OCIONEWSLETTER Issue 20 • JUL 2015
SPOTLIGHT
INDEX SPOTLIGHT
4
CityU Receives Triple Gold Awards for Web Accessibility
WSP Case Study – Visa Application for Non-local Students
6
New Feature on Confidential Email for Office 365
John Hui
8
Paperless Meeting
9
WSP Case Study – Research Grant Spending
10
Campus Network Upgrade 20142017
13
E-Learning Championship Series (5)
1
WSP Case Study – Visa Application for Non-local Students
FEATURE
BRIEF UPDATES 3
IT Strategic Plan 2010-2015 – A Final Report
12
CityU Receives ISO/IEC 200001:2011 and Upgrades to ISO/IEC 27001:2013 for Its IT Infrastructure to Support Paperless Office Service
22
Yammer @ CityU
IT SECURITY AWARENESS SERIES BY JUCC 18
Social Media Security – Best Practices for General User
FYI 15
Ransomware
16
Tips on Using Mobile Devices
STATISTICS AT A GLANCE 23
Central IT Fast Facts (2014-2015)
GLOSSARY CORNER 24
Freak
The Work Simplification Programme (WSP) is headed by the Office of the Vice-President (Administration) with the aim of rationalizing and simplifying administrative work through streamlining policies and procedures as well as leveraging automation and workflows. This “WSP Case Study” series showcases some of the successful WSP projects that the Central IT participated in. With internationalization high on the University’s strategic agenda, the Global Services Office (GSO) is an outreach arm to help globalize, raise CityU’s profile and enhance its image both in the mainland China and internationally. Amidst the myriad responsibilities of the GSO, be it the development of academic, student exchange programs or hosting and sponsoring multicultural events, its major mission is to recruit top-quality non-local students and integrate them into the CityU community.
Business Case During the academic year 2014-15, the GSO acted as the central coordinating unit to provide visa application services for over 4,000 non-local students who are in degree or short-term study programs at CityU. Most importantly, this figure will only increase year by year and the office is desperately seeking for ways to improve efficiency, save costs, reduce paper as well as manpower. Lining up partnership with the Enterprise Solutions Office (ESU) to provide better and more efficient services to students, staff, alumni and the administration, the GSO impressively reduced redundant workflows through work simplification. In this issue, we will delve into the idea of WSP, its implementation in the GSO and how success came about with the support from the ESU.
2
OCIO NEWSLETTER
specifications through visualizing the future system so that problems can be excluded in the preliminary stage. A stitch in time saves nine.
Work Simplification The periods between June to August and November to December every year are peak seasons of processing visa applications at the GSO, as the office is bombarded with tons of paperwork and thousands of applications from non-local students. To make the situation more challenging, all application processes are manual, from checking the integrity of application data, visa forms, and administrative fee to the mailing of the applicant’s visa. This means the GSO has to consume large amount of manpower, huge amount of labor costs from student helpers and overtime work as well as countless trees. The GSO was inspired by the previous successes of WSP. Enthusiastic about the change, the ESU offered to help the GSO to simplify their application process.
Benefits “It is amazing that the small fixes by WSP can result in so many positive effects in time, money and colleagues’ life,” applauded by the GSO team, Rita, Pancy, Joanne, and Agnes (from left to right).
WSP - Start Small Win Big WSP was first introduced in 2014 by Mr. Sunny Lee, VP (Administration), in response to the demand for efficiency and effectiveness in the campus. WSP does not aim to provide a one-off solution or computerize labor-intensive tasks directly, but rather is a review and streamlining of business flow so that relatively limited investments can bring along significant improvements. The Central IT provides necessary IT support when needed. Compared to the traditional re-engineering of workflows which normally takes months or even years, WSP emphasizes work simplification by eliminating or reducing manual intensive workflows and utilizing existing resources to automate the simplified workflows. Such pragmatic and gradual approaches ensure that WSP, from initiation to deployment, can normally be finished within a few months. Technology should be the last step that comes into the picture as stakeholders themselves are accountable for self-assessing and re-designing their business flow in order to realize and reap the benefits from WSP. The deployment of IT solutions for automating simplified workflows is further sped up by introducing product prototyping at an early stage, where both parties can thoroughly understand each other’s demands and
The WSP work in the GSO included transforming the hard-copy Request for Visa Sponsorship and Student’s Agreement into one online form, which allows instant checking and validation of input data before submitting by the students, as well as eliminates manual data input by GSO staff. Besides, the migration from an Exceloriented workflow to online collaboration supported by the existing technology was a successful showcase of how small investment solved immediate needs with significant improvement. Computerization was just part of the story to smooth the business process, and it is the strong needs and management empowerment of the GSO that relieve themselves from the traditional laborintensive workflows. Ms. Pancy Lo and Ms. Rita Chan, GSO administrators, commented, “Through a carefully designed role-based access control, the system is built on a robust and secured platform to leverage synergy among different personnel in the office.” With work simplification, the new collaborative approach in the GSO provides new convenience, i.e. instant search and retrieval of students’ visa information, and halting queueing time to access essential files simultaneously. The GSO can now provide timely feedback to non-local students within a blink of a button click. “Communication, mutual understanding and cooperation were the keys for GSO’s success in WSP. We were prepared for a change because we had nothing to lose. Now, WSP gave us a good start of improving our workflows!” remarked Ms. Lo.
Issue 20 • July 2015
The whole deployment of WSP in the GSO took less than two months. With small input from technology, WSP successfully reduced manual workflows by: simplifying the workflow of collecting students’ fees with the University’s Finance Office, communicating thoroughly with the Immigration Department to collect visa labels with minimized queueing time and saving tremendous man-hours from the overtime-staff and student helpers during the application stage.
Win-Win Situation The prompt response and positive support from the management and working level is another key factor for the GSO’s triumph. With the determination and devotion of the GSO’s management and working level, they did an in-depth analysis of its business process. The GSO identified their pain points and key tasks needed for optimization before looking for IT resolution for automating their simplified business workflows. Through the hard work and dedication of GSO colleagues and the help from the ESU, the GSO is a committed follower of the University’s transformation to work simplification and a supporter of the University’s sustainability. The GSO will continue its efforts to strengthen and expand institutional relationships in order to contribute to the international academic community, broaden students’ international perspectives and enrich the living and learning environment at CityU.
More about WSP To date, there are 14 successful cases of WSP deployment over the last nine months with various participating units of the University. They include the Finance Office, the Human Resources Office, the Office of the Chief Information Officer and the Campus Development and Facilities Office, and details of the WSP projects can be viewed from the VPAD’s website: http://www.cityu.edu. hk/vpad/wsp/stafflan/wsprojects.htm. Together, they have achieved greater efficiency through identifying ways to streamline some cross-functional administrative processes. To learn more about the best practice and the successful deployment of WSP in CityU, don’t miss the upcoming WSP seminar to be organized by the VPAD office in August/September 2015.
