July 2012

 

Annual Notebook Ownership Programme for Students, Staff and Alumni – Acer and Samsung Notebooks at Discounted Prices
Establishment of a University Information Security Management Framework
New Staff Email Quiz – Are YOU the Lucky Smart Phone Winner?
Secure Development Life-cycle for Web Application – Operation / Maintenance Phase and Disposal Phase
IT Orientation Workshops for Students
Update on Private Cloud Service (PCI)
University Web Application Security Standards
Consultation on University e-Authentication Framework
Computer Equipment Maintenance Service - New Service Provider and Service Hotline
August Staff IT Training Programmes






Annual Notebook Ownership Programme for Students, Staff and Alumni - Acer and Samsung Notebooks at Discounted Prices
 

As communicated in our last issue, this year’s Notebook Ownership Programme, jointly organized by the Students’ Union and ITS, will commence on Monday, 30 July 2012. A wide range of Acer and Samsung notebooks and tablets are available at discounted prices to PolyU students, staff and alumni.

Various models are being offered at discounted prices ranging from HK$1,894 to HK$9,948. Click here to view the model and price information.


Road Show Period

Come and visit the road show counter during the following periods to check out the different models and to place your order:

 

24-hr Online Ordering

Same as last year, 24-hr online ordering is also available this year during 30 July – 3 October 2012.

 

Notebook Collection

To avoid the long queue at the time of notebook collection, it is recommended that you collect your notebook before 6:00 pm if possible. Based on past experience, the waiting time would be much longer after 6:00 pm on weekdays.  


Special Note

Please note that this special Notebook Ownership Programme is offered exclusively to PolyU students, staff and alumni. Each staff, student or alumni member is allowed to purchase ONE unit of notebook and ONE tablet from each brand during the promotion period.

You are also required to produce your PolyU student / staff card or other relevant proof for warranty services as such services would only be provided to the original purchaser.

For any enquiries about the notebook programme, please call the sales hotline at 8208 6988 (28 July – 31 October 2012) from 10:30 – 19:00 on Monday - Friday and 10:30 - 14:00 on Saturday (Closed on Sundays and Public Holidays).

 

 

 
 


 
Establishment of a University Information Security Management Framework
 

 

As communicated in our last issue, the University’s Information Services Steering Committee (ISSC) has endorsed the refined proposal on the establishment of a University Information Security Management Framework and agreed to recommend the proposal to the President’s Executive Committee for approval.

Following the President’s Executive Committee’s approval of the proposed University Information Security Management Framework at its meeting on 20 July 2012, the implementation of the Framework will be kicked start soon to strengthen the protection of the University’s information assets.

A dedicated theme page will be created to publish the detailed information about the Management Framework and its implementation plan.

The successful implementation of the Framework counts on the full support and cooperation of different stakeholders and all individual departments. Stay tuned to 'Get Connected’ for more information and updates on how you can contribute to its success.

 

 
 


 
New Staff Email Quiz – Are YOU the Lucky Smart Phone Winner?
 

 

As one of the promotional activities to prepare staff members for the launch of the new Staff Email Service, a quiz on the new service has been launched in May where participants can have the opportunity to win a Smart Phone in the lucky draw.

The quiz has received overwhelming response and over 700 colleagues participated in the quiz.  If you are one of the participants, click on the Smart Phone below to see if you are the lucky winner:

The lucky winner will be contacted shortly for the prize collection arrangements.

 

 

 
 


 
Secure Development Life-cycle for Web Application – Operation / Maintenance Phase and Disposal Phase
 

 

The Operation/Maintenance Phase

The operation and maintenance phase is to ensure that the developed web application stays secure. Periodically validating the attack surface of the system through System Vulnerability Testing and Web Application Vulnerability Testing serve this purpose. Regular vulnerability scanning also helps to prevent new vulnerabilities being opened up by system change or bug fix.

Furthermore, there should be an established procedure for requesting and approving program/system change. Several levels of authority may be established and the authorisation may commensurate with the extent of the changes.  Documentation such as “User Manual” and “Operation Manual” should be developed, maintained and stored in a location accessible to all the users of the system.


The Disposal Phase

Sensitive information shall not be kept longer than required. Such information shall be purged from the system or archived according to the data retention period pre-defined by Business Owner(s) or delegate(s).

