Upload
city-university-of-hong-kong
View
218
Download
0
Tags:
Embed Size (px)
DESCRIPTION
July 2014 - The sixteenth issue of the OCIO Newsletter of the City University of Hong Kong.
Citation preview
Issue 16 • JUL 2014 SPOTLIGHT
TAG and MADG project sharing series (III):
DEC Technology Adoption Grants for Teaching Innovation Series Angel Lu
In part 3 of this series, we highlight two impressive
projects that received funding from the DEC
“Technology Adoption Grants for Teaching
Innovation” (TAG). The first project was led by Dr.
Sylvia Kwok Lai Yuk-ching from the Department
of Applied Social Studies (SS) called “Technology
Application in the Analysis of Group Dynamics and
Group Work Skills.” The second was led by Terence
C.H. Cheung from the Department of Information
Systems (IS) called “Using Mobile Technology
to Promote Intelligence, Social and Mobile
Learning.” These projects demonstrate the positive
influences brought about on students’ teaching
and learning via technology adoption.
Improving group dynamic and interaction via recording It is not a matter of what the gadgets are, but how
they are applied that brings out their effective
powers. Dr. Kwok transforms a video handset
into an efficacious reflection device to encourage
“Videotaping does help me and students provide more detailed and meaningful feedback,” Dr. Kwok noted appreciatively.
NEWSLETTEROCIO
student engagement. In a typical
practice session, students are
split into individual groups with
assigned roles, either as a social
worker or members. The role-
playing and group performances
are recorded via the video
handsets. Afterwards, the videos
will then be uploaded onto
Blackboard and reviewed by all
students. In class, iPads come in
handy to provide playback which
facilitates more meaningful and
detailed discussions among the
groups. As a result, not only does
the social worker in the group
benefit from a host of feedback
and suggestions aggregated from
Blackboard and other classmates,
but all the other members also
gain knowledge of commenting on
group dynamic and worker’s skills.
Practices make perfect, especially
in the area of social studies that
emphasize on group dynamic
and interaction. However, what
Dr. Kwok aims is further than
mere practice. During the course,
students are encouraged to
“Nowadays, I would like my students to stand up from the C-L-O-U-D (delivery of computing and content over network), as well as the crowds,” remarked Dr. Cheung.
carry out a real-life project with
positive themes. Those genuine
clients, including primary school
children, help create a vivid but
practical learning experience.
These valuable sessions are,
undoubtedly, recorded and shared
among all of the students. Thus,
the recordings are being turned
into a collaboration tool for the
mutual growth of students.
Collaboration on information sharing and e-portfolios Technology is always ever-
changing like the speed of a
lightning bolt while textbooks
usually fall behind the pace due to
their constraints. Dr. Cheung takes
a proactive approach to employ
new ideas from the project on
teaching. Rather than waiting
passively, students are motivated
to attend at least one industrial
seminar during his course to
obtain the latest information and
share immediately via Twitter. In
return, students from the class
of about 140 can acquire new
information and tweet what they
learnt from seminars promptly.
Students are responsible to
summarize and share their
information as a reflection report
on Blackboard. Hence, through
exchanging the most updated
industrial information, students
and speakers of the seminars,
instead of instructors, act as
their facilitators to construct
the knowledge collaboration
platform.
Pragmatism has always been the
core value of Dr. Cheung, as well
as a requirement for students
to follow. Dr. Cheung cultivates
his students to see beyond the
classroom. Therefore, another
indispensable component of
the project is to have students
INDEX
SPOTLIGHT
1 DEC Technology Adoption Grants for Teaching Innovation Series
FEATURE
3 CityU ITSM (ISO 20000) Project Update
7 Canvas Extended Pilot
9 IET/MATE Hong Kong Underwater Robot Challenge 2014
19 Security Information and Event Management (SIEM) Phase 3 Upgrade: More Than Just Service Monitoring
BRIEF UPDATES
12 Migration of Staff Email System from MS Exchange to MS Office 365 Exchange Online
16 A Quick Glance at Computer Courses that Keep Our Staff and Students Abreast of IT Knowledge
18 Prof. Cranor’s Security Blanket
FYI
11 Safe Mode in Android
IT SECURITY AWARENESS SERIES BY JUCC
14 Information Security Updates
STATISTICS AT A GLANCE
22 Central IT Fast Facts (2013-2014)
GLOSSARY CORNER
23 Heartbleed
24 Heartbleed explained by xkcd (comic)
OCIO NEWSLETTER2
take part in authentic projects offered by real
companies. Every mark is counted during these
projects to foster pragmatism. In reality, most
supervisors are reluctant to offer outstanding
appraisals to subordinates so it is challenging
for students to obtain their desired grades. The
intention of the project is to mold students’ attitude
and abilities for their future careers. Coincidentally,
companies can take the chance to overview and
select ideal candidates from the apprenticeships
which make one stone killing two birds in turn!
Competing for an internship is only part of the
beginning. One of the most significant features
of the project is the digital CV or Smart CV which
retains students’ academic footprint, as well as
competition results, intern and working experience,
exchange experience, community services, etc... In
addition, a one-minute self-introduction clip will
be logged into the system and open to the public.
Thanks to the widespread of Internet, students
enjoy an advantage of establishing their web
identities and enhance their online presences,
which become increasingly crucial in this IT-
era. Thus, potential employers will now have an
authentic source to identify their desired talents
while fresh graduates’ employability can also be
improved and targeted.
Students as their own facilitatorsEven though the two projects began with different
aims, they share the same joy of success of
encouraging active participation of students. Upon
receiving the splendid assessment scores from her
students, Dr. Kwok smiled proudly not because of
the magnitude of the scores, but the recognition
from the students. Her future goal will be spending
more time on commenting and modifying those
recordings so that more students can benefit
from the digitalized reflections. Dr. Cheung’s ideas
from the project, on the other hand, are adopted
as a compulsory subject in the Department of
Information Systems. He also hopes that in the
future there will be better social media functions
and features integrated to university platform so
that he wouldn’t have to keep multiple social media
accounts and record participations manually so as
to centralize student learning achievements and
grade student works conveniently. With the wise
application of technology, students no longer take
a passive role, but evolve as their own facilitators in
the process of effective learning and teaching.
FEATURE
CityU ITSM (ISO 20000) Project UpdateChadwick Leung
Project BackgroundIn 2012, Central IT initiated a self-improvement project
to implement an IT Service Management System (ITSMS)
and an Information Security Management System (ISMS)
following ISO/IEC 20000 and ISO/IEC 27001 respectively.
