Embed Size (px)
DESCRIPTION
January 2015 - The eighteenth issue of the OCIO Newsletter of the City University of Hong Kong.
Citation preview
Issue 18 • JAN 2015 SPOTLIGHT
Oracle Exadata for Banner/AIMSK C Cheung
Online course registration each semester is a system activity that demands tremendous computer
power. Processes, such as time-ticketing, have been in place for years to control the system
demand at an acceptable level. On the software side, tuning was also done regularly to achieve
optimum performance. As the student population and the number of courses increased over the
past years, the hardware was also upgraded timely. However, hiccups occurred in Semester B for a
few years since 2009.
Owing to the new Academic Reform in 2012 in Hong Kong, the University expanded her system
to allow open registration for more students to select more courses like Gateway (GE) courses. For
the sake of fairness, it is required to schedule more than 3000 students to do on-line web GE course
registration simultaneously. This further aggravated performance and capacity problem during
student on-line web course registration, affecting not only course add/drop and registration
service to students, but also the administrative offices using Banner.
To address the problem, existing system architecture was reviewed. Although traditional server
and storage upgrade was expected to get improvement, I/O performance would be limited by
traditional storage system. We had applied this approach for years, but the course registration
problem still prevailed. Inevitably other technologies needed to be explored.
We started in early 2013 to explore if Oracle Exadata could be a possibility. It is an engineered
based machine with hardware and software components integrated to improve performance and
achieve high availability for Online Transaction Processing (OLTP) and data warehousing.
In the evaluation process, we studied the literature of Oracle Exadata and IT report on the machine
by independent technology and market research company. We also called references from
INDEX
SPOTLIGHT
1 Oracle Exadata for Banner/AIMS
FEATURE
8 Staff Email – Reasons to Move Fast to MS Office 365
12 New CityU Portal
14 Flipped Classroom at City University of Hong Kong
18 Knowledge Management @ CityU
BRIEF UPDATES
7 New Issue of Network Computing
20 Wow! Free Wifi!? (A Fictional Story)
21 New e-Learning Webpage on MOOC
22 CityU Supports HK Government’s Wifi Initiative
FYI
3Rights Management System for Information Protection on MS Office 365
IT SECURITY AWARENESS SERIES BY JUCC
10 Intellectual Property
ITSM SERIES
4 ITSM Awareness Series (Part 1: Introduction)
STATISTICS AT A GLANCE
23 Help Desk Monthly Statistics
GLOSSARY CORNER
24 Shellshock & Poodle
NEWSLETTEROCIO
other universities using Oracle
Exadata for Banner. Stephen F.
Austin University (SFA) in the
USA went live with Banner on
Oracle Exadata in April 2012
to solve its course registration
problem. SFA can now support
up to 2,000 concurrent users
enabling students to register for
classes more quickly. Several
conversations with their IT
specialists were made to
understand the considerations
of moving to Oracle Exadata and
we got assured that it would
be a solution for us too. We
further conducted a proof of
concept (POC) for confirming the
performance levels demonstrated
meeting the University’s
requirements. The POC result
was positive and showed that the
system can handle 3,000 students
to do course registration
simultaneously, and there would
be up to 100 times performance
improvement in SQL reporting.
After intensive study and
discussions, it was decided to
acquire an Oracle Exadata for
supporting course registration at
reasonable performance when
thousands of students add or
drop courses at the same time.
In late November 2014, Banner/
AIMS database was successfully
migrated to Oracle Exadata
X4-2 Eighth Rack to prepare
for the Semester B course
registration in December. In
this course registration, AIMS
performed extremely well, with
1.5 to 3 times more registrations
done than before (see Chart 1),10
times faster processing and less system
busy pages observed (see Chart 2)
in the peak of concurrent student
registration. System was found busy
only in the first one or two minutes in
the peak. The system demonstrated
that it can greatly enhance the
database performance in Banner
system and thus raise the overall user
satisfaction.
Snap shots of performance report
(Figure 1) in last Semester A and
this Semester B (Figure 2) were
taken on 22 August 2014 and 31
December 2015 respectively. Before
the implementation of the Exadata,
the CPU was fully consumed and this
status lasted for 20 minutes. After the
implementation, it lasted only for 2
minutes. Students should have found
the course registration process much
smoother and quicker.
In addition to improving the course
registration performance, the
performance of other AIMS functions
are also enhanced; users (staff,
students, alumni and offices) can now
get instant response in most functions
within a second. Furthermore, other
enterprise applications can still be run
as usual during the peak usage period.
Before, other application user offices
were requested to avoid submitting
CPU/time consuming jobs during the
course registration period. In short,
Oracle Exadata has great potential to
improve jobs that demand extensive
data retrieval, query and reporting.
Figure 1: Performance before the implementation of Exadata
Figure 2: Performance after the implementation of Exadata
OCIO NEWSLETTER2
FYI
Rights Management System for Information Protection on MS Office 365Maria Chin
Data security on cloud services for email, social networking, etc. has always
been a concern to users. With the University email system for staff being
migrated to the cloud Microsoft Office 365 (“O365”) featuring Exchange
Online, SharePoint Online, OneDrive, Team Site, etc., the University has
subscribed to the Right Management System (RMS) to provide extra
protection to staff email and files containing sensitive/confidential
information.
Currently under release preparation, the RMS will be
available to staff in their primary O365 accounts (same as
their CityU EIDs) where staff can encrypt email (message
and file attachments) with confidential/sensitive
information for email exchange.
The RMS can also be applied to the Library (folder) in the
O365 OneDrive and Team Site*. All files (MS Office and
PDF format) added to the Library with RMS enabled will
automatically be encrypted, hence sharing of files with
sensitive/confidential information amongst authorized
staff will be more convenient, and without the need
to encrypt file by file and for distribution of decryption password as
currently being done with the on-premises email systems and SharePoint
(CityUWiki). Further access restrictions to files, e.g. how long they can be
viewed by the targeted audiences, abilities for the targeted audiences
to print, download encrypted files etc. can be customized and applied
as desired to achieve optimal protection to files containing sensitive/
confidential information and in the meantime balancing their ease of
access and use.
The RMS is a Microsoft data encryption technology to assist users to secure
their data; nevertheless, staff should exercise care when using the RMS
by following closely the guidelines (to be available with the release of
the RMS). Departments/staff interested to pilot the RMS can contact the
Computing Services Centre (via the CSC Help Desk or email to csc@cityu.
edu.hk).
* Further read on O365 OneDrive and Team Site is available at https://support.office.com/en-nz/article/Start-using-your-team-site-OneDrive-for-Business-and-Newsfeed-to-share-documents-and-ideas-abeace23-ffb2-4638-944c-860a2484b4bb
The Exadata machine has high
availability (HA) feature that provides
an avenue for moving toward non-
stop AIMS services, thus enabling
us to provide better support to
alumni networking, admissions and
recruitment of overseas applicants, and
staff who may be working overseas on
different time zones. This HA feature
also facilitates applying Oracle and OS
upgrade to the machine without any
system down time.