BRIEF UPDATES
IT Strategic Plan 2010-2015 – A Final Report Office of the Chief Information Officer Over the past 5 years, the Central IT has been following the strategic goals outlined in the Information Technology Strategic Plan 2010 – 2015, which was formulated to align ICT activities to the University Strategic Plan 2010 – 2015 as well as the Discoveryenriched Curriculum (DEC). Since the IT Strategic Plan has now come to an end, the Central IT created a Final
Report to document the major tasks performed by the 3 Central IT units, namely the Office of the Chief Information Officer (OCIO), the Computing Services Centre (CSC) and the Enterprise Solutions Office (ESU). The full Final Report can be accessed here: http://issuu.com/cityuhkocio/docs/ it_strategic_plan_final_report
3
4
OCIO NEWSLETTER
FEATURE
CityU Receives Triple Gold Awards for Web Accessibility Web Technology team, Office of the Chief Information Officer
The Web is becoming more and more important in our everyday life. It provides the most convenient way to access to information around the world, 24 hours a day. For website owners, making their information available to and usable by all people, regardless of their ability, is essential. An accessible website enables equal access and equal opportunity to people with disabilities, helping them to participate in society more actively.
accessibility requirements in their 199 websites and 45 mobile apps. City University of Hong Kong is delighted to receive two “Triple Gold Award” in the website stream for our continuous efforts in adopting web accessibility Gold Award for three consecutive years from 2013. We also received two “Gold Award” in the mobile apps stream.
The third Web Accessibility Recognition Scheme Awards Presentation Ceremony [1], jointly organized by the Office of the Government Chief Information Officer (OGCIO) & the Equal Opportunities Commission (EOC), was held on 13 April 2015. This year, a total of 146 organisations were applauded at the ceremony for achieving the prescribed
As an education institution, accessibility is very important to us. It is our corporate social responsibility commitment. We want to make sure all staff and students, regardless of ability or disability, have equal access to information and knowledge. Web accessibility also helps boost our search rankings in search engines and project a positive corporate image.
CityU has been a strong advocate for web accessibility for many years. In fact, compliance to Web accessibility standards has been an official University policy since 2012 [2]. All University websites must include reasonable efforts to conform to the W3C Web Content Accessibility
CityU’s Commitment to Web Accessibility
Dr. Andy Chun (left), CityU’s Chief Information Officer, received the Triple Gold Award on behalf of the University, from Ms. Susie HO, JP (right), Hong Kong Government’s Permanent Secretary for Commerce and Economic Development Bureau (Communications & Technology).
Issue 20 • July 2015
Guidelines (WCAG) 2.0 standard (ISO/IEC 40500:2012), Level AA conformance [3].
missed by the untrained eye. Here we list some common issues:
How People with Disabilities Use the Web People with disabilities use the Web in different ways. Some will configure the software and operating system to suit their needs, while others use assistive software or devices that can reduce or remove the barriers they encountered. Here are some examples: • Visual disabilities include low vision, blindness, and color blindness. They may adjust the browser, operating system, or use a screen magnifier for enlarged text and images. Some require text in high color contrast. Some use a screen reader or a braille terminal to translate the textual content into speech or braille. Some listen to audio descriptions of video content. • Auditory disabilities range from mild or moderate hearing. They may need to read the transcripts and captions to understand the audio content. • Speech disabilities range from communication disorder to muteness. They may encounter barriers with voice-based services and phone support services. • Physical disabilities limit one’s physical functioning, mobility, dexterity or stamina. They may need full keyboard support for all functionality provided on a web page. Some need extra time to type, click, and interact, and have trouble clicking small areas.
How to Make Your Website More Accessible Most of the basics of accessibility are easy and inexpensive to implement, though they require careful observation and human judgement, and are easily
Text Contents • Provide accurate page title. Every web page should be given a title that accurately describes its content. This will help persons with disabilities to differentiate the web pages at a glance and in their browser history. Do not use the same title for every page of your website. • Provide descriptive link text. Every link text should be descriptive enough to be understood by the text alone, or by the link text and the context. Common examples of bad link text are “click here” and “more”. Links with the same destination should have the same link text. • Provide labels for inputs. Always use labels on form input elements. Besides, you may use placeholders to provide guidance about what you expect. • Ensure proper color contrast. The contrast ratio of text to background should be at least 4.5:1, and preferably 7:1. There are online color contrast checkers available on the web [4]. • Allow text resizing. Make sure that all text can be resized up to 200% without the loss of content or functionality. Always use relative measurements for font sizes.
Non-text Contents / Media • Provide meaningful text alternative. Screen readers will read the text alternative of the image. The text alternatives should be meaningful and suitably descriptive, instead of something like “image 1”. For purely decorative image, you should use a blank alt text. • Avoid images of text. Whenever possible, do not use images to display text. People who use screen magnification software may find it difficult to read an image of text where the text can become too pixelated after zoom. Plain text is always the optimal format for any piece of content. • Create accessible PDFs. Create and validate PDFs that meet accessibility standards. Software such as Adobe Acrobat has many features that allow structuring and tagging to be checked and adjusted within a PDF document [5]. • Provide captions for video and audio contents. In this way, they are accessible by persons with hearing impairments. • Provide transcript for video-only contents. Include an option to download a transcript of the video that visually impaired persons will be able to listen to using screen readers. • Avoid plugins like Flash or Silverlight. Web designers and developers should reconsider the need for using these objects in a website, which often frustrates people to navigate and access the information. If these objects are unavoidable, try to minimize their barriers. • Provide a way to stop moving objects. For contents that move or update automatically, there should be a way to stop the object from updating, blinking or scrolling.
5
6
OCIO NEWSLETTER
FEATURE Page Context • Specify the language(s) of the page. Make sure the primary language of a webpage is defined within the HTML code. • Provide a skip link that goes directly to the main content at the top of each webpage to skip the repetitive header and navigation blocks. • Maintain proper reading order. All headers, contents, form controls should be organized in logical order, from left-to-right, top-to-bottom. The HTML document should be readable and understandable without any CSS, and make use of semantic markups. • Ensure navigation consistency. The navigation system and links should be consistent across all web pages. • Ensure keyboard-only navigation. All content and functions should be accessible via a keyboard. Dialogue boxes, popups or other windows should be accessed and closed by keyboard alone. Avoid keyboard traps which set or reset the keyboard focus. • Ensure error-free coding. Pages should be validated through online HTML validator [6], CSS validator [7], and accessibility checkers [8]. This ensures the screen readers can accurately read the web page without problem.
Testing • Test early and often to identity problems in development phase. Check against color contrast since early designs, validate against HTML and CSS since mockups, and validate against accessibility checkers to make sure every part of website is accessible. • Manual testing with real tools from time to time, like the screen readers JAWS and VoiceOver. This is because the automatic checkers cannot identify every problem. There are false positives and missing cases, and
automatic tools do not cover many of the add-ons and media. • Human testing by real user whenever possible. Organisations like the Hong Kong Blind Union do provide this kind of testing service [9]. They can give you the most thorough check. If you find any aspect of University websites inaccessible or encounter any difficulty in use, please direct it to the OCIO (cio@cityu.edu.hk) for investigation and referral. References [1] Web Accessibility Recognition Scheme Awards Presentation Ceremony 2015 http://www.ogcio.gov.hk/en/ community/web_accessibility/ recognition_scheme/2015/ [2] CityU University-Wide Web Accessibility Policy http://wikisites.cityu.edu.hk/sites/ upolicies/wapolicy [3] W3C Web Content Accessibility Guidelines (WCAG) 2.0 http://www.w3.org/TR/WCAG20/ [4] WebAIM: Color Contrast Checker http://webaim.org/resources/ contrastchecker/ [5] Acrobat Help / Create and verify PDF accessibility https://helpx.adobe.com/acrobat/ using/create-verify-pdf-accessibility. html [6] W3C Markup Validation Service http://validator.w3.org/ [7] W3C CSS Validation Service http://jigsaw.w3.org/css-validator/ [8] Total Validator https://www.totalvalidator.com/ [9] Web Accessibility Services by the Hong Kong Blind Union http://wafa.hkbu.org.hk/
New Feature on Con Wilson Wong
To facilitate the sharing of confidential information via email amongst staff members, a new feature for sending/ receiving confidential email with Office 365 Email and Exchange Email is now released. This new feature employs Microsoft Azure Rights Management, a kind of Information Rights Management (IRM) solution, to protect sensitive information from unauthorized access. It allows information owners/publishers to distribute sensitive information to specific individuals in a controlled manner. When email or a document is protected by IRM, it becomes encrypted and a set of access/ usage restrictions may be applied to it. Typical restrictions include preventing recipients from forwarding the email, printing the document, or copying the text.