In this and the past few issues, we have introduced the security controls in different phases of the Software Development Life Cycle (SDLC). Always remember that security considerations should be taken into account in the whole SDLC to safeguard an application from vulnerabilities.

 

 

 
 


 
IT Orientation Workshops for Students
 

 

Before the start of each academic year, ITS will offer a series of IT Orientation Workshops to all full-time and part-time students.

These 1-hour workshops will introduce the wide range of central IT facilities and services available to students including:

  • PolyU NetID and NetPassword
  • PolyU Connect Email Service
  • University Portal
  • Student Computer Centre Services
  • e-Learning Platform
  • Academic Unix Cluster, myStore, myWeb & mySurvey
  • Wired and Wireless Network Access
  • Help Centre and Hotline Services

This year’s Orientation Workshops will be held from 27 August to 15 September 2012 in Room M405 of our Student Computer Centre at Li Ka Shing Tower. Details are as below:

Date

Time

27 Aug (Mon)

16:00 – 17:00

31 Aug (Fri)

16:00 – 17:00

1 Sep (Sat)

09:30 – 10:30

4 Sep (Tue)

16:00 – 17:00

6 Sep (Thu)

16:00 – 17:00

12 Sep (Wed)

16:00 – 17:00

15 Sep (Sat)

09:30 – 10:30

Reserve your seat now by calling our Help Centre Hotline at 2766 5900.  Separate sessions may also be arranged for students of individual departments should there be sufficient demand.

All students are welcome!

 


 

 
 


 
Update on Private Cloud Service (PCI)
 

 

Since its launch in April 2011, the PolyU Private Cloud Service (PCI) has been providing departments with an alternative to buying and maintaining their own servers.

This server rental service will save departments with the trouble of maintaining their own servers which would need special requirements on physical settings and security protection.  It will also achieve cost-savings for the University on an institutional-wide level.

The SLA (Service level Agreement) for the PCI service, including the charging model for both UGC and non-UGC funding projects, is published on the ITS web site.

Please click here for the updated information of the PCI service.

 

 

 
 


 
University Web Application Security Standards
 

 

After a month of open consultation, we are pleased to promulgate the University's new Web Application Security Standards. The Standards outline the security practices that web application developers, including both staff members of the University and third party vendors, shall observe throughout the entire application development lifecycle of an Internet-facing web application of the University.

If you have any enquiries regarding the standards, please contact Joseph Lam of ITS at 3400 2405.

 

 

 
 


 
Consultation on University e-Authentication Framework
 

 

Electronic authentication is the process of establishing confidence in user identities presented electronically to an information system. It is typically accomplished using something the user knows (e.g. password), something the user has (e.g. security token) or something the user is (e.g. biometric), or a combination of these.

Electronic authentication presents a technical challenge when it involves the remote authentication of individuals over an open network. There are certain risks associated with authentication such as impersonation as legitimate user, unauthorized capturing of user credential, or compromising the system leaking credential files. It is imperative for the participating entities of the authentication process to ensure sufficient security controls are enforced to minimize risk exposure.

The University is in the process of developing an e-Authentication Framework which will provide guidance on the security requirements using the centralized Identity and Access Management (IAM) infrastructure for authentication or establishing an identity federation relationship with the IAM system.

Consultation on the e-Authentication Framework will be kicked off in August 2012 and more information will be available in the coming issues of 'Get Connected’.

 

 

 
 


 
Computer Equipment Maintenance Service - New Service Provider and Service Hotline
 

 

To achieve cost-effectiveness on an institution-wide basis, ITS centrally co-ordinates maintenance services for departmental PC systems and peripherals with outside vendors. The service contract for the 2 year period from 1 July 2012 – 30 June 2014 has been awarded to Automated Systems Limited (ASL).

Departmental Computer Liaison Officers (CLOs) have already been contacted previously to register the departmental computer equipment for the maintenance service.

Staff users may call the service hotline 2601 6466 during the following hours for making a service request:

Monday to Friday

08:30 - 17:30

Saturday:

09:00 - 12:30

Sunday & Public Holidays

Closed

 

 

 
 


 
August Staff IT Training Programmes
 

 

Training Workshops

You may view the full list of workshops offered in August and make online enrolment via the Staff IT Training Workshop Enrolment System. You will be notified instantly of the enrolment results.

 

Enquiries: 4566