Oracle Exadata has greater capacity
to host more databases in it if
applicable. This may bring savings to
the University on Oracle license. In
the past, new Oracle licenses had to
be acquired when a machine with
higher computing power or when
a new system that required Oracle
database was bought. Such licenses
are expensive. On the other hand, with
the Exadata hosting more databases,
we can patch, upgrade and monitor the
system in a consolidated fashion, thus
saving our database administration
efforts in the long run. It is planned to
migrate the database of Degree Works
to the new machine. The time taken
for generation of an updated advising
worksheet and degree audit report
for a student who has his/her courses
changed or course grades updated is
expected to be much shorter.
Furthermore, taking the opportunity in
implementing Oracle Exadata, a Banner
Disaster Recovery system is being set
up. This will mitigate the risk to the
University operation brought about
by system un-availability at a disaster
level. The system is targeted to be
available in June 2015.
City University of Hong Kong is the
first university in Hong Kong to adopt
an Oracle Exadata for her ERP, and it
took us only three months to install the
system and put it to production, thanks
to our capable and efficient Central IT
team!
Issue 18 • January 2015 3
ITSM SERIES
ITSM Awareness Series (Part 1: Introduction)By Chadwick Leung
The University’s Paperless Office
Service, being a highly mission
critical system, was selected as
a pilot service to be managed
following the ISO/IEC 20000 IT
Service Management (ITSM)
Standard. It is to ensure that the
service is managed following the
international best practice (for more
information on the Paperless Office
Service, please refer to the article
“HRO Work Simplification through
Paperless Office” in Issue #17 of the
OCIO Newsletter: http://issuu.com/
cityuhkocio/docs/ocio_newsletter_
issue_17).
Wikipedia explains: “ITSM is process-
focused and has ties and common
interests with process improvement
frameworks and methodologies
(e.g., TQM, Six Sigma, business
process management, CMMI). The
discipline is not concerned with the
details of how to use a particular
vendor’s product, or necessarily with
the technical details of the systems
under management. Instead, it
focuses upon providing a framework
to structure IT-related activities
and the interactions of IT technical
personnel with business customers
and users.)” http://en.wikipedia.org/
wiki/IT_service_management
Many teams within the Central IT
have been collaborating to bring
the ITSM standards into operation
in CityU. For colleagues who have
not been involved in the ISO/IEC
20000 implementation or other
readers who may be interested
in this transformation, this article
is to share the basic concepts on
how the standard works.
Change is InevitableIn our modern world, IT change
is inevitable and constantly
happening. In fact, the pace
of change is quite exponential
as more and more aspects of
business now rely on IT as an
enabler and driver for business
value. Consequently, changes in
how we provision IT service are
also more frequent. In general,
changes to IT services are driven
by changes in business strategies,
business directions and business
needs. Almost never, is change in
IT service provisioning driven by
technology lifecycle alone. These
ITSM standards guide a service
provider in managing IT changes
against changing business
strategies and needs. The first
step in any change or new IT
service is what ISO/IEC 20000 calls
the Design and Transition of New
or Changed Services (DTNCS).
Design and Transition of New or Changed ServicesThe whole of ISO/IEC 20000
consists of a set of processes
(bolded in below diagram).
The overarching process is the
DTNCS (highlighted in blue in
the diagram). DTNCS helps
organizations manage the
requirements of introducing new
IT services or changes to existing
IT services in 3 main stages – (1)
plan, (2) design and development,
(3) transition. The main purpose
of the DTNCS process is to ensure
that proper considerations
are made to the financial,
organizational and technical
impact that can result from such
change.
DTNCS is related to the other
processes at different stages to
form a coherent (or holistic) view
to manage and govern new or
changed services. The following
diagram depicts the interfaces
between processes at different
stages of an ITSM project, and the
operation stage is adopted by
following the best practice of ITIL
(IT Infrastructure Library for ITSM)
to manage IT services after the
transition stage.
The following explains the tasks
within the 3 stages of DTNCS and
the operation stage, some typical
deliverables of each stage are
listed:
PlanDuring the planning stage, a
proposed new or change to IT
service is first evaluated against
The ITSM Awareness Series of articles aims to raise awareness among CityU IT provisioning units (both Central IT and departments) and interested parties of the current best practice in IT service management (ITSM).
OCIO NEWSLETTER4
ISO 20000 Design and Transition of New or Changed Services ITIL Service Operation
Plan Design and Development Transition Operation
Service Delivery
Service Level Management and Reporting
Service Continuity and Availability Management
Budgeting and Accounting for Services
Capacity Management
Information Security Management
RelationshipBusiness Relationship Management
Supplier Management
ResolutionService Request and Incident Management
Problem Management
Control
Change Management
Configuration Management
Release and Deployment Management
various aspects which generally include
business needs, user requirements,
available resources, financial and time
constraints, and technology limitation.
This evaluates whether the outcome
(new or changed IT services) can deliver
values to business or customers within
the timescale and budget. Agreed
change will be managed as “project”.
DTNCS process must be used to manage
a change when it is classified under
certain criteria that are organization-
specific. Some typical criteria are:
- All new services
- Changes with potential high risk/
impact or expected high value to
critical services
- Changes with high cost and/or benefit
- Changes with long interruption to
critical services
Other changes outside the
organization-defined criteria are simply
managed through traditional change
management processes.
Deliverables:
- New or changed IT Service proposal
- Service removal proposal
- Project plan
Design and DevelopmentService Requirements
The first step in the Design and
Development of DTNCS is to define
the service requirements. Details of the
requirements will be gathered through
the following processes:
- Service Level Management and Reportingo Service level and catalogueo Service hourso Service request agreed time
- Service Continuity and Availability Managemento Support hourso Availability requirement in
percentageo Time to restore service during
incident
- Budgeting and Accounting for Serviceso Capital Expenditure (CAPEX)o Operational Expenditure
(OPEX)o Asset Management
- Capacity Managemento Storage requiremento Response timeso Backup requirement
Service Design and Development
Service design and development
will be carried out based on the
agreed service requirement.
This step will provide detailed
specifications on all related areas
within the requirements. This
aims to ensure the requirements
will be fulfilled and solutions will
be delivered accordingly during
the Transition stage. The following
are some typical areas within
the scope of service design and
development:
Figure 1 Interfaces between DTNCS and other processes
Issue 18 • January 2015 5
- Service Level Management & Business Relationship Managemento Operation levelo Roles and responsibilities o Human resources (training, skills
and competencies)
- Capacity Managemento Service monitoringo Infrastructureo Testing and deployment approach
- Information Security Managemento Information or data securityo Information or personal privacy
- Service Continuity and Availability Managemento Service high availability or
continuity provision
- Supplier Managemento Suppliers and contractso Support level
Deliverables:
- Functional / technical requirement
specification
- Service level requirements and plan
- Capacity requirements and plan
- Service Continuity and Availability
requirements and plan
- Cost model, charging scheme and
price book
- Information security requirements and
risk assessment report
- Service catalog update
- Service level agreement, operational
level agreement and supplier contract
TransitionThe following three control processes
will manage the service rollout and
deployment, including the subsequent
changes:
- Change Managemento Manage evaluation, scheduling
and approval of change requesto Manage unexpected outcome of
change/release deployment
- Configuration Managemento Manage the Configuration Items
(CI) registration and change via
Change Management processo Define relation between CIs and
relation between CI to service
- Release and Deployment Managemento Manage deployment of approved
new or changed serviceso Manage development and test
cycle
Deliverables
- Service report
- CMDB audit report
- Change and Release schedule and
report
OperationAfter a new service goes live, the
operation stage will also turn two
resolution processes into action from
preparation in the transition stage
- Service Request and Incident Managemento Handle service request and
incident in accordance to the
defined procedure and within
agreed service or resolution time
- Problem Managemento Identify root causes of incident and
produce proven resolutiono Prevent incident with the same
cause from reoccurrence
Deliverables
- Service report
- Knowledge base and known error
records
This article provides a very high-level
overview of ITSM and the DTNCS
process. For more information on the
individual stages or tasks, interested
readers can refer to:
- ISO/IEC 20000 – design and transition of new or changed services
http://blog.apmg-international.com/
index.php/2013/04/24/isoiec-20000-
design-and-transition-of-new-or-
changed-services/
- ITIL Processes http://wiki.en.it-processmaps.com/
index.php/ITIL_Processes
- ISO 20000 Sections and related ITIL Processes
http://wiki.en.it-processmaps.com/
index.php/ISO_20000#ISO_20000_
Sections_and_related_ITIL_Processes
Please stay tuned for Part 2 of this series
when we introduce the Configuration
Management Database (CMDB) – a
repository that acts as a data warehouse
to support ITSM. Contents in the
CMDB represent the IT assets as well
as the relationships among them. The
CMDB is an important tool to help
IT organizations understand how
critical assets are composed and their
relationships/dependencies with others,
and consequently facilitates better IT
service management.