Microsoft Azure Rights Management (Azure RMS) Azure RMS uses encryption, identity, and authorization policies to protect email messages. Office documents, including Word, Excel and PowerPoint files, will be protected automatically by Azure RMS when they are attached to a protected email message. Once protected, users must be: • Authenticated. Every time the protected email message or the corresponding protected
Issue 20 • July 2015
nfidential Email for Office 365 attachments are being accessed, the Azure RMS will request users’ credentials. Users must be authenticated by signing in to Office 365 with their O365 accounts. • Authorized. After authentication, Azure RMS processes the document policy associated with the email (or the corresponding protected attachments) and then decides if the authenticated user should be granted permission to view, print or forward the email/ attachments. Users are also required to use supported email clients to open protected email messages. With un-supported email clients, a message looks like the following will be shown in the email content instead. Supported client tools are available across multiple devices—phones, tablets, PCs and Macs. The following table summarizes the
Device Operating System
Email Attachments protected with Azure RMS (Word, Excel, PowerPoint)
Windows
Outlook 2010/2013 Outlook Web App (OWA) via browsers such as Internet Explorer, Firefox, and Google Chrome
Office 2010/2013 Office Online via browsers such as Internet Explorer, Firefox and Google Chrome
Mac OS X
Outlook for Mac (Office Pro Plus) Outlook Web App (OWA) via browsers such as Safari, Firefox and Google Chrome
Office Online via browsers such as Safari, Firefox and Google Chrome
iOS
OWA for iOS
Not supported at the moment
Android
OWA for Android
Not supported at the moment
Windows Phone 8.1
Outlook Mobile
Not supported at the moment
platform and client tools that work with Azure RMS protected email. To share PDF and image files securely over email, Azure RMS provides a tool called “RMS Sharing Application”. With RMS Sharing Application, users may protect PDF and image files with Azure RMS by converting them into pfiles (protected files). Pfiles, such as PPDF (protected PDF), can be viewed with RMS Sharing
Application of various platforms (including Windows, Mac OS X, iOS, Android, and Windows Phone) by authorized users. With RMS Sharing Application, users may also protect Office documents in their Windows PCs from un-authorized access especially when the documents are copied to secondary storages, such as USB flash drive. In addition, users may set the expiry date on which protected contents cannot be accessed, and may request email alerts when someone tries to open the documents which are protected with RMS Sharing Application.
To Get Started Detailed information on using this new feature is available at http:// www.cityu.edu.hk/csc/deptweb/ support/faq/email/rms/index.htm, and colleagues may also contact CSC Help Desk for assistance.
7
8
OCIO NEWSLETTER
FEATURE
Paperless Meeting ML Lee
Have you hosted a committee/group meeting recently? When a meeting organizer or a secretary prepares for the meeting, he/she generally prints copies of documents such as agenda, presentations and reports for members who are going to attend the meeting. Sometimes, references to minutes and papers of previous meetings are required, and the preparation work and amount of papers used can be significant. Paperless meeting has emerged in the age of cloud computing as an efficient and cost effective way of work. There is no need to bring piles of papers to a meeting or to find the minutes of a previous meeting. Instead a notebook computer or a smart tablet with internet connection is all you need. Meeting documents stored on the cloud are easily accessible anytime, anywhere from any PCs and mobile devices connected to the internet. Not only does it bring work simplification and convenience, it also helps to improve the environment by having a smaller carbon footprint. You can make use of a team site in Microsoft Office 365 SharePoint Online to quickly create, organize and share information for your paperless meeting. The team site enables you to disseminate meeting agenda and documents to your members, maintain membership, send alerts to members upon new and revised content, and
archive content of past meetings. The site also includes other features like calendar, tasks and links, etc. For example, you can use the calendar to share events information like deadlines and duty visits, or use the tasks list to distribute tasks to members. Or perhaps you want to add links to help your team to connect to relevant web sites for quick reference. Security is always one of our top priorities. Besides setting the usual access permissions in the SharePoint Online, meeting contents of confidential nature can be further encrypted via Information Rights Management (IRM) to protect against unauthorized access. IRM protection gives you better control of how you distribute and manage your digital documents. IRM in SharePoint Online relies on the Azure Active Directory Rights Management service, which is an information protection technology in Office 365. Each rights-managed file contains an issuance license that imposes restrictions on who can view the file. When a person download a file from an IRM-protected document library, the file is encrypted so that only authorized person can view it. As the site owner or who have permission to enable IRM, you can make a file readonly, disable copying of text, prevent someone from saving a local copy, and disable printing of the file. Client programs that can read IRM-protected
files use the issuance license in the file to enforce the restriction even when the IRM-protected file is downloaded. To help colleagues to get started quickly in setting up a team site, the Computing Services Centre (CSC) has prepared a custom template for paperless meeting. When a team site is created using the template, it will look similar to the one above. You can always customize your site by adding new document library or changing the look and feel to fit your team requirement. To support work simplification and go green, the use of IT and less paper in our workplace is both desirable and a trend. In June 2015, the CSC has launched a new staff course – Paperless Meeting using SharePoint Online (for organizer). The course has already been run twice and the next class will be on 27 July 2015. If you are a staff member, please enroll via AIMS -> Staff Services -> Staff Development -> On-line Application for In-house Staff Development Courses. For further questions and comments on this new course, please feel free to contact the CSC General Office at 3442 6284 or send email to csc@cityu.edu.hk.
Issue 20 • July 2015
FEATURE
WSP Case Study – Research Grant Spending Andy Chun The Work Simplification Programme (WSP) is headed by the Office of the Vice-President (Administration) with the aim to rationalize and simplify administrative work through streamlining policies and procedures as well as leveraging automation and workflows. This “WSP Case Study” series showcases some of the WSP projects that the Central IT participated in.
Business Case Research is a very important aspect of what we do at CityU. At any one time, we may have hundreds of different on-going external/internal research projects. As one can imagine, managing the budget and spending for all these research projects can be challenging, particularly since different funding bodies may have different spending requirements and restrictions. This becomes challenging, not only for the project PIs, but also for our Finance Office (FO) and Research Office (RO), as well as internal funding bodies, such as the Office of the Provost (PRVT) and the Office of Education Development and Gateway Education (EDGE). As a result, each research-related purchase request may require the involvement of many people from different departments and units to ensure purchases strictly follow rules and guidelines from the various funding bodies and funding schemes. This is highly time-consuming, especially when there are changes and funding virements.