The Paperless Office Service was selected as the first
central service to follow these international standards
as it was the most significant mission critical enterprise
system under development at that time.
ISO/IEC 20000 is a set of governance structure and best
practices to ensure the quality of IT service management.
On the other hand, ISO/IEC 27001 defines how
information shall be protected. For more details about
the ISO 20000 and 27001 standards, readers may refer to
references material listed under “further readings” at the
end of this article.
The Paperless Office Service is CityU’s Enterprise
Content Management (ECM) system, providing
document archives, document management and
workflow services, within an environmental-friendly and
highly-secured platform. It is part of the University’s
sustainability and work simplification initiatives to reduce
paper consumption, improve security, and optimize
productivity. Major stakeholders and users of the
Paperless Office Service include:
• University Management, to provide vision and strategy
for the Paperless Office Service
• Central IT Management, to oversee project
development and ISO standardization;
• Enterprise Document Management Team (EDMT) within
our Enterprise Solutions Office (ESU), to implement and
maintain the core Paperless Office Service;
• Data Centre Services (DS) Team and Network Services
(NS) Team within our Computing Services Centre
(CSC), to provide critical service components, such
as networking, operating system and database
management, which are essential to the operation of
the Paperless Office Service;
Issue 16 • July 2014 3
• Information Security Unit (ISU) within the Office of the Chief Information Officer
(OCIO), to act as facilitator for the ISO project;
• Paperless Office Service’s major users are from our Human Resource Office (HRO)
and Financial Office (FO), who provide guidance on the direction of Paperless Office
Service, and provide feedbacks to the team.
Among these stakeholders, members of the ESU the EDMT, the DS and the NS teams of
the CSC are the major practitioners.
Implementation of ISO 20000The initial plan was to implement both ISO 20000 and 27001 standards at the same
time. However, after considering the magnitude of work and scale of transform/
change needed, the plan was revised to first start with ISO 27001 (security
management), and then continue with ISO 20000 (service management) after
completion of ISO 27001 implementation.
Through the hard and dedicated work by all the stakeholders, in May 2013, the
Paperless Office Service of the University was successfully assessed and accredited
with ISO/IEC 27001 certification by the British Standards Institute (BSI). After a few
months to solidify our ISMS best practice, the ISO/IEC 20000 project resumed in
October 2013.
This article shares our experience and describes the current progress of our ISO 20000
implementation, from planning, building, to execution.
Critical Success Factors for IT Service Management While improving overall IT service quality is our main objective, acquiring the ISO
20000 certificate serves as a very tangible goal for all the stakeholders to work towards.
Like any other modern organizational function, the right balance of People, Process
and Technology is critical in ensuring IT Service management excellence:
• People (Roles, Communications, Accountability, Skills, Training)
• Process (Management System, Policies, Standards, Workflows and Integration)
• Technology (Tools, Visibility, Measurement, Automation and Repository)
The following diagram illustrates the project activities within People, Process, and
Technology – the 3 keys to success:
Figure 1 Project Timeline
OCIO NEWSLETTER4
Prior to 2014
Document and Establish ITSMS Manual and Procedures In 2012, the scope of ISMS and ITSMS implementation within
the Paperless Office Service was defined, and the supporting
service components were identified. A gap analysis which
covers both ISMS and ITSMS maturity was conducted in July
2012 by an external consultant. Based on the result of gap
analysis, an improvement plan was prepared. The consultant
also provided a set of ITSMS manual and procedure templates
which we then customized to meet the particular needs and
environment of CityU.
ITSM Tool Selection and Setup of iET ITSM Central IT had been using the “iET Help Desk” platform in
handling work request for many years. To save cost and reduce
our learning curve, the “iET Service Desk” was also selected
to support the implementation and operation of various ISO
standard processes and record keeping. In addition, the “iET
Service Desk” is aligned with the Information Technology
Infrastructure Library (ITIL), a standard set of practice for IT
service management.
First and Second Quarters of 2014
iET ITSM Configuration and CustomizationLike any other ITSM platforms, the iET platform required
extensive customization and configuring to meet the specific
needs and requirements of CityU. For instance, before the
iET process flow engine can be used, and the roles, routes
and activities of various processes have to be custom defined
into the tool. Design efforts were made to enable a practical
mode of operation which efficiently meets the ISO 20000
requirements.
Implementing Processes
There are 13 processes defined in the ISO 20000 standard,
including Capacity Management, Change Management,
Configuration Management, Release and Deployment
Management, and Problem Management, just to name a few.
A process flow is a sequence of activities carried out by
different roles of people during various stages. Using the
Change management process as an example, we have
to firstly define the various flows for different situations,
such as Normal Change, Standard Change, and Emergency
Change. The figure below is the flow for Normal Change.
The design of these various process flows requires the
collective work by all affected stakeholders. Once the
processes and their related flows are defined, they are then
implemented within the iET ITSM platform.
CustomizationsDuring the design of process flows, the data involved in the
activities must also be identified, and iET ITSM forms have to be
customized for users to manage these data. For example, the
screen capture shows the look and feel of the customized iET
ITSM change request form.
Figure 2 Example of Change Management Flow
Figure 3 Change Management Form
Issue 16 • July 2014 5
Prepare iET ITSM User and Admin ManualDetailed “User and Admin Manual” was also
prepared to document the customization and
configuration done on iET ITSM, and to facilitate the
adoption of iET ITSM.
Second Gap AnalysisIn January 2014, after the implementation of
ISMS, another gap analysis was conducted and
the implementation plan was revised. The gap
analysis results showed that the maturity levels of
most areas were close to the initial targets, with
few targets already reached. Nevertheless, the
recommendations showed that there are still some
necessary enhancements, documents, change of
practices and improvements required in order to
meet the ISO 20000 requirements.
ITSMS OrientationIn March 2014, an orientation session was
conducted to update Central IT stakeholders about
the status and progresses of ITSMS implementation.
Findings and recommendations from the second
gap analysis, and some main features of the ITSM
tool were reviewed.
Third Quarter of 2014
ITSMS Awareness and iET ITSM User TrainingWe plan to organize ITSMS awareness trainings to
arise the stakeholders’ understanding on needs and
constitution of a reliable ITSMS and the rationale of
such a system. Trainings on the using of iET ITSM
will also be arranged to gear up practitioners with
techniques and knowledge essential for evolving
existing service delivery mechanism with new
processes and technology.
iET ITSM UAT and Trial Run To reduce the time needed by users to get familiar
with iET ITSM, it will be released to practitioners for
trial run. Users will gain hands-on experience with
the tool before involve in formal UAT and to allow
the ISO implementation team to have a deeper
understand on the acceptance level and address
any not yet considered issues.