OCIO NEWSLETTER6
“Issue #82 - December 2014” of the
Network Computing online magazine
from the Computing Services Centre
(CSC) is now available at: http://
wikisites.cityu.edu.hk/sites/netcomp/
BRIEF UPDATES
New Issue of Network ComputingComputing Services Centre
This issue contains the following
articles:
• Lync: How to Make Use of Unified
Communication
• Difficulties of Supporting Wi-Fi
• Learn at Your Own Pace with Lynda.
com
• IT Security Awareness - Protection
against Hacking - Technique / Tools
Issue 18 • January 2015 7
As announced in August 2014,
the Information Strategy and
Governance Committee (ISGC)
has endorsed the immediate
migration of the University email
system for staff from the on-
premises Microsoft Exchange
system (“Exchange”) to the cloud
Microsoft Office 365 (“O365”),
and the entire email migration
for all staff is to be completely by
June 2015.
Migration of all email in the
7,000+ staff email accounts
(primary and secondary
accounts) within a year might not
seems a difficult task; however,
when all staff need to find time
for email migration and to adapt
to a new email system, despite
the similarity of the two systems,
the time and efforts added up
has proven to be a challenge.
The Computing Services Centre
(CSC) will assist staff to migrate
their email from both the
Exchange and the JSMS (the
older staff email system) to O365,
and in order to streamline the
migration process, a department-
by-department schedule has
been worked out.
FEATURE
Staff Email – Reasons to Move Fast to MS Office 365 Maria Chin
The cooperation of staff to comply
with the planned migration
schedule for their respective
department is sought since
shuffling migration dates amongst
departments within a tight
timeframe will adversely affect staff
in departments involved in terms
of rescheduling; after all, it will be
impractical, if not impossible, to
find a date that can fit every staff.
Migrating to O365 - the Sooner the Better• Staff should note that migrating to
O365 at their earliest convenience
is to their advantage, since no
enhancement resource has been
allocated to the on-premises email
systems, meaning that neither
the systems nor the hardware
(servers, disks, backup) will be
upgraded. Both the systems and
the hardware are hence already
prone to software bugs, hardware
failures, security vulnerabilities and
attacks from hackers, and these
deficiencies will further deteriorate
with time. The software licenses
for the applications, anti-viruses,
etc. for the on-premises email
systems will expire after 30 June
2015, and without valid licenses
these systems must be shut down
and accounts/emails that have not
been migrated to the O365 will be
irretrievable.
• Staff can enjoy the added and
advanced features on O365, and
please see details in the FAQ at
http://www.cityu.edu.hk/csc/
deptweb/support/faq/email/
o365staff/features.htm.
• Apart from the advanced
features, the University has
recently subscribed to the Rights
Management System (RMS) on
O365, and with RMS, email and
files with confidential/sensitive
information can be encrypted
hence strengthening information
protection during email
communication and files sharing.
• Staff can enjoy the use of Microsoft
Office Pro Plus for their work which
can be downloaded from their O365
accounts. MS Office Pro Plus allows
each staff member free installation
of MS Office software on up to
a maximum of five PCs or Macs
used by the staff for work related
activities during their employment
at the University. Staff can also run
OCIO NEWSLETTER8
Office Mobile for
iPhone or Office
Mobile for Android
on up to 5 mobile
devices.
When and How to Migrate Email Accounts to O365?
The CSC is
contacting the
Departmental
Network
Administrators
of respective
departments/offices
to confirm the
planned migration schedule for
their departments. Departments
who have not yet been contacted
and wish to migrate sooner can
contact the CSC (via the CSC Help
Desk or email to [email protected].
hk) and the CSC will try to move
forward the planned date.
Prior to email migration, staff
should read the FAQ (http://
www.cityu.edu.hk/csc/deptweb/
support/faq/email/o365staff/
o365.htm), and upgrade
the operating systems and
applications on their PCs and
mobile devices to the latest
versions before the migration;
otherwise, they may not be able
to connect to O365.
On the date of migration, all email
accounts and email of all staff in the
department scheduled for migration,
even those for the staff on leave, will be
transferred to the O365. Staff from the
CSC will be on-site at the department
to provide technical support to staff
to configure the email clients (MS
Outlook) on their PCs to connect to the
O365. The O365 server information
will be available to staff using other
IMAP/POP3 email clients who can
then configure their own email clients
accordingly. Staff who are not in office,
on leave, etc. on the date of migration
and have missed the on-site support
from the CSC can follow the DIY steps
(item 3) in the FAQ (http://www.cityu.
edu.hk/csc/deptweb/support/faq/
email/o365staff/o365.htm), or contact
the CSC Help Desk or email to csc@
cityu.edu.hk for assistance.
Access Migrated Email and New Emails on O365 via OWAIt is worth noting that the email
migrated to the O365 and the new
email sent to you can always be
accessed conveniently from any web
browsers (via Online Web Access
“OWA”) at http://email.cityu.edu.hk/
notice/weblogon_o365um.htm (with
login instruction and URL to the O365).
The OWA enables staff to access their
old and new email right after email
migration even they have not yet
configured their email clients and
mobile devices to connect to the O365.
Issue 18 • January 2015 9
I. Background
Industry Story
Illegal downloading on campus can lead to hefty finesUnless the University of Oklahoma (“OU”) students are willing to fork over $750 for the latest Beyonce single, they might want to think twice before illegally downloading songs from the Internet via OU Wi-Fi.
The Recording Industry Association of America (“RIAA”) has been suing individuals for a minimum of $750 for each illegally downloaded song, according to the OU IT website.
OU IT is working with the RIAA by implementing the Affirmation of Compliance, a digital contract for OU users. When students register with the OU network, students agree to avoid copyright infringement while on the OU network, and in turn IT will investigate any questionable downloading through the network.
