. In addition, the computer terminal that Mike used to check his emails was previously hacked by the same couple earlier and had a malware installed. Each and every key stroke that Mike typed were logged and sent back to the hackers.

Creative commons photo via Flickr user Bernt Rostad

Summer is here and many students, faculty and staff would be going on vacations and trips. What’s more exciting than to find free wifi in a foreign country, or is it? Here is a fictional story of what might unfortunately happen. “Mike is a student at CityU and loves travelling. Being a Generation Z person, Mike loves to use social media to share photos and statuses. This year Mike decided to travel to Eastern Europe before his final year in the coming 2014/2015 semester. Mike knows from his CS-major friends that there are many hackers throughout Europe, so he is particularly careful within using free wifi while travelling. Today Mike is in Moscow, Russia to see the famous and the Red Square. After taking loads of amazing photos, Mike was very eager to share them on facebook. It was his lucky day; Mike saw a Starbucks nearby. He was not sure if this Starbucks offered free wifi but was hopeful. Eagerly,

he checked the list of network names. Sure enough, there was a “free Starbucks wifi” network! Since this is a famous brand, he was confident that the wifi was safe. He immediately connected to the network and logged into his facebook account. After sharing his photos and chatting with friends on facebook, WhatsApp, and other social media accounts, Mike decided to use the free computer terminals at the coffee shop to check his Gmail and CityU email on a larger screen. Little did Mike know, but a young couple sitting in a dark corner of the cafe were actually hackers. They were watching his every move and grinning and laughing all the way, because they were also watching each and every one of his online activities. The network Mike logged into was not really from Starbucks. It was set up by the two hackers to impersonate a free wifi from Starbucks. This particular Starbucks actually did not offer any free wifi in the first place! Once Mike connected to the fake free wifi, the hackers injected a malware to his smartphone and took

Upon returned home, to Mike’s surprise and shock, he found that payments worth tens of thousands were credited to his paypal account. Unfortunate for Mike, he used the same passwords for most of his online accounts, including paypal and CityU accounts. His trip to Europe turned out to cost Mike a lot more than he expected. Sadly for Mike’s friends, they had been receiving fake mails in Mike’s name that contained viruses and malwares. Also sadly for CityU, since the hackers had Mike’s CityU password, they were able to breach our systems and opened up channels for future advanced targeted attacks.

Here are some hints to help you safeguard yourself: • Turn Off Auto-Connect to Wifi! Some smartphones or tablets automatically connect to a wifi hotspot if you have connected to one with the same name before. Unfortunately, hotspot names can be faked. Make sure you turn off this automatic feature when travelling.


Issue 18 • January 2015

• Use HTTPS and Private Browsing! Make sure you use HTTPS and activate private browsing mode instead of HTTP when using the web. HTTPS encrypts your connection, while HTTP sends plain text that any hacker can see. In private browsing mode, your browsing history and data are cleared when you close the browser. • Use Two-Factor Authentication! Some software, such as Gmail, provides free two-factor authentication. What that means is that besides your password, it will require another means to authenticate

you, such as a SMS message to your phone. Even if hackers get hold of your password, they will not be able to access your account; unless they also stole and hacked your phone . • Confirm the Network Name! When using free wifi, make sure the name of the network is the real one. Just because a network is called “free Starbuck wifi” does not necessarily mean it is real. Names can be faked.

BRIEF UPDATES

New e-Learning Webpage on MOOC E-Learning Team (OCIO)

To assist our colleagues in creating MOOC courses, the e-Learning Team (OCIO) created a new webpage with links to lots of useful online resource information from what is MOOC to best practice in creating a MOOC course. The webpage is located here: http://www.cityu.edu.hk/elearn/mooc.html Colleagues interested in offering a MOOC course should contact Dr. Crusher Wong (OCIO), head of the e-Learning Team.

• Do Not Use the Same Password on Multiple Sites! This is obvious. If one of your accounts is hacked, then all your other accounts on other systems will be vulnerable. • Do Not Use Share Profile Between Sites! Some sites allow you to set up an account using another site’s authentication. For example, you can set up an Instagram account using your profile from facebook. This increases your vulnerability, because if any of those sites get hacked, all your other accounts will be vulnerable as well.