Fourth Quarter of 2014
ITSM System Operation Commencement ITSMS operation will be formally commenced
when Process, People and Technology are ready.
Performance levels will be monitored through self-
assessment. Scoped services will be managed by
the developed ITSMS processes, and practitioners
will start to follow the established system and
procedures while using iET ITSM as an assistant tool.
We will need to continuously operate the ITSMS for
at least 3 months to accumulate enough records as
evidence before the ISO 20000 audit.
First Quarter of 2015ISO 20000 Internal Audit and External AuditInternal audit will be conducted to assess ITSMS
operation and to verify whether expected
results were achieved through the planned
and implemented improvement actions. Once
conformity to the standard is confirmed, BSI, as
Certification Body, will conduct a full audit to
verify compliance of our ITSMS against ISO 20000
requirements. External audit will be performed in
stages include pre-assessment, initial assessment
and final assessment.
Upon completion of external audit with satisfaction,
an ISO 20000 certificate will be issued to the
ITSMS as recognition to the efforts made by all
stakeholders.
Further Readings[1] BS ISO/IEC 20000-1:2011 – Information
Technology, Service management – Service
Management System – Requirements
[2] BS ISO/IEC 20000-2:2012 – Information
Technology, Service management – Service
Management System – Code of practices
[3] BS ISO/IEC 27001:2013 Information technology
- Security techniques - Information security
management systems - Requirements.
[4] The ITIL and ISO 20000 Support Portal, http://
www.15000.net/
[5] itSMF International, http://www.itsmfi.org/
[6] iET ITSM, http://www.iet-solutions.com/en/
products/iet-itsm/
OCIO NEWSLETTER6
City University of Hong Kong (CityU)
has a long history of Learning
Management System (LMS) adoption
since 1998. To provide faculties and
students with the best education
technology, enterprise level LMSs
are evaluated and compared on
regular basis. The evaluation exercise
in 2013[1] identified Canvas by
Instructure as the preferred LMS to
replace Blackboard as the unified LMS
for CityU[2]. With the endorsement
from the senior management, an
extended pilot of Canvas is being
coordinated for the 2014/2015
academic year.
FEATURE
Canvas Extended PilotCrusher Wong
The report of LMS Evaluation
2013 was presented to the
Information Strategy and
Governance Committee (ISGC)
with recommendations in February
2014. Members of the committee
acknowledged the advantages
of Canvas such as user-friendly
interface, integration with third
party web services and outcomes
assessment capabilities, but
concerns on speed and capacity
of Canvas to facilitate all users at
CityU as cloud service hosted in
the US were raised. In response to
these concerns, a modified load
test was performed using technology
provided by Keynote (http://www.
keynote.com/), a global leader in
Internet and mobile cloud testing &
monitoring. The test results showed
consistent and satisfactory average
response time[3] (see Figure 1) for a
user accessing Canvas in Hong Kong
which proved auto provisioning
technology could manage server-
side resources to cope with high
volume access to the system without
noticeable delay. After resolving the
technical concerns, the preparation
of the extended pilot has been back
on track.
Figure 1: Average Response Time (left-side scale) vs Concurrent Users (right-side scale)
Issue 16 • July 2014 7
Figure 2: Canvas Implementation Plan
To facilitate courses joining the pilot in Semester A,
official launch of Canvas is scheduled on 1 August
2014/15. When most of the faculties and students
are enjoying their summer holiday, colleagues in the
Central IT will be busy on final preparation of Canvas
- configuring dataflow from Banner (our Student
Information System), tuning the integration with major
e-learning services such as Turnitin, and migrating
contents from Blackboard for pilot courses. The workflow
is depicted in Figure 2.
At this point, 35 colleagues have pledged to join the pilot
individually and an academic unit has agreed to adopt
Canvas for all courses. If you have courses to teach at
CityU in the coming September, please visit our webpage
at http://go.cityu.hk/yo0bnt to learn more about Canvas
and how you may participate in the pilot. Eventually,
over 100 courses and thousands of students are expected
to participate in the pilot in Semester A 2014 which
will provide a good basis to confirm the advantages
of Canvas. Feedback will be gathered through online
surveys, focus group activities and interviews in
November 2014. If the collective user experience is
satisfactory, we shall seek endorsement from the senior
management to replace Blackboard by Canvas as the
unified LMS at CityU. At the same time, faculties will be
advised to adopt Canvas as much as possible in Semester
B 2014/15. In case of smooth running, over 1,000 courses
will be on Canvas in Semester B 2014/15 and all online
teaching and learning activities will be migrated from
Blackboard to Canvas starting Summer Term 2015.
Reference[1] Wong, C. (2013, October). LMS Evaluation 2013-2014. OCIO Newsletter [Issue
13]. Retrieved from http://issuu.com/cityuhkocio/docs/newsletter_issue_13
[2] Wong, C. (2014, April). LMS Evaluation 2013 Findings. OCIO Newsletter [Issue 15]. Retrieved from http://issuu.com/cityuhkocio/docs/newsletter_issue_15
[3] Viewing Load Test Summary Reports. Retrieved June 16, 2014, from http://www.keynote.com/support/tsp_help/testsummary.shtml#445253
OCIO NEWSLETTER8
BackgroundThe IET/MATE Hong Kong Underwater Robot Challenge 2014 was an annual event that encouraged students from Hong Kong and around the Asia-Pacific region to learn and apply science, technology, engineering, and mathematics skills as they developed the Remotely Operated Vehicles (ROVs) to complete missions that simulated real-world problems from the ocean workplace. ROVs are tethered underwater robots used in scientific research, ocean exploration, homeland security, offshore oil and gas industry, and other industries. 2014 marked the 9th time that Hong Kong has organized such an event.
The competition was held on 12 and 13 April 2014, jointly organized with the College of Science and Engineering of the City University of Hong Kong, and the Hong Kong University of Science and Technology.
The MissionThe theme for the 2014 competition season was “Exploring the Great Lakes: Shipwrecks, Sinkholes, and Conservation in the Thunder Bay National Marine Sanctuary.” This year’s contest highlighted the role of ROVs in (1) exploring, documenting and identifying an unknown shipwreck recently discovered in sanctuary waters;
FEATURE
IET/MATE Hong Kong Underwater Robot Challenge 2014 L F Yeung (EE)
(2) collecting microbial samples
and measuring the conductivity of
the groundwater emerging from
a sinkhole, and (3) removing trash
and debris from the shipwreck and
surrounding area.