What is Intellectual Property?Intellectual property refers to a group of separate intangible property rights. It is a number of distinct types of creations and ideas for which a set of exclusive rights are recognised. These include trademarks, patents, copyright, designs, plant varieties and the layout design of integrated circuits.
Why is Intellectual Property important? Stealing a physical asset is obviously illegal. If you take an asset away without the owner’s permission, you are stealing his or her asset. In the other words, you try to take or use an asset without the ownership of the asset.
However, when it comes to any intangible assets stored in the information systems or shared on the Internet, such as e-books, graphics, software, it is usually not an easy job to identify their ownership. To protect such intangible assets or avoid unauthorised usage, it is important to understand the concept of intellectual property and the relevant regulations protecting it.
II. Management
Identification of Compliance Requirement on Information Security
Management should identify the following types of intellectual property before planning the strategy to safeguard intellectual properties.
• University-owned Intellectual Property
Many universities are now expected to interact more with industries as well as governmental and non-governmental organisations in consultancy, research contracts and commercialisation of inventions, innovations and research findings.
As a result, more collaboration between universities and external bodies increased the universities’ productivity of intellectual properties and their reliance on these properties as a source of income.
If the intellectual properties are stolen, the potential income from the properties will be deteriorated or even lost, which can lead to very high economic loss as well as reputation damage.
• Non-university-owned Intellectual Property
Non-university-owned intellectual properties may impose adverse impact on universities’ intellectual protection objective if the usage of such properties is not well regulated.
Some universities may run single-user licensed software on most of their computers. Some computer vendors may even sell hardware to the universities with software pre-installed but without appropriate licences.
Using unlicensed software without the permission of the vendors can pose the universities at a risky position to be sued and penalised. This can incur a very high compensation or litigation cost if universities fail to identify and rectify such violations timely.
Responsibilities of Management
• Establishing Intellectual Property Policy
The establishment of Intellectual Property Policy can protect both the rights of the students and researchers, and the intellectual property itself.
The policy should address how members in the universities should create, identify, maintain, safeguard and protect the intellectual properties owned by themselves or the universities.
• Implement Information Security Intellectual property protection
is part of the overall information security within the universities’ network.
IT Security Awareness Series by JUCCWith an aim to enhancing the IT security awareness of the CityU community, the KPMG was commissioned by the Joint Universities Computer Centre (JUCC) to prepare a series of articles on IT security and they will be adopted and published here for your reference.
Intellectual Property
OCIO NEWSLETTER10
The reason is that, in many circumstances, intellectual properties are part of the critical data held within the universities’ information systems. In other words, strong protection of intellectual property requires well-established information security policies and procedures.
A good example is the implementation of logical access controls. Management should make sure that the access to information assets with intellectual properties is only assigned to the staff members or students based on their specific job functions or study needs. This control is able to prevent intellectual properties from being used by unauthorised users.
Therefore, strong implementation of information security in the University is crucial to keep intellectual properties away from malicious thieves.
• Appoint Security Officer Any potential violation of the security
of intellectual properties should be reported to the right person in the Management group. A person, like an Information Security Officer, should be assigned to supervise the overall security status of the university’s information systems and assets, including intellectual properties. He or she should also be responsible for the governance and implementation of the information security policy.
• Asset Inventory Tracking The inventory of all information
assets such as workstations, laptops and CDs with student personal information owned by the
universities should be continuously tracked and maintained. An asset inventory should be created to record the asset details and the respective asset owners. This can help to prevent information assets involving intellectual properties from being accessed or possessed by un-intended personnel like ex-staff members of the universities.
• Promote Awareness and Education Management should consider
raising the awareness of intellectual property protection by organising trainings for its staff and students. This can align their expectation and help to better protect the universities intellectual properties.
On the other hand, the training should also put emphasis on the avoidance of using unlicensed software or unauthorised duplication of information assets with intellectual properties. Well-received trainings can effectively lower the possibilities of intellectual properties infringements and the consequent
litigations.
III. General User
Responsibilities of General Users
General users may not be aware that they are actually playing an important role with regards to the protection of the intellectual properties as well as prevent the corresponding infringements.
• Manage your intellectual property Any general users such as students,
researchers and faculty staff can be an owner of intellectual property. They should be aware of
their intellectual properties, and manage their rights relevant to their intellectual properties. For instance, they should consider reserve some or all rights to copy or republish their work, and transfer only those rights to the publisher whom you have agreed to use your work to conduct their
business.
• Do not use unlicensed software Staff members and students should
observe the universities’ acceptable usage policies by not installing any unlicensed software on campus workstations / laptops. In addition, universities may consider deploying Software Asset Management (“SAM”) solutions for monitoring any installation of unlicensed software.
• Do not illegally duplicate intellectual property
General users may duplicate intellectual properties like DVDs for personal use if they have purchased from the owners or universities have bought the licences for them. However, using the duplicated copies for commercial distribution or sharing with others who possess no valid licenses is not allowed.
• Do not use P2P software to share copyright material over the Internet
Although the use of P2P software provides an efficient way to search and exchange material over the internet, people often use the P2P software to download copyright material such as music, movie over the Internet. This kind of activities is illegal and may cause law suits with copyright owners or their agents such
as BayTSP, Inc.
Issue 18 • January 2015 11
With the University’s migration
from Blackboard to Canvas
as our unified learning
management system (LMS),
we have replaced the previous
e-Portal that was built on top
of the Blackboard platform
with a brand new “CityU
Portal” (www.cityu.edu.hk/
portal).
The new portal was designed
and coded in-house through
a collaboration of technical
staff from the three Central
IT units – the OCIO, the CSC,
and the ESU, and supported
by contribution of ideas from
content owners and users. The
project began in July 2014 and
Version 1 of the portal was soft
launched in early December
2014. The new CityU Portal
extended the functionality
of the previous e-Portal as a
one-stop information gateway
for staff and students. The
new portal totally replaced
the e-Portal starting from
January 2015 to align with
the full adoption of Canvas in
Semester B.
The project involved several
key development tasks –
enriching the user experience,
revamping the information
architecture, redesigning the
user interface, and designing
FEATURE
New CityU PortalK H Tam
a new .NET single-sign-on
module.
For example, the user
experience has been enhanced
by providing a more flexible
and controllable user interface
to consolidate the most useful
or popular services for staff
and students, categorized by
service types. In the portal
homepage, users have access to
our core IT systems, password
management services as well
as our news and the academic
calendar. The CityU Portal
search bar allows users to
quickly find any protected
CityU Intranet webpages and
CityU SharePoint “wikisites”
that the user has access rights
to view. Also, depending on
your role, you may access the
tabs specifically designed for
staff or students, where you
can find additional teaching
and learning services, facilities
booking services, and other
useful services provide by
various offices.
For the information
architecture, the project
team thoroughly analyzed,
rationalized, and re-
categorized the existing
content, and created a new
information architecture
design that is more intuitively
ConclusionWhile enjoying the benefit from the information technologies, universities should pay sufficient attention to the protection of intellectual properties by implementing adequate information security mechanisms. General users should follow the policies and procedures established by the universities when using the intellectual properties and be alerted on any possible infringements.