Work Simplification A WSP working group was established by the VPAD with representatives from academic departments, the FO, the RO, and the EDGE, and chaired by the CIO. After thorough discussion and brainstorming across units, several work simplification ideas were created for implementation. For example: • The FO will enrich its website, so that it will be easier for PIs to find information on procurement procedures and who in the FO to contact if they need help.
• The FO will also create a knowledge-sharing site, so that documents and information related to each research project are centralized and sharable among colleagues in different sections within the FO. • The Central IT will work with the FO to allow sharing of relevant financial data with the right internal funding units so that they can better assist PIs in procurement process. • The RO had compiled and provided the FO with a reference document listing project information and budget virement conditions to facilitate preliminary checking by different units in the FO to ascertain the need for budget transfers or further information to be sought from respective grant administrative units or even PIs concerned. • Should budget virement or further clarifications be required for research projects after making reference to the RO document, the FO can liaise with the EDGE or the RO first before deciding whether to contact the PIs concerned.
Benefits We believe the above will not only greatly simplify the steps needed to approve research-related purchases, but will reduce the need for PIs to be involved during virement of internal grants. Overall, this WSP project will improve productivity for PIs as well as administrative colleagues in the FO, the RO, the EDGE, and the PRVT.
9
10
OCIO NEWSLETTER
FEATURE
Campus Network Upgrade 2014-2017 C Y Kwok Existing Campus Network
Network Upgrades The campus network of CityU has undergone a number of major upgrades in the past. The most recent ones are: • From FDDI to ATM – 1997 • From ATM to Gigabit Ethernet – 2002 • From Gigabit Ethernet to 10 Gigabit Ethernet – 2007 Usually a major upgrade takes place every 5-6 years and it is mostly driven by the changes in user demand that only will be served by adopting the rapid advances in networking technologies and standards. Besides huge performance increase, a major upgrade helps overcome some limitations of the existing network and resolve some existing network problems. It also provides a good opportunity to replace those aging networking devices which are either end-of-sale or end-of-support with new ones which have better switching performance and new hardware and software features.
The Existing Campus Network The following diagram shows the topology of the existing campus network. The existing network design adopts a traditional 3-tier
hierarchical model comprising the core, distribution and access layers. It is a converged network using IP to transport data, video and voice concurrently on the same network media. Unlike most networks out there which have only one Layer-3 Core, the core layer of CityU has a Layer-2 Core in addition to the Layer-3 Core. The difference between the Layer-3 Core and the Layer-2 Core is that the former forwards data traffic between different broadcast domains (different IP subnets), while the latter forwards data traffic within the same broadcast domain (same IP subnet). Owing to space limitation, the University tends to allocate separate offices (either in different zones/ floors of the same building or in separate buildings) to a department; it is not always possible to connect all the computing devices of a department to the same distribution block through which they communicate with other computing
devices outside the department. The purpose of the Layer-2 Core is to link up the computing devices of a department connected to multiple distribution blocks. However, the introduction of the Layer-2 Core nevertheless reduces the stability of the campus network by increasing the possibility of creating network loops (main cause for broadcast storms). The Layer-2 Core consists of a pair of switches B1 and B2, whereas only the downlinks from B1 to the odd-numbered distribution switches D1, D3, etc. are active. The downlinks from B2 to the evennumbered distribution switches D2, D4, etc. are standby links which will not be activated unless either B1 or one of the odd-numbered distribution switches goes down. If all the downlinks of both B1 and B2 are active, it will create too many network loops between the Layer-2 core and the various distribution blocks, thereby resulting in a greater chance of causing broadcast storms.
Issue 20 • July 2015
Each access switch has dual uplinks to its upstream distribution switches. With the Flex Link feature enabled, one uplink is put into hot standby mode to prevent a network loop from being formed between the access switch and its upstream distribution switches. However, it renders half of the total capacity of the 2 uplinks not available for carrying data traffic under such limitation.
The following network diagram shows the Backbone Network after the Phase 1 Network Upgrade:
Along with the network upgrade, a pair of firewalls are installed for the security protections of the networks of some administrative departments.
CityU Campus Backbone Upgrade (campus network upgrade phase 1)
The New Network Upgrade A new upgrade of the campus network has just been started and it is divided into 3 phases: 1. Phase 1 (July 2014-June 2015): Replace/upgrade the network switches at the core and distribution layers (aka Backbone Network) 2. Phase 2 (July 2015-June 2016): Replace/upgrade 50% of the network switches at the access layer 3. Phase 3 (July 2016-June 2017): Replace/upgrade the remaining 50% of the network switches at the access layer There are 3 main reasons for dividing the network upgrade into 3 phases: 1. It is not possible to complete the whole network upgrade within 12 months due to limited manpower and difficulty in scheduling network downtimes for the installation work. 2. Access switches with NBase-T Ethernet interfaces are not yet available. NBase-T or Multigigabit Ethernet is required for connecting the upcoming IEEE 802.11ac Wave 2 wireless LAN access points to the fixed network. 3. It is not yet decided whether to use converged access switches for wired and wireless networks at the access layer. Converged access allows wireless data channels to be terminated on an access switch so that access policies and the same QoS can be applied to wireless connections as wired connections.
In the Phase 1 network upgrade the core and distribution switches are virtualized by using a technology called VSS (Virtual Switching System), with which a pair of physical switches can operate as a single logical virtual switch. Network loops are eliminated by using MEC (Multichassis EtherChannel), shown as yellow lines in the above network diagram, which allows multiple Ethernet interfaces of a VSS to form a logical Ethernet interface) as connection between the Layer-2 Core VSS and each distribution VSS. Since there are no significant benefits in converting the 2 Layer-3 Core switches into a VSS, the virtualization of the Layer-3 Core is deferred for further consideration. Currently the network connections between the Layer-3 Core and the distribution switches are loop-free because this part of the network is purely layer-3 (IP routing only, traffic loops are automatically prevented by the underlying routing protocol).
The firewalls are placed between the Layer-2 Core VSS and a new distribution VSS (A1 as shown in the above network diagram). This network design provides the flexibility to add or remove a department behind the firewalls by merely doing some software configuration changes. The Phase 1 network upgrade not only enhances the overall switching throughput of the backbone network, but also improves its resiliency, availability and stability. The new switches also come with many new features, some of which can be turned on whenever required. One key desirable networking technology as of today is SDN (Software Defined Networking), which has shown some successful implementations on the datacenter networks and wide area networks. However, there is still no mature SDN solution for the campus or enterprise networks. Phase 1 network upgrade looks for a SDN solution for the campus network, but unfortunately a production SDN release is not yet made available by the networking vendor.
11
12
OCIO NEWSLETTER
BRIEF UPDATES
CityU Receives ISO/IEC 20000-1:2011 and Upgrades to ISO/IEC 27001:2013 for Its IT Infrastructure to Support Paperless Office Service Office of the Chief Information Officer other services. The Paperless Office Service is a mission critical service currently used in the Human Resources Office (HRO), the Finance Office (FO) and the Council Secretariat (CUC).