The competition also inspired
students to think of themselves as
entrepreneurs and form companies
that design, manufacture, market,
and sell specialised products and
services for shipwreck assessment
and remediation. This required
them to solve problems in
innovative ways, think creatively,
work as part of a team, and
understand all aspects of business
operations—important skills
required in the 21st century that
will make them competitive in
today’s global workplace.
TrainingsIn order to get the teams fully
prepared, a series of workshops
had been held before the
competition. At the first workshop,
each school was given a kit and
shown how to build a simple
underwater robot. The second
workshop was held at the end
of January 2014 to introduce the
concepts of waterproofing and
using electronics underwater.
They were shown how to build
an underwater camera and
light, as well as how to control
the robot motors; again, they
could take away the finished
items. At the third and final
workshop, each school was given
a microcomputer project board
and shown how to program so as
to control the robot’s motors.
Robots from Ranger Group
Issue 16 • July 2014 9
The WinnersThe IET/MATE Hong Kong Underwater Robot Challenge
2014 was one of the 22 regional contests held around the
world and managed by the Marine Advanced Technology
Education (MATE) Center. The contest’s winning teams were
invited to compete in the 13th annual MATE’s international
ROV competition, which was held on 26-28 June 2014 at the
Thunder Bay National Marine Sanctuary facilities in Alpena,
Michigan, USA.
ParticipantsWith around 35 teams, Hong Kong Regional Contest was the
largest of the regional contests worldwide. Over 30 Hong Kong
and 7 overseas schools and universities were participating in
the competition. It was noteworthy that we had one team
who was visually impaired and had successfully completed the
mission.
SponsorsThe IET/MATE Hong Kong Underwater Robot Challenge 2014 was supported by local sponsors, including Hongkong Electric Company Limited, MTR Corporation, Hong Kong Internet Registration Corporation Limited, CLP Power Hong Kong Limited, Analogue Group of Companies, RS Components, ISF Academy and Oceanway Corporation. Local technology professionals volunteered as judges for the competition, evaluating the students’ ROVs, poster displays, and engineering presentations.
Further informationhttp://www.rovcontest.hk/
The following teams had registered for the competition:From Hong Kong• Buddhist Wong Fung Ling College• Chinese International School• CMA Secondary School• Ebenezer School• German Swiss International School• HKTA Yuen Yuen Institute No 2 Secondary School• Hong Kong International School• La Salle College• ISF Academy• King George V School• Kwok Tak Seng Catholic Secondary School • Po Leung Kuk Ngan Po Ling College• Renaissance College Hong Kong• Robotics Service Junior• St Paul’s Secondary School• Salesians of Don Bosco Ng Siu Mui Secondary School• Shau Kei Wan Government Secondary School• City University of Hong Kong• Hong Kong University of Science and Technology• Hong Kong Polytechnic University
From outside Hong Kong• Concordia International School – Shanghai, China• Macao Pui Ching Middle School, Macau• Singapore American School, Singapore• Sekolah Robot Indonesia, Indonesia • SMA Negeri 28 Jakarta, Indonesia• Nanjing Institute of Technology, China• Universiti Teknologi Malaysia, Malaysia• Zhejiang Ocean University, China
Robots from Ranger Group
An advanced robot from Explorer Group
OCIO NEWSLETTER10
AcknowledgementSpecial appreciation for
Professor Robert Li (College of Science and
Engineering, CityU),
Mr. Paul Hodgson (Oceanway Ltd. Co.),
Dr. Robin Bradbeer (IET),
and all the volunteers and supporters who
had contributed to the success of this event.
A robot from the Scout HK group
FYI
Safe Mode in AndroidFrankie Wong
Did you have apps crashing problem on your Android phone?
Sometimes, application’s error may cause your phone running
abnormally. Occasionally, you have to reset the system (restore to
factory setting) in order to return the phone to normal. However, this
causes your personal data being lost, if you have not made backup.
This is very annoying.
How to boot into Android Safe Mode
For Google Nexus series phone: Ensure your device’s screen is on
1. Press & hold the [Power] button.
2. Touch & hold the [Power off] option in the dialog box.
3. Touch [OK] in the following dialog to start safe mode.
Figure 1. Boot into Safe Mode
Issue 16 • July 2014 11
Depending on the brand and model of your Android phone, there are different ways to boot into safe mode. If you are using HTC, Motorola, Sony or Samsung Android phone, you may find the steps in the following link: https://support.norton.com/sp/en/us/home/current/solutions/ v59378086_EndUserProfile_en_usIf your phone model is not listed above, you may ask your salesperson, or search on the web.
Characteristics of Safe ModeYou may find the characteristics of Safe Mode below:
• No third-party apps are loaded when startup. Only the system apps can be loaded.
• “Safe Mode” label is shown at the bottom-left corner.
• After boot into the Safe Mode, you may uninstall mischievous apps, which cause crashing.
• Safe mode will not damage any apps and personal data.
In general, malware apps can be removed by uninstalling them. However, some malware apps cannot be uninstalled properly, as it runs at startup and cause the system crash.
To solve the above problem, we can boot into Safe Mode, and uninstall the mischievous apps. Thesteps are shown as follows:1. Boot into Safe Mode2. Settings -> Applications3. Select the apps you want to uninstall4. Touch [Uninstall]
If you want to understand more about mobile security, please refer to “Guideline of Mobile Security” provided by
HKCERT.
ReferenceBoot into Android Safe Modehttps://support.google.com/nexus/answer/2852139
Guideline of Mobile Security by HKCERThttps://www.hkcert.org/my_url/guideline/13022801
An advanced robot from Explorer Group
With the successful migration of the
University email systems for student and
alumni from the on- premises systems
to Microsoft Office 365 Exchange Online
(“O365”), Microsoft’s cloud solution for
educational institutions in early 2013, the
Information Strategy and Governance
Committee (ISGC) has endorsed the migration
of the University email system for staff from
the on-premises Microsoft Exchange system
(“Exchange”) to O365.