Reference:http://thedartmouth.com/2011/08/16/news/Cyber
http://en.wikipedia.org/wiki/Intellectual_property
http://www.wipo.int/uipc/en/guidelines/pdf/ip_policy.pdf
http://www.ipd.gov.hk/eng/pub_press/publications/cpr_ed_e.pdf
http://www.csoonline.com/article/217964/intellectual-property-security-don-t-lose-your-head?page=1
http://www.cio.com/article/22837/How_to_Avoid_Intellectual_Property_Theft_?page=2&taxonomyId=3089 http://www.riskvue.com/articles/fs/fs9911.htm
http://www.lib.utexas.edu/services/faculty/protect_ip.html
http://www.dartmouth.edu/copyright/peer2peer/
http://www.cuhk.edu.hk/itsc/about/p2p-risk.html
Copyright StatementAll material in this document is, unless otherwise stated, the property
of the Joint Universities Computer Centre (“JUCC”). Copyright and
other intellectual property laws protect these materials. Reproduction
or retransmission of the materials, in whole or in part, in any manner,
without the prior written consent of the copyright holder, is a violation of
copyright law.
A single copy of the materials available through this document may be
made, solely for personal, noncommercial use. Individuals must preserve
any copyright or other notices contained in or associated with them. Users
may not distribute such copies to others, whether or not in electronic form,
whether or not for a charge or other consideration, without prior written
consent of the copyright holder of the materials. Contact information
for requests for permission to reproduce or distribute materials available
through this document are listed below:
Joint Universities Computer Centre Limited (JUCC),
Room 223, Run Run Shaw Building,
c/o Computer Centre, The University of Hong Kong,
Pokfulam Road, Hong Kong
OCIO NEWSLETTER12
FEATURE
New CityU PortalK H Tam
organized, allowing easier and
faster access to information.
The portal is also intelligent,
and automatically remembers
individual user preferences in how
much information he/she wants
to be displayed, thus providing a
personalized user experience while
reducing information clutter.
The user interface was totally
redesigned using a “keep it simple”
philosophy while adopting the
latest in Web technologies and
standards. The CityU Portal was
designed with both desktops
and mobile devices in mind, and
was coded using responsive Web
technology that allows the CityU
Portal to automatically optimize
itself to fit different screen sizes
and orientations. You can access
the portal and its services anytime,
anywhere, across all platforms,
including desktop, mobile phones,
and tablets. Aesthetic wise, the CityU
Portal follows a modern “flat” design
while adhering strongly to University
branding. To provide a cleaner looking
user interface, carousels are used to
consolidate “banners” while maintaining
functionality of highlight new events/
activities.
This new platform will allow us to better
integrate with our major systems,
including AIMS, so that users can
access to various services more easily
without logging in multiple times. The
Portal leverages the existing “red door”
login form for Active Directory (AD)
authentication. And a new .NET single-
sign-on (SSO) module was created for
seamless sign-on to LDAP-based AIMS.
Also launched together with the
CityU Portal was the re-designed
CityU Work Desk menu, which
can be accessed by clicking on
the “Work Desk” icon on your
desktop.
New versions of the CityU
Portal will be launched in 2015
with additional services and
functionality to make it even
more useful and personalized.
Please try out the new CityU
Portal and, as always, Central
IT welcomes any comment or
suggestion you may have to
improve our applications to serve
the University better.
Figure 1: CityU Portal Figure 2: CityU Portal in mobile phone
Issue 18 • January 2015 13
What is Flipped Classroom?In a traditional classroom,
students are taught passively
in front of a chalkboard for
an hour or more and then
homework is assigned to students
for application of the taught
skills. Research has shown that
students’ attention span usually
lasts less than 15 minutes in
such a submissive learning
environment [1]. In addition,
timely help may not always
be available when students
are working independently on
their assignments. To reach a
compromise between learning
effectiveness and learning
experience, teachers are
recommended to keep students
engaged and provide them with
feedback promptly.
Flipped classroom [2][3][4], which is
any attempt to alter the order of
teaching and learning activities
in the traditional classroom
approach, has become a popular
pedagogical practice in recent
years. Perhaps, the term “blended-
learning”, which is a simpler form
of flipped classroom, may ring
a bell. Blended learning [5] also
permits learners certain autonomy
over their learning time, place,
path or pace as semi-learning
processes are conducted online.
Such re-arrangement of learning
process and order aims at
improving learning effectiveness
and efficiency with a closer
monitor of study progress by
offering extra pre-class studies
in exchange of fewer after-class
assignments.
Why Flipped Classroom?We all want to improve the
quality of learning within certain
restrictions in time and space.
The good old “60-minute plus”
lecture simply does not work
for the current generation of
university students. It is sensible
to include formative assessment in
class so as to maximize students’
engagement. Simultaneously,
moving the lecture outside the
class can free class time. Students
can then seek for vacant time
to benefit themselves in active
problem solving as a group or
individually with immediate
support from the teachers and
tutors.
Among students with flipped
classroom experience, roughly
half of them agreed or strongly
agreed that their learning had
been enhanced and they felt more
engaged in class, according to
e-Learning Survey for Students
2014 [6]. In the teacher’s version
of the same survey [7], two-
thirds of the staff respondents
revealed their adoption of flipped
classroom in their courses.
Among this population, 68%
concurred with the improvement
in student engagement while
44% acknowledged the reusing
of learning materials at ease. In
a nutshell, flipped classroom
enriched students’ learning
experience by improving the
quality of class hours without
taking extra time from students
and teachers.
How does CityU support Flipped Classroom?CityU has been dedicated to
providing the best learning
environment with the following
provisions:
Learning Management SystemsLMS, from WebCT, Blackboard
to Canvas, helps transcend the
barriers of traditional classrooms.
From distributing pre-class
learning materials, conducting
in-class activities, to reviewing
learning process, everything
can be initiated from the LMS
automatically without the need
to request. The teaching and
learning process is streamlined
by utilizing available built-in tools
and third party apps. Further
information can be retrieved from
Instructure Canvas – CityU’s new
LMS.
• Get to know Canvas
http://vimeo.com/35336470
• Canvas Interface Overview
http://vimeo.com/69658933
FEATURE
Flipped Classroom at City University of Hong KongCrusher Wong, Patrio Chiu, Angel Lu
OCIO NEWSLETTER14
Echo360Thanks to its rapid development,
Echo360 evolves from a lecture
capture tool to a full-fledged
e-learning solution suite. Mini video
lectures, student presentations,
livecast, video file import, and
much more can be facilitated by
any Echo360 software installed
computers in the designated venues.
Read more about new pedagogies
supported by Echo360 at http://
go.cityu.hk/echo360.
DEC Labs and GE LabsDEC Labs and GE Labs are designed
from the ground up with the aim of
supporting group work and hands-
on activities, which are essential in
a flipped classroom. Furniture was
installed with flexibility in GE Lab
Room 1 (P4801) to allow easy group
interaction and space reallocation.
While in GE Lab Room 2 (P4907), a
60-inch touch screen monitor, as well
as the sophisticated Echo360 Capture
System, is equipped to offer a
splendid presentation experience to
lecturers and students. Furthermore,
students can take a hands-on
approach on the latest technology,
such as 3D Printers, 3D Scanner,
Scanning Electron Microscope etc.
More information on the GE lab can
be found at http://www.cityu.edu.hk/
edge/ge/lab.htm.