21


22

OCIO NEWSLETTER

BRIEF UPDATES

CityU Supports HK Government’s Wifi Initiative S K Tsui Background To advance Hong Kong’s position as a highly connected city in the world by stimulating the development of public Wi-Fi service in Hong Kong, the Office of the Government Chief Information Officer (OGCIO) of the Government of the Hong Kong Special Administrative Region has officially launched the Common Wi-Fi Brand “Wi-Fi.HK” in August 2014. City University of Homg Kong (CityU) has joined the scheme in December 2014 and the network ID (SSID) “Wi-Fi.HK via CityU” is available at the following locations to allow free Wi-Fi access for visitors inside the CityU campus. Use Instruction 1. Visit a venue that has joined the “Wi-Fi.HK” scheme. 2. Check that the device you are using is Wi-Fi enabled. Turn on Wi-Fi function, select the Network ID (SSID) with “Wi-Fi.HK” at the beginning, and then click “Connect”. 3. Open your web browser, read and accept the “Terms & Conditions and Disclaimers” displayed. 4. Start free surfing. You may visit the web site http:// www.wi-fi.hk for more information and search for the participating organizations and hotspots available in Hong Kong.

Best practice of Using Wi-Fi Service Once your Wi-Fi device has connected to any wireless network, you are exposing yourself to potential attacks. Therefore, network security and data protection is extremely

important, especially when you are using public wireless hotspots. You may want to visit the Infosec web site of the Hong Kong Government (http://www.infosec. gov.hk/english/yourself/wireless. html) for tips on using the wireless network.

The Podium (4/F), AC1 學術樓 (一), 4樓

The Podium (4/F), Academic 1 Lecturer Theatre 1 - 18 Lecture Theatre 401

演講廳 LT1 – LT18

4/F AC1 學術樓(一), 4樓

演講廳 LT401

4/F Amenities Building 康樂樓, 4樓

Chinese Garden, University Circle

中式花園, 城大廣場

City Express, City Chinese Restaurant, and City Top

城大食坊, 城大中菜廳, 城 峰閣

3/F AC2 學術樓(二), 3樓

AC2 Canteen Store #1

Covered Terrace, 3/F Cheng Yick Chi Building Covered Terrace, 鄭翼之樓3樓

Store #2

3/F AC3 學術樓(三), 3樓

多媒體會議廳

4/F Cheng Yick Chi Building 鄭翼之樓, 4樓

多用途活動室

4/F Amenities Building 康樂樓, 4樓

Delifrance

Multi-media Conference Room Multi-Purpose Rooms

5/F, 8/F, 9/F Amenities Building

Multifunction Hall 1, 2 and 學生宿舍多用途禮堂及 3, and common rooms at 各大堂地下活動室 the ground floor of each Student Residence’s Hall


Issue 18 • January 2015

STATISTICS AT A GLANCE

Help Desk Monthly Statistics Call Support September to December 2014

Total calls Helped on Phone

Problem Type Distribution September to December 2014 Problem Type

Total calls

23


24

OCIO NEWSLETTER

GLOSSARY

IT Security from Wikipedia Andy Chun (ed.) Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system. Analysis of the source code history of Bash shows the vulnerabilities had existed since approximately 1992. The first bug causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environment variables. Within days of the publication of this, intense scrutiny of the underlying design flaws discovered a variety of related vulnerabilities. Attackers exploited Shellshock within hours of the initial disclosure by creating botnets on compromised computers to perform distributed denial-of-service attacks and vulnerability scanning. Millions of attacks and probes related to the bug were recorded by security companies in the days following the disclosure. The bug could potentially be used to compromise millions of servers and other systems, and it has been compared to the Heartbleed bug in its severity.

POODLE, attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-themiddle exploit which takes advantage of a clients’ fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed it in September 2014. To mitigate POODLE attack, one way is to completely disable SSL 3.0 on the client side and the server side. Google is planning to remove support of SSL 3.0 from their products completely, and Mozilla will also disable SSL 3.0 in Firefox 34. Microsoft has published the security advisory to explain how to disable SSL 3.0 in Internet Explorer and Windows OS. This article uses material from Wikipedia. The Author(s) and Editor(s) listed with this article may have significantly modified the content derived from Wikipedia with original content or with content drawn from other sources. The current version of the cited Wikipedia article may differ from the version that existed on the date of access. Text in this article available under the Creative Commons Attribution/Share-Alike License.

Editorial Box OCIO Newsletter Advisory Board Dr. Andy Chun (OCIO) Ms. Annie Ip (OCIO) Mrs. W K Yu (ESU) Mr. Raymond Poon (CSC) Mr. Peter Mok (CSC) Ms. Maria Chin (CSC) Publishing Team Ms. Noel Laam (CSC) Ms. Annie Yu (CSC) Ms. Joyce Lam (CSC) Mr. Ng Kar Leong (CSC) Ms. Kitty Wong (ESU) Ms. Doris Au (OCIO) For Enquiry Phone 3442 6284 Fax 3442 0366 Email csc@cityu.edu.hk OCIO Newsletter Online http://issuu.com/cityuhkocio


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.