O365 feature highlights:
• 50 Gigabytes (GB) mailbox quota
• Access email, calendars and contacts from
anywhere with PC, Mac, and smartphone via
web browsers, email clients and apps
• Wipe data from mobile device to prevent
unauthorized access in case of loss
• Full O365 suite including MS SharePoint
Online, MS Lync Online, One Drive
• Find out more at http://office.microsoft.
com/en-001/business/what-is-office-365-
for-business-FX102997580.aspx
The migration of staff mailboxes from
Exchange to O365 will be scheduled
department by department starting from
August 2014. The Computing Services Centre
(CSC) will contact departments via their
Departmental Network Administrators (DNA)
to explain the migration steps and to agree
on a time for migration. Staff who will be out
of office on the day of migration can connect
their mobile devices and off campus PCs to
O365 first, then attend to their office PCs any
time after they are back in the office, i.e. there
is no rush to connect all PCs/devices to O365
in one go right after the migration.
Before the migration, staff should ensure
that their email clients and email apps
on their PCs and mobile device, e.g. MS
Outlook, iOS and Android are up-to-date;
BRIEF UPDATES
Migration of Staff Email System from MS Exchange to MS Office 365 Exchange OnlineMaria Chin
OCIO NEWSLETTER12
BRIEF UPDATES
Migration of Staff Email System from MS Exchange to MS Office 365 Exchange OnlineMaria Chin
otherwise, they may have problem connecting to O365
that runs on the latest version of MS Exchange. During the
migration period, it normally takes less than two hours, and the
Exchange mailboxes of the staff scheduled for migration will
be temporary inaccessible. After the migration, the staff must
reconfigure their email clients and email apps on their PCs and
mobile devices for connecting to O365. There is no change to
the staff email address on O365, i.e. valid email addresses are
[email protected], [email protected], [email protected].
hk, and [email protected]. Email sent to all of these
email addresses will be received in O365.
More information on the Exchange to O365 migration is
available at http://www.cityu.edu.hk/csc/deptweb/support/
faq/email/o365staff/o365.htm.
For staff who are still using the old JSMS staff email system
which are originally planned for migration to the on premises
Exchange, with O365 available now, their mailboxes will be
migrated to O365 direct. When all staff mailboxes on the on-
premises Exchange and JSMS are migrated to O365, Exchange
and JSMS will stop services and be shut down.
Sign-in page of Office 365
Issue 16 • July 2014 13
I. General Users
Case Study
Stanford University Laptop Theft Calls for Proper Data Backup in Enterprises
A laptop at Stanford University was
stolen in Jun 2008 that contained
over 72,000 pieces of personal data.
The authority has led a task force
to review the University’s policies
and procedures for data protection.
Thefts of data storage devices are not
exceptional. If the theft is taken place
in an enterprise, the loss on critical
data may create disastrous problems
in business operations. Therefore, it is
essential to adopt a proper and reliable
backup solution in enterprises.
Mobile devices, such as laptops, smart
phones are portable information
systems which are often used to store
confidential information, such as
contact list, passwords, and personal
data. While these devices provide a
means for convenient information
processing and communication, they
also pose a risk of data loss in the event
of theft or breaches. Below are some
good practice to reduce the risk of data
loss for your mobile devices.
Dos
• Use password management tool on
start-up of mobile devices.
• Keep your mobile devices in a secure
place, especially when not in use.
• Install antivirus software and a
personal firewall on your mobile
devices.
• Use encryption to lock sensitive data
on the mobile devices.
• Regularly back up data of mobile
devices (e.g. PDA) to a PC to prevent
damage from PDA-specific viruses
and worms.
• Remember to remove any memory
cards before returning a rented
mobile device.
Don’ts
• Don’t leave a mobile device
unattended, even for a moment.
• Don’t download or accept programs
and content from unknown or
untrusted sources.
• Don’t allow common wireless
connections from unknown or
untrusted sources on your device.
• Don’t accept unsolicited file transfers
from other devices via Bluetooth,
SMS, etc.
II. Management
10 Steps to Creating a Campus Security Master Plan
Incorporating construction plans,
ensuring equipment interoperability
and determining future security
personnel needs are just some of
the measures campuses should
incorporate to improve their overall
safety and security.
1. Assemble Your Committee - Build
momentum in the development
of a physical security program
is to create a physical security
committee, which consists of
members in strategic positions of
influence, such as administration, IT,
operations, safety, security, risk and
planning.
2. Determine What Must be
Protected - Understand what
concerns, risks or fears may exist
on campus and why. The responses
are often constructive and
enlightening.
3. Think About Your Long-term
Needs - The security master plan’s
development should also include
long-term system compatibility,
communication infrastructure,
product obsolescence and growing
demands on the security staff.
4. Find Out What Works, What Doesn’t
- The committee should survey
current operational risk mitigation
measures and determine their
effectiveness.
5. Incorporate Campus Construction
Plans - Understand how new
buildings, parking lots, garages,
walkways and other projects will
affect the current physical security
master plan.
6. Can Legacy and New Security
Technology Mix? - With the
convergence of new physical
security technologies, the
integration of existing security
hardware into new security
platforms can be a challenge.
7. Determine Security Personnel
Needs - Documenting
responsibility, service and
deliverables will assist in setting
the groundwork of the return on
investment (ROI) and temper the
overall approval process.
IT Security Awareness Series by JUCCWith an aim to enhancing the IT security awareness of the CityU community, the KPMG was commissioned by the Joint Universities Computer Centre (JUCC) to prepare a series of articles on IT security and they will be adopted and published here for your reference.
Information Security Updates
OCIO NEWSLETTER14
8. Upgrade Your Security Operations
Centre - The increase in response,
consistency and accuracy can
make the difference in a variety of
situations throughout the campus.
9. Don’t Forget About Your Infrastructures - Critical
infrastructures are areas within the
campus that rely on the continuous,
reliable operation of a complex set
of interdependent infrastructures:
electric power, gas, transportation,
water, communications and more.
10. Regularly Audit and Assess Your Plan - to validate the operation and
consistency of the security systems,
security processes and protection
of assets.
III. IT Professional
Best Practice for Firewall
Organizations should be as concerned
with the origins and kinds of Internet-
directed traffic as they are with
incoming requests. Below are some
good practice that organizations
can improve their risk profile by
implementing traffic filtering.
Limit the addresses allowed to send traffic to Internet destinations by configuring policies such as these:
• Only allow source addresses from
the IP network numbers you assign
to trusted segments behind your
firewall(s), including DMZ networks.
• Apply appropriate subnet masks to
trusted networks, i.e., masks that are
sufficiently long to identify only that
fragment of the IP network number
that you are using.
• Block broadcasts from traversing
the firewall’s interfaces. While most
broadcasts will not pass across LAN
segments, take measures to ensure
this is especially true for Internet-
bound packets - or packets destined
for any untrusted segment.