Wi-Fi & BYOD for Mobile LearningCityU has had a long history in
support of campus-wide Wi-Fi
since 1997 to promote a bring-
your-own-device culture. With
mobile learning apps introduced
in 2011, lecturers and students
have attained effortless access
to Wi-Fi and BYOD enabled
classroom assessment,
information search, field study
with geographic positioning and
a collection of learning artifacts
with their smart devices and
computers.
For all kinds of Wi-Fi services
provided by the Computing
Services Centre on campus, in
Hong Kong and at other partner
institutions around the world,
please visit http://go.cityu.hk/wifi
QualtricsProvided that there is sufficient
authentic input from students’
feedback, classroom assessment
is always an effective way to
evaluate students’ comprehension
and induce students’ curiosity.
Qualtrics supplements LMSs,
which are designed mostly for
summative online quizzes, by
allowing lightning feedback
collection from students without
authentication. One can find out
more about Qualtrics at http://
www.qualtrics.com/university/
QR Code / Short URLAdjustments on in-class activities
according to the real time
feedback is a key component of
a flipped classroom. By adopting
short URLs (Uniform Resource
Locator) and QR (Quick Response)
codes, students are able to launch
an exercise promptly on their
mobile devices. A short URL
simplifies a traditional long URL to
a less trivial address for easy web
navigation while a QR code simply
eliminates the need to type in any
URLs by scanning the embedded
URL in a QR code to start their
web-surfing.
The Short URL service of CityU is
available at http://go.cityu.hk for
all users while the CityU QR Code
generator is coming out soon.
CityU Google AppsGoogle apps have been popular
cloud based services. CityU
Google Apps help to tighten
security by providing a dedicated
Google Apps domain with
branding. Integration with
LMS also enables co-creation of
documents for learning activities.
Virtual Classroom ToolsWeb conferencing system was
adopted to conduct classes online
for courses with specific needs.
When Echo360 Listcast supports
a limited one-way learning
experience, the conference feature
with Canvas satisfies the need of
Issue 18 • January 2015 15
a virtual classroom system by
providing a full set of tools to
create an interactive online
learning environment with
multi-media communication
tools. Find out more at http://
vimeo.com/79260576
Office365 Application SuiteOffice365 (O365) SharePoint
Online provides Facebook-like
newsfeed to communicate in
social network style. Instead of
an official e-learning platform
like Blackboard or Canvas,
it allows students to take
the lead for their learning
activities without instructors’
supervision. Such practice
helps develop students as
self-directed life-long learners.
Currently, all students have
O365 accounts and all staff
will enjoy the same service
soon. Apps such as Yammer
and Lync online will also be
made available in 2015. Please
visit http://www.slideshare.
net/Microsofteduk/o365-
education-e-book-final-version
for an overview.
How May You Start Running Flipped Classroom?This table attempts to help you
flip your classes by identifying
the teaching and learning
activities.
TEACHING & LERNING ACTIVITIES
FACILITIES USED POSSIBLE ACTION(S) BY COURSE INSTRUCTORS
Pre-class Self-learning LMS • Distribute key reading materials• Search the web for video contents and
provide access to students
Echo360 • Record your own mini-lecture video and release to students via LMS
In-class Exercises LMS Online Quizzes Qualtrics QR Code / Short URL
• Ask students to bring their mobile devices with browser, LMS apps and QR code scanner installed
• Conduct classroom assessments to collect immediate feedback from students via LMS or QR code
• Adjust the progress of class based on feedback collected
• Include summative assessments to keep students engaged
DEC Labs GE Labs CityU Google Apps LMS Assignment Tool LMS Peer Assessment Tool
• Facilitate discussions and group work• Ask students to complete mini-group
projects and present their results• Recommend students to record their
findings by co-editing a Google document• Collect mini project artifacts and report via
LMS• Supervise students to peer evaluation
Echo360 • Capture class activities for reference
Post-class Assignments
Echo360 • Recommend students to review class capture or mini-lecture videos
LMS Mobile App Echo360 Video Booths
• Assign study projects to individuals or groups
• Request students to collect artifacts and store on LMS
• Recommend the use of mobile apps for field studies
• Request students to record their presentation at video booth in Library or GE Lab
• Enable peer assessments
Synchronous Virtual Classes
Virtual Classroom Tools
Echo360 Livecast
• Introduce virtual meetings with students to supplement physical meetings
• Enable guess lectures without the need of traveling
Social Learning Community Building
O365 SharePoint Online
Facebook WhatsApp
• Encourage students to build their own learning community
• Allow self-directed learning
OCIO NEWSLETTER16
Showcase of Successful Flipped Classroom Pedagogies With high success rate and
encouraging results across
different departments adopting
flipped classroom on our campus,
the learning and teaching process
has been made more fruitful and
meaningful. Professor Douglas
R. Vogel (retired Chair Professor
of Information Systems) has
been actively employing flipped
classroom to foster effective
student learning by time-shifting
student presentations. Professor
Lilian Virjmoed (two-time winner
of the Teaching Excellence Award)
formerly with the Department
of Biology and Chemistry (BCH)
has utilized mobile devices in her
courses to facilitate classroom
assessments and field studies.
Students with “outstanding”
grades in Commercial Law courses
have increased after Dr. Avnita
Lakhani’s integration of flipped
classroom since 2012.
Through the perspectives of
Professor Jane Prophet from the
School of Creative Media, flipped
classroom is an indispensable
pedagogical practice to engage
students’ view as extra effort
can be spent on discussions
and applying the knowledge
in tutorials. Alternatively, more
collaboration and classroom
interactions have been achieved
with flipped classroom in Dr. Bin
Li’s (Department of Linguistics and
Translation) courses. Dr. Terence
Cheung from the Department of
Information Systems, Dr. Ray C.C.
Cheung from the Department
of Electronic Engineering and
Dr. Sylvia Kwok Lai Yuk-ching
from the Department of Applied
Social Studies strongly adhere to
learning and collaborating around
the clock without geographical
boundaries. Details of their
successful implementation of
flipped classroom can be referred
to in previous issues of the OCIO
Newsletter at http://issuu.com/
cityuhkocio.
Issue 18 • January 2015 17
Thomas Davenport, a pioneer in
knowledge management (KM), defines
it simply as “the process of capturing,
distributing, and effectively using
knowledge.” At CityU, knowledge
management is encompassed in the
University’s Paperless Office Strategy,
which defines an overall architecture
and a set of technology platforms to
share knowledge online and reduce
paper consumption. For a university,
KM means providing effective means to
capture, organize and share knowledge,
such as university or departmental best
practices, guidelines, and procedures as
well as policies, and standards.
Central IT categorizes knowledge into
3 different tiers, depending on how
dynamic or ephemeral the knowledge
is, and provide appropriate set of
technologies to support KM activities:
• Archival Knowledge – the least
dynamic of the 3 categories,
representing permanent historical
records. This includes personnel
records and personnel decisions,
financial records, research
outputs, etc. At CityU, we use EMC
Documentum as our Enterprise
Content Management (ECM) system
to archive and manage knowledge
contents in a secured environment.
Currently, close to 2 million pages
have been archived into our ECM.
In addition, the University Library
maintains an Institutional Repository
(IR) as an archive of our intellectual
outputs, such as thesis, papers, and
reports.