The Office of CIO is pleased to announce that the IT infrastructure to support the University’s Paperless Office Service has successfully been awarded the ISO/IEC 200001:2011 certification for IT service management. At the same time, we also took the opportunity to upgrade to ISO/IEC 27001:2013 certification for information security management (from our previous ISO/IEC 27001:2005 certification two years ago). The certificates are accredited by the British Standards Institute (BSI), a highly respected world-renown thirdparty certification body. The IT infrastructure is operated as a joint effort from all units within the Central IT, i.e. the OCIO, the CSC and the ESU. It consists of a full range of IT services and components, including the support and operation of our core enterprise content management system; managed servers and data center services; network connectivity and operation services and numerous
The ISO/IEC 20000-1:2011 standard is an international service management system standard. By complying with this standard, our CityU users will benefit from consistent and well-managed user experience when requesting IT service from the Central IT. The certification of compliance with this standard recognizes that our IT infrastructure have demonstrated effective implementation of top management’s commitment, establishment of clear policy, documentation and
records management, sufficient planning and implementation, effective resource management, satisfactory continual improvement and efficient process control, measurement, and analysis. The ISO/IEC 27001 standard, on the other hand, is currently the only auditable international standard defining the requirements for an Information Security Management System. Our compliance to this standard means the University is wellprepared in handling information security related issues in a systematic and professional manner. Building on top of our
Dr. Andy Chun, CIO, (middle) and Mr. Raymond Poon, Director of CSC (third from right) receiving the ISO/IEC 20000-1:2011 and ISO/IEC 27001:2013 certificates from BSI’s Mr. Coleman Tse (BSI HK, Sales & Marketing Director) (third from left). Also attending are Mr. Ricky Ng (BSI HK, Business Development Manager) (second from left), Ms. Yuki Tam, IT Security Officer (left), Mr. John Hui, Director of ESU (second from right), and Ms. Pion Cheng, Senior ITO and Project Manager for the Paperless Office Service (right).
Issue 20 • July 2015
FEATURE successful track record of ISO 27001:2005 implementation which we got certified in 2013, the Office of the Chief Information Officer (OCIO) spearheaded the implementation of the latest and more rigorous information security management standard, ISO 27001:2013. The certification of this standard assures that our University information assets are secure and managed with international standards. It also demonstrates the ongoing commitment of the OCIO to global best practice for information security. City University of Hong Kong is currently the only local university that is able to achieve the required international standards in information security and service management for certification. Within the entire Asia Pacific region, we believe we are among the very few who are able to receive both certifications. Dr. Andy Chun, Chief Information Officer for CityU, received the ISO certificates from Mr. Coleman Tse (BSI HK, Sales & Marketing Director). Dr. Chun commented: “I would like to congratulate the various teams within the Central IT for their hard work, dedication, and commitment in providing the best service to the University. I know the efforts needed to be certified for compliance to international standards and best practices for both information security and IT service management was not easy. I would like to give a round of applause to our amazing IT colleagues.”
E-Learning Championship Series (5) Angel Lu, Crusher Wong
E-learning Championship has returned to the OCIO Newsletter to bring you the latest ideas of elearning in CityU’s campus. As usual, we are proud to invite members from different departments in the University to share their inspiration on how technology has been incorporated into the classroom for effective teaching and learning. In this issue, we would like to introduce two faculty members – Dr. Sun Hongyu from the Department of Systems Engineering and Engineering Management and Mr. Patterson, Benjamin David from the Division of Social Science to unveil their successful e-learning stories. Dr. Sun Hongyu deserves his fame as a pioneer since he is now carrying out three different innovative projects simultaneously. The first project expected to be on stage is an online guide for innovation and entrepreneurship(GIE), initiated by the Knowledge Transfer Office and collaborated with the Library and the Department of Systems Engineering and Engineering Management, to set up a one-stop hub of entrepreneurial information and to provide students with the sources of funding, training opportunities, and government resources. The hub aims at refining the vast knowledge on the Internet
to offer sorted and reviewed guides to highlight avoidable mistakes during building startups. Moreover, teachers will also benefit from the comprehensive cases of successful stories and failure experiences. MOOCs are the latest trend in education and numerous worldwide institutions are hosting their courses online allowing public access to courses freely. Therefore, Dr. Sun affirms that CityU is no way to lag behind the trend. As a pioneer trial, he does not only convert an existing GE2304 course into MOOCs, he also aims to draw up the best practice to train the tutors to carry out MOOCs. Although it takes tremendous effort to overcome the technological and pedagogical difficulties during the initial phase, the effort from Dr. Sun and his team will certainly pave the path of the future MOOCs in CityU. Another hatching project, a platform from Community of Practice for Discovery and Innovation (CoP & DI) supported by the University Grants Committee and CityU, intends to build a virtual community to facilitate knowledge and ideas sharing
13
14
OCIO NEWSLETTER
to convince students and colleagues to overcome the fear of change.
Dr. Sun and his team of power rangers to bring technology closer to teachers and students.
among any interested parties. It is more or less like a casual cafe in Silicon Village that gathers a gang of discipline gurus to exchange, catalyze and implement their craziest ideas. The platform hopefully will end the embarrassing day of lacking formal channels for innovators to discuss and collaborate on common interests. Therefore, such platform should be a long-awaiting place for entrepreneurs.
Piloting Canvas Being an early-adopter and trial tester of Canvas, the latest Learning Management System to replace the Blackboard in CityU, Mr. Benjamin David Patterson from the Division of Social Sciences of the Community College of City University requires not only courage but also skills
Mr. Patterson advocates the user-friendliness of Canvas that meets the learning needs of students.
Change is scary because of its unpredictability. Undoubtedly, the pilot Canvas scheme started out with objecting opinions among the teaching staff in the Division of Social Sciences. It is understandable that not everyone feels the necessity of changing to Canvas. However, it is the user-friendliness of Canvas that won the heart of Mr. Patterson and his team, who then have become the preachers to persuade and train his colleagues to switch to it. Not categorizing himself as a tech-whizz, he regarded intuition of technology as the first priority over other sophisticated functions because, at the end, it is the first-hand users to determine the usefulness of the technology. Almost everyone agrees to the switch to Canvas. In contrast, students’ reaction remained highly positive as technology is never scary to the younger generation. Much like how smartphones extend the workday by allowing professionals to send emails anytime, Canvas extends the school day for students who will happily leave multiple comments or review assignments after classes. Furthermore, the flexibility of Canvas allows Mr. Patterson to respond to the requests of students to use audio to comment on assignments well. Even though students from the Division of Social Sciences may
not all be receptive with flipped classroom teaching at this stage, such bilateral communication facilitated by Canvas outside the classroom provides an invaluable learning opportunity for students to revise and review their work, while teachers can keep track of students’ learning progress, responses and comments.
Forever Teachers There is no silver bullet in education. Technology advancement should not be viewed as a revolution but a way to support learning and teaching needs of teachers and students. Even though Dr. Sun and Mr. Patterson are devoting themselves to technology to supplement the teaching and learning process by various e-learning tools, they both agree that teachers are irreplaceable in a classroom setting. Teachers, whom the students trust, are the experts and guides for new learning resources. In short, teachers should stay open-minded in order to determine and evaluate the fittest e-learning tools and methods to stimulate and fulfill students’ learning interests and needs.
Issue 20 • July 2015
FYI
Ransomware Office of the Chief Information Officer
What is ransomware? Simply put, ransomware is just another malware. However, it is a special type of malware. Malware can be classified into different types, such as worm, virus, Trojan, and ransomware. The term “ransomware” caught people’s attention from around 2012 when several highly published ransomware attacks occurred. Most malware nowadays aims at making money. Some malware resides silently in your computers or mobile devices, and attempt to collect confidential information, such as credit card numbers with CCV, and credentials of your online accounts for email and online banking. Distinctively, ransomware tries to kidnap your data or devices and demand money for returning them. Some ransomware are also capable of locking your computers or mobile phones.