• Block outbound traffic from VLAN
workgroups or entire network
segments that have no business
establishing client connections to
Internet servers.
Limit the destination ports on Internet-directed traffic in the following ways:
• Allow outbound connections only
to those services your security and
acceptable use policies allow for
client hosts.
• If you operate an HTTP proxy, or a
proxy system that performs some
form of web URL or content filtering,
only allow outbound connections
through your firewall from the proxies.
• If you provide DNS internally, or use
a split DNS, use internal servers as
forwarders for your trusted network,
and only allow outbound DNS
requests from your DNS servers so
configured.
• Unless your firewall is participating
in routing, block routing protocols
at your firewall. This is important
for entities which use a firewall to
exchange and negotiate PPP over
Ethernet (PPPoE).
• Certain network and security vendors
use unique ports for proprietary (and
secure) management access. Permit
these ports only from hosts used by
the administrators of such equipment.
Copyright StatementAll material in this document is, unless otherwise stated, the property of the Joint Universities Computer Centre (“JUCC”). Copyright and other intellectual property laws protect these materials. Reproduction or retransmission of the materials, in whole or in part, in any manner, without the prior written consent of the copyright holder, is a violation of copyright law.
A single copy of the materials available through this document may be made, solely for personal, noncommercial use. Individuals must preserve any copyright or other notices contained in or associated with them. Users may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the copyright holder of the materials. Contact information for requests for permission to reproduce or distribute materials available through this document are listed below:
[email protected] Universities Computer Centre Limited (JUCC),Room 223, Run Run Shaw Building,c/o Computer Centre, The University of Hong Kong,Pokfulam Road, Hong Kong
Issue 16 • July 2014 15
In 2013-14, the CSC received more than 3,300 applications from students for 77 classes on 14 distinct computer
courses in its Student Computer Literacy Programme, covering Windows 8, computer security, Office 2013, Flash
CS6, Photoshop CS6 and others. The following table depicts the planned courses in Semester A, 2014-15.
Computer Courses in Student Computer Literacy Programme 2014-15
BRIEF UPDATES
A Quick Glance at Computer Courses that Keep Our Staff and Students Abreast of IT KnowledgeJoe Lee
Run Date Time Course
Internal 20-08-2014 (Wed) 10:00-13:00 Introduction to Photoshop CS6
Training 20-08-2014 (Wed) 14:00-17:00 MS Expression Web 4
319 21-08-2014 (Thu) 10:00-13:00 MS Expression Web 4
21-08-2014 (Thu) 14:00-17:00 Introduction to PowerPoint 2013
22-08-2014 (Fri) 10:00-13:00 Introduction to Word 2013
22-08-2014 (Fri) 14:00-17:00 Introduction to Access 2013
23-08-2014 (Sat) 10:00-13:00 Introduction to Flash CS6
23-08-2014 (Sat) 14:00-17:00 Introduction to Excel 2013
320 25-08-2014 (Mon) 10:00-13:00 Chinese Input Method - Chang Jie
25-08-2014 (Mon) 14:00-17:00 Introduction to Photoshop CS6
26-08-2014 (Tue) 10:00-13:00 Introduction to Windows 8
26-08-2014 (Tue) 14:00-17:00 Introduction to Excel 2013
27-08-2014 (Wed) 10:00-13:00 Introduction to Flash CS6
27-08-2014 (Wed) 14:00-17:00 How to secure your computer
28-08-2014 (Thu) 10:00-13:00 Introduction to Access 2013
28-08-2014 (Thu) 14:00-17:00 Advanced Word 2013
29-08-2014 (Fri) 10:00-13:00 Advanced PowerPoint 2013
29-08-2014 (Fri) 14:00-17:00 Advanced Excel 2013
30-08-2014 (Sat) 10:00-13:00 MS Expression Web 4
30-08-2014 (Sat) 14:00-17:00 Advanced to Photoshop CS6
OCIO NEWSLETTER16
Run Date Time Course
Internal 20-08-2014 (Wed) 10:00-13:00 Introduction to Photoshop CS6
Training 20-08-2014 (Wed) 14:00-17:00 MS Expression Web 4
319 21-08-2014 (Thu) 10:00-13:00 MS Expression Web 4
21-08-2014 (Thu) 14:00-17:00 Introduction to PowerPoint 2013
22-08-2014 (Fri) 10:00-13:00 Introduction to Word 2013
22-08-2014 (Fri) 14:00-17:00 Introduction to Access 2013
23-08-2014 (Sat) 10:00-13:00 Introduction to Flash CS6
23-08-2014 (Sat) 14:00-17:00 Introduction to Excel 2013
320 25-08-2014 (Mon) 10:00-13:00 Chinese Input Method - Chang Jie
25-08-2014 (Mon) 14:00-17:00 Introduction to Photoshop CS6
26-08-2014 (Tue) 10:00-13:00 Introduction to Windows 8
26-08-2014 (Tue) 14:00-17:00 Introduction to Excel 2013
27-08-2014 (Wed) 10:00-13:00 Introduction to Flash CS6
27-08-2014 (Wed) 14:00-17:00 How to secure your computer
28-08-2014 (Thu) 10:00-13:00 Introduction to Access 2013
28-08-2014 (Thu) 14:00-17:00 Advanced Word 2013
29-08-2014 (Fri) 10:00-13:00 Advanced PowerPoint 2013
29-08-2014 (Fri) 14:00-17:00 Advanced Excel 2013
30-08-2014 (Sat) 10:00-13:00 MS Expression Web 4
30-08-2014 (Sat) 14:00-17:00 Advanced to Photoshop CS6
Run Date Time Course
321 01-09-2014 (Mon) 19:00-22:00 Introduction to Excel 2013
02-09-2014 (Tue) 19:00-22:00 Introduction to Photoshop CS6
03-09-2014 (Wed) 19:00-22:00 Introduction to Word 2013
04-09-2014 (Thu) 19:00-22:00 Introduction to Windows 8
05-09-2014 (Fri) 19:00-22:00 MS Expression Web 4
06-09-2014 (Sat) 10:00-13:00 Introduction to PowerPoint 2013
06-09-2014 (Sat) 14:00-17:00 Chinese Input Method - Chang Jie
322 10-09-2014 (Wed) 19:00-22:00 How to secure your computer
11-09-2014 (Thu) 19:00-22:00 Advanced PowerPoint 2013
12-09-2014 (Fri) 19:00-22:00 Advanced to Photoshop CS6
13-09-2014 (Sat) 10:00-13:00 Advanced Excel 2013
13-09-2014 (Sat) 14:00-17:00 Advanced Word 2013
In 2013-14, the CSC received more than 700 applications from staff for 58 classes on 28 distinct computer courses
for staff development, covering Windows 8, Use of Mobile Devices, Computer Security, Office 2010, Illustrator CS6,
Dreamweaver CS6, SharePoint 2010 and others. The following table depicts the planned courses in Semester A, 2014-15.