FEATURE
Knowledge Management @ CityUOffice of the CIO
• Operational Knowledge – this
represents knowledge sharing
and knowledge management to
support daily operational needs.
For example, KM portals to collect
and share administrative policies,
guidelines, and practices as well as
documents, papers, and minutes,
etc. These knowledge portals can
be at the department, school,
college, or institutional level. For
day-to-day, knowledge management
needs, CityU has an Intranet Portal
for institutional-wide knowledge
sharing. The CityU Portal provides
single sign-on to all our enterprise
applications. In addition, the
University provides departments
with Microsoft SharePoint sites as
departmental KM portals. Most of the
University’s various committees also
have SharePoint sites for knowledge
management and paperless meetings.
For simple departmental sharing of
documents, the University provides
Office 365 SharePoint Online.
• Dynamic Knowledge – this
represents knowledge sharing that is
highly transient and dynamic, such as
knowledge sharing within a course
or team. This type of interaction is
best done using social media. At
References[1] Khan, S. (October 2, 2013). Why
Long Lectures Are Ineffective.
In Time. Retrieved August
4, 2014, from http://ideas.
time.com/2012/10/02/why-
lectures-are-ineffective/.
[2] 7 Things You Should Know
About Flipped Classrooms.
In Educause. Retrieved
August 4, 2014, from http://
www.educause.edu/library/
resources/7-things-you-
should-know-about-flipped-
classrooms.
[3] Flipped Classroom - The
Flipped Classroom Infograhic.
In Knewton. Retrieved
August 4, 2014, from http://
www.knewton.com/flipped-
classroom/.
[4] Flipped teaching. In Wikipedia.
Retrieved August 4, 2014, from
http://en.wikipedia.org/wiki/
Flip_teaching.
[5] Blended learning. In Wikipedia.
Retrieved August 20, 2014,
from http://en.wikipedia.org/
wiki/Blended_learning.
[6] Results of e-Learning Survey
for Students 2014 at City
University of Hong Kong.
Retrieved August 4, 2014, from
http://go.cityu.hk/q0ncwm.
[7] Results of e-Learning Survey
for Teachers 2014 at City
University of Hong Kong.
Retrieved August 22, 2014,
from http://go.cityu.hk/yjmpyl.
OCIO NEWSLETTER18
FEATURE
Knowledge Management @ CityUOffice of the CIO
CityU, our teachers and students
share dynamic knowledge through
social media capabilities found
in our learning management
system (LMS) as well as through
University-provided Google+ or
Office 365 Team Site, which provide
a Facebook-like interface.
Technology Platforms Based on the previous classification
and depending on the nature of
the data, content, information, or
knowledge being shared, different
technology platforms will be
leveraged to balance cost versus
functionality and security needs. The
following diagram highlights some
of the platforms CityU uses at the
institutional level to satisfy these
different needs.
In addition, CityU provides
technology platforms to various
departments and individual for
information or knowledge sharing
needs, such as paperless meetings
and departmental KM portals
for academic departments and
administrative units, or team-project
knowledge-sharing/collaboration
and document sharing for staffs/
students.
Overcoming Information SilosCityU overcomes information silos
between various departments
and units by providing them with
a standardized departmental KM
portal for KM activities, i.e. Microsoft
SharePoint. Central IT provides
individual SharePoint KM portal to
each school, college, department,
and administrative unit, so that
staffs within each of the dept/units
can share documents, practices,
procedures, guidelines, policies,
etc. internally within the dept/unit.
In addition, various committees
within the University each gets a
SharePoint portal as well. Since the
platform is standardized, staff with
membership in multiple SharePoint
sites can easily find documents
across sites through the built-in
search engine. Because of the search
capability across SharePoint sites
(provided user has access privilege)
even though knowledge is organized
according to organizational
structure and committees, they are
not separate “silos.” CityU has been
using MS SharePoint as its standard
departmental KM portal platform
since 2008.
KM in Central ITFor Central IT, besides the standard
Sharepoint KM portals, we have
other systems to support the
specific needs of managing our
IT best practices and knowledge
sharing. Firstly, our Paperless Office
service, which is the overarching
project for KM, has been ISO 27001
certified since early 2013, and
we are in the process of getting
it ISO 20000 certified as well.
Consequently, our best practices,
guidelines, procedures, and policies
relating to IT security and service
management for paperless office
service are comprehensive, well-
documented and shared within
our KM portal. In addition, our IT
security practices are implemented
as use cases in our SIEM (built using
HP ArcSight ESM) which was first
deployed in 2011, with subsequent
yearly enhancements to expand its
scope. Our service management
best practices and operational
knowledge are coded into our IT
Service Management (ITSM) system
and shared. The ITSM provides a
convenient means to capture, store,
and access knowledge to enhance
our user services, i.e. supports a KM
cycle.
Issue 18 • January 2015 19
Summer is here and many students,
faculty and staff would be going
on vacations and trips. What’s
more exciting than to find free wifi
in a foreign country, or is it? Here
is a fictional story of what might
unfortunately happen.
“Mike is a student at CityU and loves travelling. Being a Generation Z person, Mike loves to use social media to share photos and statuses. This year Mike decided to travel to Eastern Europe before his final year in the coming 2014/2015 semester. Mike knows from his CS-major friends that there are many hackers throughout Europe, so he is particularly careful within using free wifi while travelling.
Today Mike is in Moscow, Russia to see the famous and the Red Square. After taking loads of amazing photos, Mike was very eager to share them on facebook. It was his lucky day; Mike saw a Starbucks nearby. He was not sure if this Starbucks offered free wifi but was hopeful. Eagerly,
BRIEF UPDATES
Wow! Free Wifi!? (A Fictional Story) Andy Chun
he checked the list of network names. Sure enough, there was a “free Starbucks wifi” network! Since this is a famous brand, he was confident that the wifi was safe. He immediately connected to the network and logged into his facebook account. After sharing his photos and chatting with friends on facebook, WhatsApp, and other social media accounts, Mike decided to use the free computer terminals at the coffee shop to check his Gmail and CityU email on a larger screen.
Little did Mike know, but a young couple sitting in a dark corner of the cafe were actually hackers. They were watching his every move and grinning and laughing all the way, because they were also watching each and every one of his online activities. The network Mike logged into was not really from Starbucks. It was set up by the two hackers to impersonate a free wifi from Starbucks. This particular Starbucks actually did not offer any free wifi in the first place! Once Mike connected to the fake free wifi, the hackers injected a malware to his smartphone and took
control of it. They saw everything Mike did online and showed him some fake pages as well. The hackers quickly collected all Mike’s logins and passwords to the online accounts that he accessed. In addition, the computer terminal that Mike used to check his emails was previously hacked by the same couple earlier and had a malware installed. Each and every key stroke that Mike typed were logged and sent back to the hackers.
Upon returned home, to Mike’s surprise and shock, he found that payments worth tens of thousands were credited to his paypal account. Unfortunate for
Mike, he used the same passwords for most of his online accounts, including paypal and CityU accounts. His trip to Europe turned out to cost Mike a lot more than he expected. Sadly for Mike’s friends, they had been receiving fake mails in Mike’s name that contained viruses and malwares. Also sadly for CityU, since the hackers had Mike’s CityU password, they were able to breach our systems and opened up channels for future advanced targeted attacks.
