Security awareness will GO ON and ON….

Announcing winners and more winners-to-be of prizes for those who care about IS

Information security continues to be a challenge not just for the higher education community but worldwide.  Being part of the higher education community, PolyU has made every endeavor to promote information security awareness within our campus and a PolyU Information Security Week was organized during 16-20 May 2011. This has been a most fruitful and eventful week with the University community, our staff and students, participated in multifarious IS awareness programmes.

EPILOGUE - Sharing  highlights of the programmes and the joy of winning

Security Exhibition

To broaden the penetration of security awareness across the PolyU community, posters and display boards with handy security tips were designed and posted in various locations on campus throughout the Security Week.

Information Security Workshops

As an opening attraction of the Information Security Week, two Information Security Workshops were held on 16 May 2011, which were conducted by an external IT/IS Security Consultant.

 The Information Security Workshops were well attended by colleagues from academic as well as administrative departments / offices. They focused on providing colleagues with background on the importance of establishing an information security management framework and  the basic techniques for conducting an information system security assessment.

'TEEN-TEEN SECURE' Talk Show by RTHK DJs on PolyU Campus

Nowadays, it’s uncommon to find a student without a social networking account or smart phone.  A ‘Teen-Teen Secure' (資安探訪到理大) talk/show was featured  on campus on 17 May 2011 to uplift the security awareness of our students on the use of social networking and mobile devices.

In collaboration with OGCIO, RTHK DJs were invited to host and feature their popular teen show on campus. Despite the Security Week being amidst the University’s examination period, there was a full house at the show venue. RTHK DJs and also our  Help Centre colleague shared security messages with the audience in lively, interesting and fun-filled ways, and with active participation from the audience in the ensuing Q&A session.

2nd Joint Universities Information Security Conference

As the finale of the Information Security Week, the 2nd Joint Universities Information Security Conference, organized by the Joint Universities Computer Centre (JUCC), was held at the Jockey Club Auditorium on 19 and 20 May 2011.

The theme of this year’s Conference is 'Implementing Information Security in the Higher Education Community’. Over 650 IT professionals from across the higher education community in Hong Kong and Macau participated in the various sessions of the Conference.

The Conference featured a range of very useful and informative presentations on data classification and data handling security policy, identity management, Cybersecurity, personal data privacy, mobile computing security, etc. by information security experts from various sectors. The conference also provided a good networking platform for the higher education communities.

Information Booth

Staged concurrently with the Joint Universities Information Security Conference, the information booth cum highlight exhibition  not only on Information Security and IT services, but also the University’s e-Learning in Transition and  Campus Development projects at QT Podium was another attraction of the Information Security Week.

Staff and students could visit the booth and ask about and get help on questions relating to information security, mobile devices, and  know more about the University’s new services -  PolyU Cloud, Identity and Access Management and  PolyU Connect. Flash games, videos and quizzes were  developed for staff and students to gain security knowledge and  tips, souvenirs and prizes under a fun-filled environment!

A special note of thanks and appreciation to all staff and students who have participated in the event to make it a successful milestone in the University’s IS awareness campaign. Your continuous support is essential to achieving overall Iinformation Security across the entire Polyu community.

Announcing the Lucky Draw Winners

To encourage active participation from students and staff in the PolyU Information Security Week, participants of the various programmes as well as students who have activated their PolyU Connect account during the Information Security Week will have the opportunity to win handsome prizes including iPad 2, training course coupons, buffet coupons, etc. in the lucky draw.

Click HERE to see if you are one of the lucky winners.

SEQUEL- Security Awareness will go on and on....

The Next Wave

IS e-Exhibition & e-Quiz Starting 1 June – Last Chance to Win an iPad 2

e-Exhibition

While ‘The PolyU Information Security Week 2011’  has come to a successful closing, the promotion and publicity of information security awareness is an on-going process.

Information Security is everyone’s business and responsibility. If you have missed our exhibition, all the exhibits are now available for viewing on the PolyU Information Security Website.

e-Quiz – the upcoming  winners of iPad 2 and more…

And if you have missed the chance to win prizes and souvenirs during the Information Security Week, an e-quiz based on the e-Exhibition will also be launched on 1 June 2011! Just complete a short quiz on or before 15 June to enter into the lucky draw for another chance to win an iPad 2 and other attractive prizes. The 1st 300 quiz participants will also receive a handsome souvenir to be picked up at the Help Centre!!

And again, for students who have:

• completed the e-quiz PLUS
• activated their PolyU Connect account, AND forwarded their Campus E-mail to the PolyU Connect account on or before 15 June

They will have INCREASED CHANCES to be the prize winner!!

PolyU Connect is a new life-long e-mail, communication and collaboration platform for use by our students, alumni and retirees. More information about the service is available at the PolyU Connect Website.

The service has been launched to all students in April 2011 and it will replace the existing Campus E-mail and Webmail service in Q4 2011 as the official communication channel with students.

After the phasing out of the existing Campus E-mail and Webmail service, all e-mails to students should be sent to their new e-mail addresses with '@connect.polyu.hk’ as the suffix, i.e. <Student Number>@connect.polyu.hk.