Staff Computer Courses 2014-15
Date Time Course
04/09/14 & 11/09/14 09:30-17:15 Microsoft Access 2013 - Introduction
18/09/14 09:30-17:15 Adobe Dreamweaver CS6 - Introduction
25/09/14 & 3/10/14 09:30-17:15 Microsoft Access 2013 - Advanced
09/10/14 09:30-17:15 Adobe Dreamweaver CS6 - Advanced
16/10/14 09:30-17:15 Microsoft Outlook 2013 and Exchange
23/10/14 09:30-12:30 Effective Use of iPhone & iPad
23/10/14 14:15-17:15 Introduction to Windows 8.11
30/10/14 09:30-17:15 Getting Started with Power Query for Excel
06/11/14 09:30-17:15 Adobe Illustrator CS6 - Introduction
13/11/14 09:30-17:15 Adobe Acrobat
20/11/14 09:30-17:15 Adobe Illustrator CS6 - Advanced
27/11/14 09:30-17:15 Microsoft Word 2013 - Advanced
04/12/14 09:30-12:30 Introduction to Windows 8.11
04/12/14 14:15-17:15 Social Networks and Mobile Security
11/12/14 09:30-17:15 Microsoft Excel 2013 - Introduction
18/12/14 09:30-17:15 Microsoft Outlook 2013 and Exchange
23/12/14 09:30-17:15 Microsoft Excel 2013 - Advanced
30/12/14 09:30-17:15 Microsoft PowerPoint 2013 - Advanced
08/01/15 09:30-12:30 Effective use of Android Mobile & Tablet
08/01/15 14:15-17:15 Introduction to Windows 8.11
Issue 16 • July 2014 17
The above is an image of a quilt art work
(63.5”x39”) called “Security Blanket” created by
Prof. Lorrie Faith Cranor, Associate Professor at
CMU and Director of the CyLab Usable Privacy
and Security Laboratory (CUPS). The art work
was derived from her research on password
security. The quilt shows the top 1000 most
popular passwords out of the 32 million
passwords that were stolen from the RockYou
site by hackers and made public. Passwords
are like our “security blankets” unfortunately
Prof. Cranor found that most of them are not
BRIEF UPDATES
Prof. Cranor’s Security BlanketAndy Chun
really secure. Hope you do not see your
password in the quilt!
Prof. Cranor explains her work on the
“Security Blanket” in her blog: http://lorrie.
cranor.org/blog/2013/08/12/security-
blanket/
She also gave an interesting TED talk
recently titled “What’s wrong with your
pa$$w0rd?”:
http://www.ted.com/talks/lorrie_faith_
cranor_what_s_wrong_with_your_pa_w0rd
OCIO NEWSLETTER18
In 2011, CSC implemented and deployed HP’s
ArcSight Express solution (hereafter “Express
SIEM solution”) as CityU’s central Security
Information and Event Management (SIEM) system.
Subsequently, in 2013, the Express SIEM solution
was further enhanced with the ArcSight Logger
solution, allowing extended retention of access,
security and system logs.
Since then, several hundreds of our central servers
as well as network and security devices have
been feeding their access and security logs to this
Express SIEM solution. This represents a core service
that supports daily network and service operational
monitoring as well as forensic analysis of security
incident.
With the success of the Express SIEM deployment,
we decided to extend the benefits of the SIEM
solution by consolidating all central IT systems
with their system and security log files to the SIEM
platform. To enable this, we upgraded our SIEM
solution from Express to the ArcSight Enterprise
SIEM solution in early 2014.
For more information on the Express SIEM
implementation, please refer to our previous
articles in this OCIO Newsletter:
• Overview of Security Information and Event
Management (SIEM) Part 1 http://issuu.com/
cityuhkocio/docs/newsletter_issue_9
• Overview of Security Information and Event
Management (SIEM) Part 2 http://issuu.com/
cityuhkocio/docs/newsletter_issue_10
In this article, we will discuss the features that are
implemented during the 2014 Enterprise SIEM
upgrade project.
1. Enhancing overall event processing capacity As mentioned earlier, the major goal of the
SIEM upgrade is to support the processing of
events sent from all central IT services. Hence,
the new Enterprise SIEM solution must meet
the performance requirements of this task. The
following areas were enhanced during the SIEM
upgrade exercise.
a. Licensed event processing capacity (license limit) The licenced event processing capacity was
expanded from 1000 events per second (EPS) to
5000 EPS. This dramatic increase enables the new
SIEM solution to handle the increased event-
feeds from all central IT systems. In addition, the
total supported devices increased from 500 to
1500.
b. Upgrade the server hardware and storage capacity (hardware limit)
Different from the Express SIEM solution which
was prebuilt and ran in a relative low-end server
appliance, the new Enterprise SIEM solution
is software-based. This means systems can be
installed and deployed in any supported server
hardware platform and be scaled up according to
performance needs.
To maximize processing capacity, we deployed the
Enterprise SIEM systems as virtual machines (VMs)
supported by high-end servers with sufficient
storage capacities. This way, besides changes in
VM allocation, we still have expansion capability to
flexibly scale up the processing power of the SIEM
solution just by enhancing the server hardware
such as CPU, memory, storage, etc., or even adding
physical servers to the infrastructure that supports
the VM as needed to cater for future growth.
FEATURE
Security Information and Event Management (SIEM) Phase 3 Upgrade: More Than Just Service MonitoringAlex Lam
Issue 16 • July 2014 19
2. Enjoying the benefits of enterprise grade VM environmentOne of the major benefits of the
Enterprise SIEM solution is the support
of VM environment. By installing the
Enterprise SIEM solution within the
University’s standard VM infrastructure,
the new SIEM system can directly enjoy
all the benefits of our private cloud,
such as:
a. Dynamically scaling the performance and storage capacity of the SIEM systems as needed
b. Leverage existing VM backup and restore procedures
VM is well known in its support
of flexible and efficient backup
and restore. The SIEM systems
can immediately follow the well-
established procedures and use the
equipment currently deployed in the
VM infrastructure of the University
data center.