How can data be kidnapped!? Technology is always a double-edged sword. Usually, ransomware comes with a sophisticated encryption algorithm, which locks your devices or encrypts data on your computer systems. Encryption assured that data is only known to those that possess the corresponding decryption key. In other words, without the
decryption key, it is hardly possible to unlock the device or data hostage.
What will happen after data being kidnapped? Normally, you will receive a letter or message from the kidnapper, demanding you to deposit a certain amount into an offshore bank account, PayPal or through Bitcoins. Amounts vary from a few hundred US dollars to thousands. The amount demanded by the kidnapper in Sony Picture’s incident in 2014 was not publicly announced, but it was believed to be skyhigh.
Does paying the ransoms work? The answer is a big NO. Usually, the kidnappers either disappear or ask for more. Unfortunately, data or systems are actually gone after being kidnapped. Besides, making a payment also put your banking information at risk. Even though there are malware removers which can clean the ransomware from infected computer or mobile devices, it is hardly possible to decrypt the encrypted data. For devices, typically a factory reset is needed.
How to avoid from being the next victim? As stated in the very beginning, ransomware is just another malware; hence, all those means applicable in preventing malware infection also applies. Just to recall a few, the same old tactics are: • install and configure anti-virus software so that the virus definition files are current, routinely and automatically updated; • apply security patches, reboot regularly and after patched, and power off your computer when not in use; • do not open suspicious or phishing mail, and email attachments, and turn on “ready email in plain text” in Outlook and only selectively display email in html/rich text when required will be good practice; • apply web filters and refrain from browsing unknown websites. In particular, regular backup is of utmost importance, as this is the last resort for rescuing your data.
15
16
OCIO NEWSLETTER
FYI
Tips on Using Mobile Devices See also: • PCWorld (2014), How to rescue your PC from ransomware, retrieved from < http://www.pcworld.com/ article/2084002/how-to-rescueyour-pc-from-ransomware.html > • Microsoft, Ransomware, retrieved from < http://www.microsoft.com/ security/portal/mmpc/shared/ ransomware.aspx > • The hacker news (2014), Sony Pictures HACKED; StudioStaff Computers Seized by Hackers, retrieved from < http:// thehackernews.com/2014/11/SonyPictures-Hacked.html > • The Economist (2015), Ransomware – Your money your data, retrieve from < http://www.economist. com/news/international/21639521dick-turpin-rides-againas-digitalhighwayman-your-money-or-yourdata > • ZDNet (2014), 2015 security predictions: IoT attacks to join cloud breaches and ransomware, retrieved from < http://www. zdnet.com/article/2015-securitypredictions-iot-attacks-to-joincloud-breaches-and-ransomware/> • The Independent (2014), iPhone ‘ransomware’ hack: Apple owners faced with demands to hand over money to have phones unlocked, retrieved from < http://www. independent.co.uk/life-style/ gadgets-and-tech/iphoneowners-hit-by-ransomware-hackdemanding-money-for-theirphones-9440189.html > • And Google it < https://www. google.com.hk/?q=ransomware >
Kevin Chan
Smartphones and tablet computers are very popular nowadays. Their new uses and the replacement of tasks used to be performed in traditional personal computers will unavoidably involve personal and sensitive information. So it is crucial that the security concerns for protecting them are addressed. Here are some tips: 1. Do not jailbreak your mobile devices Jailbreaking is the process of removing the limitations on devices running the manufacturers’ standard operating systems through the use of software and/or hardware exploits. Jailbreaking permits root access to the device operating system hence allowing the download of additional applications, extensions, and themes that are unavailable through the official app stores. The major reason for jailbreaking is to expand the feature set limited by the manufacturers; nevertheless this also exposes your devices to hackers. 2. Enable the screen lock, with biometric-security (if available) or password As a first line of defense, the screen lock tries to avoid unauthorized access to your device when it is unattended or even stolen. Other screen lock mechanisms (e.g. unlock patterns, numbers only passcode) may have the same function but they are relatively easier to be infiltrated. Examples of screen locks are shown below:
3. Encrypt your device if there is such function When all the information is encrypted, the information is protected, even if the device is stolen.
Issue 20 • July 2015
4. Enable the remote locate, lock and wipe function When your device is misplaced or got stolen, you can try to locate it remotely, or lock the device from unauthorized access, or even wipe all the data as a last resort. iOS: How to wipe an iOS device remotely Android: Locate and wipe an Android device
7. Understand the permissions request before granting during an installation Don’t just keep pressing “OK” or “Accept” when installing an app. Pay attention to the permissions request (e.g. if the app has to access your phone book, camera, or internal storage), make sure you understand why the app has to access such information before accepting the request. 9. Reset your device and wipe all the data before you pass the device to someone else As there are many personal information in your device, you should wipe all the data and reset the device to the factory state before disposing of or reselling it.
5. Backup your device periodically Contacts, documents, photos and chat history... etc. can be backed up to a PC, removable storage card (if your device supports that), or in the cloud to avoid data loss. For iOS devices: How to back up and restore your content For Samsung devices: Using Kies for Samsung devices For Sony devices: Using PC Companion for Sony devices For LG devices: Using LG PC Suite for LG devices 6. Install apps from trusted sources only Before downloading an app, you should conduct some research. Check the reviews about the security of the app and check the official website from the app store link to make sure that the app is legitimate and safe to use.
8. Keep the OS of your handheld devices up-to-date By enabling the automatic update function of your device, the operating system software will be updated by the device manufacturer from time to time. An up-to-date OS is more resistance to security threats and vulnerabilities.
10. Beware of open WiFi networks When you connect to an open WiFi network, beware that all the information passing through this network is not secured. It can easily be captured by the other users sharing the same network. Only use it to access public information, and avoid logging in to services with your personal account.
17
18
OCIO NEWSLETTER
IT Security Awareness Series by JUCC With an aim to enhancing the IT security awareness of the CityU community, the Thales Transport and Security (Hong Kong) Ltd. was commissioned by the Joint Universities Computer Centre (JUCC) to prepare a series of articles on IT security and they will be adopted and published here for your reference.
Social Media Security – Best Practices for General User China has become by far the world’s most active socialmedia population, with 91% of respondents saying they visited a socialmedia site in the previous six months, compared with 30 percent in Japan, 67 percent in the United States, and 70 percent in South Korea (Mckinsey).1 Being part of the social media community has its benefits. Social media allows users to remain in contact with loved ones and friends who live far away. It is also a great tool for getting informed fast. Meeting people from all over the world and sharing opinions has never been so easy. The distance between people seems to be closer. For example, you can have net-friends who are living in United Kingdom, France or Australia; you do not need to visit them by traveling but just one click of their online profile and take responds.
Social Impact & Privacy Concern However, there is also a downside to social media. Many people have become addicted to their online lives. The lack of privacy that has evolved from this has also become a topic of concern. Things posted on social media can intrude privacy which should be a topic of concern.