Action from departments

In order to have a smooth transition to the new PolyU Connect service, departments are reminded to:

• conduct a stock take exercise to check whether there are any systems/applications with functions that generate and send e-mail to students using the existing e-mail address, i.e. <Student  Number>@polyu.edu.hk;
  
  
• conduct an impact analysis to estimate the effort and resources needed to make the necessary modifications on those affected systems/applications; and
  
  
• formulate a work plan / schedule for making the modifications which need to be completed before Q4 2011

The exact cut-off date of the Campus E-mail and Webmail service as well as the detailed transition arrangements will be announced later. In the meantime, if you need further information, assistance or advice regarding the transition, please contact Mr Ernest Yu at 2766 7940 (E-mail: ernest.yu@polyu.edu.hk).

Action from Students

Activate Your NEW Student E-mail Account Early for More Chances to Win Xbox 360 and also iPad 2 -

As the new 'PolyU Connect’ service will soon replace the existing Campus E-mail and WebMail Service for students, all students are strongly advised  to activate your new PolyU Connect account and to familiarize with the new e-mail and collaboration platform NOW.

5 sets of Xbox 360 with Kinect will be given away to the early PolyU Connect users and the 1st lucky winner was announced in our last issue.

1st  Xbox 360 Winner

2nd Xbox 360 Winner

Click the Xbox 360 below to see if you are the lucky winner of this month: 

We will be giving out the remaining 3 Xbox 360 Kinect sets to our PolyU Connect users in the months to come till the end of August 2011! It means that the earlier you have activated your PolyU Connect service, the more chances you will have to win the Xbox 360.

So, ACTION NOW to: 

• Log in to your PolyU Connect account and change the initial password to activate the service, AND;

• Forward your Campus E-mail account to your PolyU Connect account.

Activate  your new e-mail account Now and Win also an iPad 2

To encourage early adoption and familiarization of the new E-mail System, and continuous awareness and practice of security measures, you will have additional opportunities to win an iPad 2 and other attractive prizes if you:

• Activate your PoyU Connect account  HERE
• Take a short e-quiz on security HERE

BEFORE 15 June.

If you are among the 1st 300 to do the above, you can pick up a souvenir gift from the Help Centre.

Click here for the prizes and sourvenirs!

Your login ID and the initial password have already been sent to you via your Campus E-mail account in April.

Have you ever received e-mails claiming that one of your services, e.g.  e-mail, your web account, etc., is being locked or suspended, and you need to unlock it at a given URL? If you follow their instructions, you will be in real trouble as your personal identity would have been STOLEN. This kind of cheating technique is known as ‘phishing’ and it is widely used on the Internet.

About Phishing

Phishing attacks attempt to acquire sensitive information such as usernames, passwords or even credit card details by masquerading as a trustworthy entity in an electronic communication. They pretend to be sending from popular social web sites, online payment processors or IT administrators that try to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.*

Being so popular, social networking sites, such as Facebook, are now a prime target of phishing. Avid users of Facebook receive e-mails with associated links, telling them that someone has 'tagged' them in a photo, video or has provided them with comments.

Handy Tips against Facebook Phishing

So, what can we do to protect ourselves?  Here are a few useful tips to safe you from facebook phishing**:

• Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.

• Use unique logins and passwords for each of the websites you use.

• Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.

• Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.

• Don’t click on links or open attachments in suspicious e-mails. If the e-mail looks weird, don’t trust it, and delete it from your inbox immediately.

• Be wary of where you enter your password. Just because a page on the Internet looks like Facebook or another site you use, it doesn’t mean that it is. Check the address bar in your browser.
  
  
• Be suspicious of any e-mail or message that contains an urgent request or asks you to update your information or provide new information.

• Don’t share your passwords with anyone. Most reputable online services will never ask for your password through any form of communication.

For more information about security precautions of using Facebook, please visit its security blog.

Note:
*        Information source from Wikipedia
**      Information source from Facebook Security

The best way to protect sensitive information is to never store it on a mobile device or portable storage media.  If you can’t avoid it, the following tips can help:

• All information data MUST be stored in encrypted format.
  
  
• Password for encryption/decryption should consist of not less than 8 characters with both alphabetic and numeric characters as well as upper and lower cases.
  
  
• Portable storage media and devices must not be left unattended in public places, automobiles, etc.
  
  
• Portable storage media and devices must be stored in a secure location when not in use.
  
  
• If any portable storage media and devices containing confidential data are lost, report immediately to your Head of Department or his/her delegate for necessary actions.
  
  
• Before the disposal of any portable storage media and devices, all confidential data stored on them must be removed permanently.
  
  
• Portable storage media and devices containing confidential data must not be used to store P2P/BT software or other file sharing software; and they must not be connected to any computing facilities containing P2P/BT software or other file sharing software.

As introduced in our February issue, role-based resource provisioning would be implemented in the new University Identity Management (IM) Framework. Role-based resource provisioning is one of the major changes that will be implemented in phase 3 of the project. In this issue, we will look into more details.

What is Role-based Resource Provisioning?