By adopting standard procedures and
using existing backup equipment,
SIEM operation is more cost effective
and lowers its total cost of ownership
(TCO).
c. Improving server redundancy under VM infrastructure
Although the SIEM system do not
support the automatic failover
to different ESX/I hosts, we can
still enjoy the manual VM image
migration feature which can restore/
recovery to different ESX/I host in
case there is any hardware failure
or handling problem during major
software changes. This provides a
“redundancy” solution to the SIEM
systems and is easy to draw its
disaster recovery plan (DRP).
3. Enhancing the protection and isolation of the raw system and security event resourcesThe Enterprise SIEM solution provides
granular role and user rights assignment
in the access of authorized events and
security log. This has the following
benefits:
• As sensitive information are stored
within our logs, this security feature
enhances the protection and isolation
of the raw system and security logs,
allowing us to follow the “need-to-
know” principle of security protection
requirement in assigning access
privileges.
• The side effect of the access right
restriction is the tremendous
reduction in log volume and access
time in retrieving relevant event logs.
This greatly improves the efficiency
and effectiveness in performing
security and forensic analysis.
4. Enhancing service dashboard deploymentThe SIEM project also created a
framework to present the service level
and health status of an IT service that
is dependent of other sub-services.
This provides a bird’s eye view of the
status of different services using “traffic
light” presentation. With the advance
and massive deployment of virtual
machine (VM) technology in central IT
services, we have enhanced the service
dashboard framework to support the
redundancy features of VM technology.
A sample of the service dashboard is
shown as follows.
Figure 1. Sample of a Service Dashboard – Provide an Eye-Catching view of service status
OCIO NEWSLETTER20
5. Consolidating the SIEM systems with standard event processing framework From our experience in using and
customizing the SIEM systems, we found
that many event handling procedures
are generic and are defined repeatedly.
We have consolidated and defined
those commonly used event handling
workflows as a standard event handling
framework in the new SIEM solution.
The use of this standard framework
provides consistency and is more
effective for different administrators
when creating new system or security
event handling procedures. The benefits
will be even more noticeable when
more services are deployed using these
standard framework.
SummaryThis paper described how we extended
the benefits from the successful Express
SIEM implementation in 2011 to the
current Enterprise SIEM in 2014. One
of the major goals of the upgrade is
to enhance the SIEM systems with
sufficient processing and storage
capacity to handle the event and
security processing needs to support all
central IT services.
Although the total event volume size
has increased, with the fine-tuned roles
and responsibilities defined in the new
Enterprise SIEM solution, administrators
only access events and resources that
they are authorized to view. This greatly
reduces administrators’ time when
working with event logs. In addition,
with the deployment of a standard
event handling framework that captures
common workflows, this improves
the consistence and effectiveness in
performing daily event handling as well
as security and forensic analysis.
Furthermore, having service statuses
available, the new SIEM provides a
basic service dashboard. Instead of
correlating many different monitoring
graphs to get service statuses, the new
dashboard provides a “bird-eye” view
of service status with its service level
represented as simple as “Red-Yellow-
Green” traffic-light. This creative idea
provides a pin-pointed, eye-catching
and easily understandable service
dashboard in a single view.
With the above new features and
innovative ideas, the new Enterprise
SIEM solution is truly a unified,
transparent and scalable platform
for event and security monitoring for
central services. With all the flexibility
and creative ideas built into the
solution, we have transformed our SIEM
solution from just a service monitoring
and threat management tool to become
an important and core component
in the University’s enterprise service
governance framework.
Issue 16 • July 2014 21
STATISTICS AT A GLANCE
OCIO NEWSLETTER22
GLOSSARY CORNER
IT Security from WikipediaAndy Chun (ed.)
Heartbleed is a security bug in the OpenSSL
cryptography library. OpenSSL is a widely used
implementation of the Transport Layer Security (TLS)
protocol. Heartbleed may be exploited whether the
party using a vulnerable OpenSSL instance for TLS as a
server or a client.
Heartbleed results from improper input validation (due
to a missing bounds check) in the implementation of
the TLS heartbeat extension, the heartbeat being the
basis for the bug’s name. The vulnerability is classified
as a buffer over-read, a situation where software allows
more data to be read than should be allowed.
A fixed version of OpenSSL was released on April 7, 2014, on the same day Heartbleed was
publicly disclosed. At that time, some 17 percent (around half a million) of the Internet’s secure
web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing
theft of the servers’ private keys and users’ session cookies and passwords. The Electronic Frontier
Foundation, Ars Technica, and Bruce Schneier all deemed the Heartbleed bug “catastrophic”.
Forbes cybersecurity columnist Joseph Steinberg wrote, “Some might argue that [Heartbleed] is
the worst vulnerability found (at least in terms of its potential impact) since commercial traffic
began to flow on the Internet.”
A British Cabinet spokesman recommended that “People should take advice on changing
passwords from the websites they use... Most websites have corrected the bug and are best
placed to advise what action, if any, people need to take.” On the day of disclosure, the Tor Project
advised anyone seeking “strong anonymity or privacy on the Internet” to “stay away from the
Internet entirely for the next few days while things settle.”
As of May 20, 2014, 1.5% of the 800,000 most popular TLS-enabled websites were still vulnerable
to Heartbleed.
This article uses material from Wikipedia. The Author(s) and Editor(s) listed with this article may have significantly modified the content derived from Wikipedia with original content or with content drawn from other sources. The current version of the cited Wikipedia article may differ from the version that existed on the date of access. Text in this article available under the Creative Commons Attribution/Share-Alike License.
Issue 16 • July 2014 23
Editorial BoxOCIO Newsletter Advisory Board Dr. Andy Chun (OCIO) Ms. Annie Ip (OCIO) Mrs. W K Yu (ESU) Mr. Raymond Poon (CSC) Mr. Peter Mok (CSC) Ms. Maria Chin (CSC)
Publishing Team Ms. Noel Laam (CSC) Ms. Annie Yu (CSC) Ms. Joyce Lam (CSC) Mr. Ng Kar Leong (CSC) Ms. Kitty Wong (ESU) Ms. Doris Au (OCIO)
For Enquiry Phone 3442 6284
Fax 3442 0366
Email [email protected]
OCIO Newsletter Online http://issuu.com/cityuhkocio
GLOSSARY CORNER
Heartbleed explained by xkcdCreative Common comic from xkcd.comOriginal webpage: http://xkcd.com/1354/
OCIO NEWSLETTER24