For example, a simple birthday invitation becomes an online invitation where people can see how many friends are invited and who is going. The music a user listens to in Spotify is advertised by Spotify through social media to the user’s friends using the user’s name and profile picture. If a user “likes” a news article or a simple clothing offer, it can be potentially shown to the user’s friends. This is how social media is kept free - through advertisements. The more you share and “like”, the better will be for business because the social media companies have the intelligence to analyse or sell to third-parties. It is important for users to understand their privacy rights when using social media so as to decide how to protect personal and private information, and even opt out of certain social media offerings. Besides advertisement and privacy issues, there are reported incidents about kidnappings, robberies and identity theft cases which are made possible because of social media. The vulnerability and innocence of students have also been taken advantage such as students agreeing to meet with strangers over social media invitations. Cyberbullying using social media are also increasing - videos and obscene texts are posted online making fun of or
insulting victimised teenagers by other students. Users are therefore reminded to be careful and cautious of what to post and share over social media. It is also imperative to understand both the good guys and bad guys are using social media to browse people’s information. Governments and law enforcement may gather such intelligence for legitimate reasons such as fighting terrorism. If a social media company receives a court order to release information about a specific user, the company will be obligated to release such information. Criminals may create spear phishing email attacks based on the target’s profiles published on social media. Whether these social media browsing activities are for legitimate reasons or not, these could mean invasion of privacy.
The Whistle Blower The leaked out documents Edward Snowden, U.S. National Security Agency contractor, reviewed that U.S. Government is using social network data stores to go through people’s personal information. While this is used to gather intelligence about terrorists who pose threats to homeland security, it is also a huge violation of privacy.
Issue 20 • July 2015
Nowadays, smartphone is the most popular channel for people connecting with social media. The statistics from U.S. in March 2012 shows that Facebook was the most popular social media apps for people connecting with social media, with the average Facebook mobile user engaging for more than 7 hours via browser per month.
by means of tools that let people present themselves, communicate and interact. Examples: Facebook, Google+, LinkedIn, Twitter, Viadeo, etc.
FILE SHARING SITES These platforms let people share media in the form of photos, videos, presentations, etc. Examples: Dailymotion, FlickR, Picasa, SlideShare, YouTube, etc.
It has its own language and practices, such as retweets (RTs), Follow Fridays (#FFs), hash tags, live tweets, trends topics (TTs), etc. Twitter also enabled “interactive” TV. So reality TV enables their audience to send comments and opinions via Twitter and if it’s live, they commentators might respond to the messages. Likewise, there are online discussions on live sports, the news and other TV series.
BLOGS
It could be a concern for students and teenagers when using smartphone to engage into such kind of prolonged social media activities. Criminal can plan some forms of scam via this channel to gain trust with their targets in order to carry out nefarious activities to make profits and commit crimes. Parents should pay attention and teach their children how to protect themselves out of any possibly scam activities and able to discern the kind of behaviour that may violate privacy and laws by using social media.
What Exactly are Social Media? Social media can be defined as communication platforms with their own specific social practices and where content is generated by the public.
SOCIAL NETWORK Social Network were originally envisaged to create circles of friends and search for business partners, jobs, etc.
Blogs are a place for people to express themselves online. They are typically participative, allowing people to comment, react and engage in discussion. Articles are published and archived in reverse chronological order (the most recent post appears first) and allow all visitors to respond to the topic and the issues raised by posting comments, thereby creating a close relationship between author and readers. There are also forums, virtual universes, MMOs (massively multiplayer online games), blogs, wikis, livecasts and much more.
The Most Popular Social Media The following social media are now commonly used by people: Twitter has huge power in controversial issues. People talk live about current events and thus, just as news and opinions travel fast, rumors can also spread. Twitter has 500 million users. It lets you send brief messages called tweets, limited to 140 characters. Twitter is easy to use, which is partly why it’s so popular.
Facebook was founded on 4th February 2004 by Mark Zuckerberg together with his college classmates and Harvard University students.3 Facebook boasts almost 1 billion active users. One of its particular features is its extreme versatility. Users can choose a pseudonym, create an avatar and post text, links, photos, videos and much more. This information appears instantly and is universally visible. All your ‘friends’ can see what you publish, wherever they are. This is why we must only express your own opinions, and not those of the organization. LinkedIn is a social networking site for professionals and claims 150 million users. It describes itself as a knowledge network, designed to facilitate dialogue between professionals. For its members, it’s also a way to manage their online reputation and personal branding. LinkedIn works on the principle of connections (to contact another professional, you have to know them first, or one of your mutual
19
20
OCIO NEWSLETTER
connections must invite you) and networking, where users build a network of professional contacts. Weibo is the Chinese word for “microblog” which provides basic function like message, private message, comment and re-post were made possible in September 2009.4
resets. Hackers might be able to make educated guesses to bypass the security questions to reset accounts8. 2. If you receive a friend request from a person you do not know, do not accept it. If possible, confirm with the friend before adding to your friend’s list. Online fake account is easy to be created and pretended to gain information from your profile.
QQ5 is another popular social media in China. Same as Weibo, QQ provides news posting over their web sites in China, Hong Kong and Taiwan. QQ is also a kind of instant messenger software which can be used at both iOS and Android for messaging and voice transfer. QQ claims 674 million active users while Weibo claims over 200 million registered users in 2010.6
Proper Usage of Social Media Understanding the aforementioned risks of using social media, the following are recommendations and measures to better protect one’s privacy and about how to engage in proper usage of social media: 1. There have been reported incidents that social media sites were compromised leaking out user accounts and passwords7. So avoid setting the same password for social media sites and other important personal credentials such as online banking or email. Also, choose carefully the security questions and answers for password
4. Avoid giving permissions to unknown applications to track your geo-location, or collect your personal information such as contact list.
Be careful when handling friend request.
3. Hackers can create fake social media accounts to lure you be connected. Then they will display fake login page to capture your passwords or even pop up malicious advertisement boxes which can spread computer viruses9. To prevent this from happening, always be suspicious when social media such as Facebook asks to log in after you have already logged in. Always check the legitimacy of the web site by inspecting its URL and whether the web site is securely protected by “https” (hypertext Transfer Protocol Secure). To add on a layer of protection, you can configure some social media to send you an email every time someone logs into your account.
5. Restrict who can view your posting and photos by changing the privacy settings to “only friends” or other restricted groups only. For example in Facebook, through the Timeline Settings, modify your current profile to be viewed by the public or anyone else from your friend list.
To change who can see your tagged pictures and what can be posted in your timeline go to Timeline and Tagging settings and click “Edit”, modify the setting of authority to be tagged and pictures you posted will be allowed reading by your friends or open to the public. It is important you have all these privacy settings by default before you post any photo on top of your profile. In
Issue 20 • July 2015
addition, people can tag you at any of their pictures which is out of your control, better to have authority pre-set from your profile, you can choose either allow or not allow when someone tag you.
6. Posting any news and articles is another common practice for social media users. However, when you have received news from any source, try to validate the reliability and credibility of the news. Some countries have law enforcement about rumour spreading around the social media (not limited to Facebook) which may have impact to business or reputation of any targeted companies. By clarifying its credibility can protect you from being used by someone who would like to make use of this practice to gain benefits. ‘Do you want your information and messages to be read by your parents and children, also the children of your children forever? Think carefully before post anything onto the Internet.
Nowadays, social media has become part of our lives. The pervasive usage over smartphone will continue to increase our reliance on social
media, with more information to be posted and shared. While enjoying the fun and joy accessing social media, users are reminded to bear the sense of security when dealing with personal privacy and sensitive information.