Role-based resource provisioning means that the set of resources (e.g. e-mail accounts, access to systems or facilities) provisioned to a user is dependent on the role(s) associated with his /her identity. Each role has its own set of resource entitlements.  The summation of the sets of entitlement under different roles of a user identity will be provisioned to the corresponding user.

How is a Role Assigned to a User identity?

There are several ways that a role can be assigned to a user identity:

• Direct Mapping
• Role Transitioning
• Manual Assignment

Direct Mapping

Depending on the relationship with the University, each identity of a user will be automatically assigned with a specific Basic Role based on a mapping rule. The following are some examples:

• A student registered with the Academic Secretariat (AS) will be assigned with a Basic Role of 'AS Student’.

• A staff registered with the Human Resource Office (HRO) will be assigned with a Basic Role of 'PolyU Staff’.

• A user registered by a department as a guest will be assigned with a Basic Role of ‘Guest’.

Role Transitioning

The Basic Role assigned to a student or staff member will automatically change during its life cycle with different resource entitlements. The following are some examples:

• Upon graduation, the Basic Role of a student will change from ‘AS Student’ to 'Graduate’.

• If a student’s status is terminated before normal graduation, the Basic Role assigned to him / her will change from 'AS Student’ to 'Terminated Student’.

• Upon termination of appointment, the Basic Role of a staff will change from ‘PolyU Staff’ to ‘Ex-Staff’.

Manual Assignment

To meet specific business requirements, an Add-on Role can be manually assigned to a user already assigned with a Basic Role.  The followings are some examples:

• An Add-on Role of ‘Council Member’ can be assigned to an external PolyU Council Member already assigned with the Basic Role of ‘Guest’.

• An Add-on Role of ‘LMS Guest Teacher’ can be assigned to an external teacher in the Learning Management System (LMS) already assigned with the Basic Role of ‘Guest’.

What are the Benefits?

• Enhance the agility and flexibility in provisioning different sets of resources to different classes of users according to the ever-changing business requirements.
  
  
• Enhance security on user management practice.
  
  
• Save licensing cost by reducing duplication of resource provisioning to the same person.

A number of departments have acquired licences for the SPSS statistical software. According to the licence agreement, all SPSS licences will expire on 31 May each year and are subject to renewal at the anniversary date.

For departments which would like to continue using the SPSS software in 2011/12, please proceed with the licence renewal procedures as soon as possible by completing and returning the web-based SPSS Licence Requisition Form accessible under the 'Software Licence' section of the ITS website. The licence price list for 2011/12 can be found here.

An invoice will be issued by ITS and sent to the requestor in due course for endorsement by the Head of Department; and the licence fee will be charged against the departmental general expenses account (please specify on the Form if otherwise).

Upon completion of the licence renewal procedures, the new licence code for 2011/12 will be sent to the Departmental CLOs for distribution to  colleagues concerned as appropriate.

If you have  any enquiries regarding the licence renewal arrangements, please contact the ITS General Office at Ext. 2413.

As communicated in our last issue, student helpers are now wanted at the ITS Help Centre at the Li Ka Shing Tower, to help answer staff and students' enquiries on the use of the University's IT facilities and services.

Applicants should have good IT knowledge as well as good command of Chinese and English. Fluency in Putonghua would be an advantage.

Successful applicants would receive basic on-the-job training and work for at most 18 hours a week, possibly also on evenings until 10:30 pm.

Interested students please e-mail your CV to Miss Veronica Yick of ITS at itvyick@inet.polyu.edu.hk 

You may have received a reminder e-mail from ITS advising you to change your NetPassword periodically. You can do so directly via the NetID Management System. However, some staff users might have encountered problemsaccessing their GroupWise (Caching) Mailbox after changing the NetPassword.   

It is because the changes made via the NetID Management System could not update the GroupWise Caching Mailbox password. Changing NetPassword via the NetID Management System will change your account password for ALL central IT services EXCEPT the GroupWise Caching Mailbox password which is stored locally on your PC/notebook.

Thus, if you are using the GroupWise Caching Mailbox to cache e-mails to your hard drive, you have to change the password of ALL your GroupWise Caching Mailboxes BEFORE changing your NetPassword via the NetID Management System. 

Steps to Change NetPassword

1. Change your GroupWise Caching Mailbox Password, if any
   
   
2. Change your NetPassword via the NetID Management System
   
   
3. Change other related local passwords, if any, including Novell Client 32 password, Windows logon password, POP3/IMAP e-mail access password, password of mobile devices that have POP3/IMAP access to your GroupWise or WebMail account, password for connection to PolyU Wireless LAN or fixed network outlets, etc.

Please refer to the Guideline for Changing Your NetPassword and Other Related Local Passwords on Your PC for details.

If you have any enquiries regarding the changing of password, please contact the ITS Help Center at 2766 5900.

Training Workshops

You may view the full list of workshops offered in June and make online enrolment via the Staff IT Training Workshop Enrolment System. You will be notified instantly of the enrolment results.

Online Courses

Please click here for the detailed description of each course. To enrol, please complete and return the web-based proforma reply and you will be informed of the enrolment results in early June via e-mail.

Enquiries: 4566