Here are some hints to help you
safeguard yourself:
• Turn Off Auto-Connect to Wifi! Some smartphones or tablets
automatically connect to a wifi
hotspot if you have connected to
one with the same name before.
Unfortunately, hotspot names can
be faked. Make sure you turn off this
automatic feature when travelling.
Creative commons photo via Flickr user Bernt Rostad
OCIO NEWSLETTER20
• Use HTTPS and Private Browsing! Make sure you use HTTPS and activate
private browsing mode instead of
HTTP when using the web. HTTPS
encrypts your connection, while HTTP
sends plain text that any hacker can
see. In private browsing mode, your
browsing history and data are cleared
when you close the browser.
• Use Two-Factor Authentication! Some software, such as Gmail,
provides free two-factor
authentication. What that means is
that besides your password, it will
require another means to authenticate
BRIEF UPDATES
New e-Learning Webpage on MOOCE-Learning Team (OCIO)
To assist our colleagues in creating MOOC courses, the
e-Learning Team (OCIO) created a new webpage with
links to lots of useful online resource information from
what is MOOC to best practice in creating a MOOC
course. The webpage is located here:
http://www.cityu.edu.hk/elearn/mooc.html
Colleagues interested in offering a MOOC course should
contact Dr. Crusher Wong (OCIO), head of the e-Learning
Team.
you, such as a SMS message to your
phone. Even if hackers get hold
of your password, they will not be
able to access your account; unless
they also stole and hacked your
phone .
• Confirm the Network Name! When using free wifi, make sure
the name of the network is the
real one. Just because a network is
called “free Starbuck wifi” does not
necessarily mean it is real. Names
can be faked.
• Do Not Use the Same Password on Multiple Sites! This is obvious.
If one of your accounts is hacked,
then all your other accounts on
other systems will be vulnerable.
• Do Not Use Share Profile Between Sites! Some sites allow you to set
up an account using another site’s
authentication. For example, you
can set up an Instagram account
using your profile from facebook.
This increases your vulnerability,
because if any of those sites get
hacked, all your other accounts will
be vulnerable as well.
Issue 18 • January 2015 21
BRIEF UPDATES
CityU Supports HK Government’s Wifi InitiativeS K Tsui
BackgroundTo advance Hong Kong’s position as
a highly connected city in the world
by stimulating the development of
public Wi-Fi service in Hong Kong,
the Office of the Government Chief
Information Officer (OGCIO) of the
Government of the Hong Kong
Special Administrative Region has
officially launched the Common Wi-Fi
Brand “Wi-Fi.HK” in August 2014.
City University of Homg Kong (CityU)
has joined the scheme in December
2014 and the network ID (SSID)
“Wi-Fi.HK via CityU” is available at the
following locations to allow free Wi-Fi
access for visitors inside the CityU
campus.
Use Instruction1. Visit a venue that has joined the
“Wi-Fi.HK” scheme.
2. Check that the device you are
using is Wi-Fi enabled. Turn
on Wi-Fi function, select the
Network ID (SSID) with “Wi-Fi.HK”
at the beginning, and then click
“Connect”.
3. Open your web browser, read and
accept the “Terms & Conditions and
Disclaimers” displayed.
4. Start free surfing.
You may visit the web site http://
www.wi-fi.hk for more information
and search for the participating
organizations and hotspots available
in Hong Kong.
The Podium (4/F), Academic 1
The Podium (4/F), AC1
學術樓 (一), 4樓
Lecturer Theatre 1 - 18 演講廳 LT1 – LT18 4/F AC1
學術樓(一), 4樓
Lecture Theatre 401 演講廳 LT401 4/F Amenities Building
康樂樓, 4樓
Chinese Garden, University Circle
中式花園, 城大廣場
City Express, City Chinese Restaurant, and City Top
城大食坊, 城大中菜廳, 城峰閣
5/F, 8/F, 9/F Amenities Building
AC2 Canteen 3/F AC2
學術樓(二), 3樓
Delifrance
Store #1 Covered Terrace, 3/F Cheng Yick Chi Building
Covered Terrace,
鄭翼之樓3樓
Store #2 3/F AC3
學術樓(三), 3樓
Multi-media Conference Room
多媒體會議廳 4/F Cheng Yick Chi Building
鄭翼之樓, 4樓
Multi-Purpose Rooms 多用途活動室 4/F Amenities Building
康樂樓, 4樓
Multifunction Hall 1, 2 and 3, and common rooms at the ground floor of each Student Residence’s Hall
學生宿舍多用途禮堂及各大堂地下活動室
Best practice of Using Wi-Fi ServiceOnce your Wi-Fi device has
connected to any wireless
network, you are exposing
yourself to potential attacks.
Therefore, network security and
data protection is extremely
important, especially when you
are using public wireless hotspots.
You may want to visit the Infosec
web site of the Hong Kong
Government (http://www.infosec.
gov.hk/english/yourself/wireless.
html) for tips on using the wireless
network.
OCIO NEWSLETTER22
Call SupportSeptember to December 2014
Problem Type DistributionSeptember to December 2014
STATISTICS AT A GLANCE
Help Desk Monthly Statistics
Total calls
Total calls
Helped on Phone
Problem Type
Issue 18 • January 2015 23
Editorial BoxOCIO Newsletter Advisory Board Dr. Andy Chun (OCIO) Ms. Annie Ip (OCIO) Mrs. W K Yu (ESU) Mr. Raymond Poon (CSC) Mr. Peter Mok (CSC) Ms. Maria Chin (CSC)
Publishing Team Ms. Noel Laam (CSC) Ms. Annie Yu (CSC) Ms. Joyce Lam (CSC) Mr. Ng Kar Leong (CSC) Ms. Kitty Wong (ESU) Ms. Doris Au (OCIO)
For Enquiry Phone 3442 6284
Fax 3442 0366
Email [email protected]
OCIO Newsletter Online http://issuu.com/cityuhkocio
GLOSSARY
IT Security from WikipediaAndy Chun (ed.)
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system. Analysis of the source code history of Bash shows the vulnerabilities had existed since approximately 1992.
The first bug causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environment variables. Within days of the publication of this, intense scrutiny of the underlying design flaws discovered a variety of related vulnerabilities.
Attackers exploited Shellshock within hours of the initial disclosure by creating botnets on compromised computers to perform distributed denial-of-service attacks and vulnerability scanning. Millions of attacks and probes related to the bug were recorded by security companies in the days following the disclosure. The bug could potentially be used to compromise millions of servers and other systems, and it has been compared to the Heartbleed bug in its severity.
POODLE, attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of a clients’ fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed it in September 2014.
To mitigate POODLE attack, one way is to completely disable SSL 3.0 on the client side and the server side. Google is planning to remove support of SSL 3.0 from their products completely, and Mozilla will also disable SSL 3.0 in Firefox 34. Microsoft has published the security advisory to explain how to disable SSL 3.0 in Internet Explorer and Windows OS.
This article uses material from Wikipedia. The Author(s) and Editor(s) listed with this article may have significantly modified the content derived from Wikipedia with original content or with content drawn from other sources. The current version of the cited Wikipedia article may differ from the version that existed on the date of access. Text in this article available under the Creative Commons Attribution/Share-Alike License.
OCIO NEWSLETTER24