Social Media and Your Career Employees have been fired after posting sensitive information or comments that can damage a company’s reputation in social networking sites. For example, in 2008 Virgin Atlantic fired thirteen cabin crew members after they criticised the airline’s safety standards and referred to passengers as “chavs” on Facebook. A new survey shows that 71% of Hong Kong hiring managers will check job candidates’ Facebook profiles.10 It is therefore important not to post company sensitive information on social media, and stay vigilant of what you will post and share.
References 1. “Insights & Publications” May 2012. Web. 15 Sept 2014 2. “Why smartphones are the future of social networking?” 8th MAY 2012. Web. 12 Sept 2014 3. “Wikpedia - About Facebook” Web. 12 Sept 2014 4. “Wikpedia – About Weibo” Web. 17 Sept. 2014
5. “Wikpedia – About QQ” Web. 17 Sept 2014 6. “Tencent Vs. Sina: A Look At Who’s Winning The Battle For China’s Tweets [Infographic]” 5 Aug 2011. Web. 17 Sept 2014 7. “Hackers steal usernames and passwords for TWO MILLION social accounts – and many of the log-ins were as easy as ‘123’” 5 Dec 2013. Web. 15 Sept 2014 8. “Apple admits guessed iCloud security questions WERE to blame for hacked naked celebrity pictures but insists users photos are safe and its systems have not been compromised” 2 Sept 2014. Web. 15 Sept. 2014 9. “Scammers Are Creating Fake Facebook Accounts Using The Names Of MH17 Victims” 21 Jul 2014. Web. 12 Sept 2014 10. “Use of Facebook May Affect Career Prospects” 24 Mar 2014. Web. 17 Sept 2014
Copyright Statement All material in this document is, unless otherwise stated, the property of the Joint Universities Computer Centre (“JUCC”). Copyright and other intellectual property laws protect these materials. Reproduction or retransmission of the materials, in whole or in part, in any manner, without the prior written consent of the copyright holder, is a violation of copyright law. A single copy of the materials available through this document may be made, solely for personal, non-commercial use. Individuals must preserve any copyright or other notices contained in or associated with them. Users may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the copyright holder of the materials. Contact information for requests for permission to reproduce or distribute materials available through this document are listed below: copyright@jucc.edu.hk Joint Universities Computer Centre Limited (JUCC) Room 223, Run Run Shaw Building c/o Computer Centre, The University of Hong Kong Pokfulam Road, Hong Kong
21
22
OCIO NEWSLETTER
BRIEF UPDATES
Yammer @ CityU Andy Chun
With the popularity of social networking sites like Facebook, Twitter, LinkedIn, etc. more and more enterprises are also leveraging similar social networking technology to help enhance and streamline communication within organizations. One very popular enterprise social software is Yammer, and it is now available in the CityU’s Microsoft Office 365 suite:
The way Yammer works is very similar to Facebook. You can enter status updates / posts and see others’ posts on your newsfeed. You can “Like”, “Reply”, “Share”, plus a whole bunch of other useful commands not found in Facebook. Yammer also provides tight integration with other Microsoft software such as email and the Office Suite, making it easier to share statuses and Microsoft Office files. You can also share PDFs, links, and videos. Yammer also has a “follow” feature that is similar to Twitter. Yammer, of course, works on mobile devices too. The other main difference between Yammer and other public social networks like Facebook or Twitter, is that CityU Yammer can only be accessed by people within the CityU community (i.e. with a CityU email address), so you don’t need to worry about your posts becoming public by accident. You can also create new groups and control who can be members. BTW, CityU currently maintains 2 different Office 365 tenants, one for students and one for staff. Consequently, there are 2 different Yammer instances. Messages posted by staff will not be visible to students, and vice versa. However, if you would like to interact with students using Yammer, you can activate and use your eid-f@staff.cityu. edu.hk on the student (@my.cityu.edu.hk) tenant. Using different accounts can helps you better manage your discussions in the two Yammer.
There are many potential uses of Yammer within a higher education setting. For example, a Yammer group can be created to facilitate collaborative teamwork for various different projects. This can be student projects, research projects, or University’s own projects within various academic/ administrative units. Yammer groups can also be created to facilitate sharing among special interest groups or student groups. Alternatively, Yammer groups may be created according to organizational structure. For example, there can be Yammer groups for individual colleges, schools, departments, or research groups. Groups may also be created for individual administrative units as well. Groups can of course be created across departmental boundaries to facilitate crossdisciplinary collaboration. Regardless of how you set up your Yammer group, they share the same benefits of eliminating communication silos, streamline document sharing, reducing email clutter, and making communication fun and timely. Many believe the use of social networking tools, like Yammer, enables better teamwork and are more effective at information sharing. For more information on Yammer, please visit the following links: More info on what Yammer does: https://about.yammer.com/
CityU’s Yammer site: https://www.yammer.com/um.cityu.edu.hk/
Enterprise social networking at MIT: http://www.slideshare.net/hatchsteph/enterprise-socialnetworking-at-mit-yammer
Taking education beyond the classroom with Yammer: http://www.vlerick.com/en/about-vlerick/news/takingeducation-beyond-the-classroom-with-yammer
Enhancing learning at Pepperdine University: https://about.yammer.com/customers/pepperdinebusiness-school/
Issue 20 • July 2015
STATISTICS AT A GLANCE
23
24
OCIO NEWSLETTER
GLOSSARY CORNER
IT Security from Wikipedia Andy Chun (ed.)
FREAK (“Factoring RSA Export Keys”) is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. cryptography export regulations. These involved limiting exportable software to use only public key pairs with RSA moduli of 512 bits or less, with the intention of allowing them to be broken easily by the NSA, but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources, using as little as $100 of cloud computing services. While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s. Vulnerable software and devices included Apple’s Safari web browser, the default browser in Google’s Android phone operating system, Microsoft’s Internet Explorer, and OpenSSL. Microsoft has also stated that all versions of Microsoft Windows are also affected. As of March 2015, vendors were in the process of releasing new software that would fix the flaw. On March 9, 2015, Apple released security updates for both iOS 8 and OS X operating systems which fixed this flaw. On March 10, 2015, Microsoft released a patch which fixed this vulnerability for all supported versions of Windows (Server 2003, Vista and later). Google Chrome 41 and Opera 28 has also mitigated against this flaw. Mozilla Firefox is not vulnerable against this flaw. This article uses material from Wikipedia. The Author(s) and Editor(s) listed with this article may have significantly modified the content derived from Wikipedia with original content or with content drawn from other sources. The current version of the cited Wikipedia article may differ from the version that existed on the date of access. Text in this article available under the Creative Commons Attribution/ShareAlike License.
Editorial Box OCIO Newsletter Advisory Board Dr. Andy Chun (OCIO) Ms. Annie Ip (OCIO) Mr. John Hui (ESU) Mr. Raymond Poon (CSC) Mr. Peter Mok (CSC) Ms. Maria Chin (CSC) Publishing Team Ms. Noel Laam (CSC) Ms. Annie Yu (CSC) Ms. Joyce Lam (CSC) Mr. Ng Kar Leong (CSC) Ms. Kitty Wong (ESU) Ms. Doris Au (OCIO) For Enquiry Phone 3442 6284 Fax 3442 0366 Email csc@cityu.edu.hk OCIO Newsletter Online http://issuu.com/cityuhkocio