Skip to end of metadata
Go to start of metadata

Last reviewed: June 2017

In an effort to help institutions create effective information security websites that are informative and helpful to their users, the Higher Education Information Security Council has compiled a list of common features and effective practices that can serve as an outline for a college or university developing or updating their campus information security website.

Getting Started with Your Website

Developing an information security website for your campus involves more than deciding on a color scheme, laying out a home page and creating content. A successful site that will continue to be useful to a broad audience over time starts with a few preparatory steps to lay a solid foundation before diving into the specifics. Not every item will be relevant in all cases, so feel free to modify this plan to suit your own needs.

  1. Form a website development committee.
    • It is recommended that this committee include at least one individual from the following areas: web development, marketing/public relations, IT communications, IT training and awareness, and information security.
    • During these committee meetings, you can discuss the following: brainstorm about focus and branding for the website, how it will integrate with the broader IT department's website, appropriate software or content management system to use (legacy or new), audience, content, and project timeline.
  2. Prepare a high-level overview of the website to present to senior leaders and obtain their approval in order to move forward with tasks and the launch.
  3. Schedule a meeting with information security project managers and appropriate senior leaders to obtain content. These people will comprise your content approval chain before anything is posted online.
  4. Assign individuals as content managers. These people will be responsible for updating pieces of content or pages, and maintaining them by periodically ensuring that the content is current and that links are working properly.
  5. Work with the IT communications team or marketing/public relations to create a communications plan geared towards spreading awareness about the website to target audience(s).
  6. Identify measurement tools (such as Google Analytics) to gauge how successful the website is over time and how often visitors are going to specific pages.

6 Elements for a Successful Website

Once you have laid the foundation, it's time to get down to specifics. As above, not every identified element may be appropriate for your site. Adapt what makes sense for your situation.

1. Engaging Design to Attract and Educate Viewers
While many sites provide thorough, reliable information, not all of them present it well. Format, attractiveness, and accessibility are key to catching and keeping the attention of the reader. Content alone does not guarantee success. Excellent sites feature topics, graphics, and headlines that grab your attention. They encourage the viewer to learn more about information security by presenting the subject matter in a creative and engaging way. Some, for example, offer quizzes to test users on how much they know about security, so that an otherwise passive experience becomes an active learning opportunity. Others have dynamic sites featuring a "carousel" that catches the eye and quickly highlights a variety of content, such as Purdue University's Secure Purdue site or Indiana University's Protect IU site. Some summarize the key points on their site, like MIT's Top Ten Safe Computing Tips or Carnegie Mellon University's list of Faculty and Staff Safe Computing Tips. They are carefully designed so that searching for topics is intuitive for the viewer. The University of Notre Dame and the University of Florida are two good examples of sites that provide content in an appealing manner. One other key aspect of design is making sure that your site can be used by those with a wide variety of abilities. Visit EDUCAUSE’s Accessible Web Design library page for recommendations on how to build a universally user-friendly site.

2. News Updates and Alerts
Some of the better sites feature up-to-date news articles, as well as malware and phishing alerts. Good examples are the information security sites for the Rochester Institute of Technology and the UC Berkeley, which contain both internal and external news, alerts, and headlines. Some, such as Duke University, go one step further by providing an RSS feed, the ability to subscribe to a newsletter, and/or an e-mail list option for those who want to receive security alerts in their inboxes as incidents occur. With new challenges to information security arising constantly, timely information is critical. Providing the latest information about potential threats to the campus is an important element for maintaining security and demonstrates a site's higher caliber.

3. Antivirus Software and Scanning Options
The overwhelming majority of security websites offer students and other campus end users free antivirus software. Most also provide scanning services, so students may detect viruses, spyware, or other problems with their personal computers or mobile devices.

4. Other Resources
Information by topic, Q&A, and recommended external links are important for educating users about security issues. The most successful sites provide relevant, timely information on hot topics, including viruses, identity theft, and social networking safety. Furthermore, they provide helpful outside links that help students further learn about security matters. A number of sites reference the Federal Trade Commission (FTC) for information on identity theft, the National Cyber Security Alliance (NCSA) for online safety tips, as well as public alerts and advisories from the SANS Internet Storm Center, REN-ISAC, and US-CERT.

5. A Place to Ask Questions and Report Incidents (Accessibility is Key)
While good sites may provide a plethora of information and seem to cover all bases, even the best cannot foresee all questions. Consequently, a reliable help desk and easy access to contact information is very important. The most successful sites will prominently display e-mail and phone contact information, so that users may ask questions and report incidents, such as this example from Tufts University.

6. Social Media
Savvy sites will reach their readers where they are most likely to be, i.e., on Twitter, Facebook, InstagramVine, Snapchat, or Pinterest. RIT's Information Security office, for example, connects with its community on both Facebook and Twitter.

Developing Your Social Side

This section builds on the final element, outlining considerations you should take in developing a social media component to your online presence.

1. Integrating Social Media

  • Whether you've made the decision to jump in with both feet or simply put in a toe for now, you will want to consider the administrative requirements for using social media. These requirements include existing policies that your institution and/or department already has in place. Check with your marketing/public relations staff (you will have made a good contact during the "Getting Started" phase of development mentioned above) for any existing guidelines or policies. For example, Social Media @ Brown University includes guidelines for institutional use, as well as guidelines and best practices for personal use and social media site management.
  • Branding: Social media is, at the heart of it, social and all about making personal connections. Keep this in mind when setting up your social media profiles. Having a friendly face in that little thumbnail -- whether belonging to the staff member who blogs, posts and/or tweets, or an artist's rendering of your mascot -- will ensure better connections. Whatever you select, it should align with your website and presents an excellent opportunity to do some branding.
  • Dashboards and Automation: Keeping your messages fresh, ongoing and in sync can be daunting but luckily there are tools that can help. Dashboards such a Hootsuite allow you to manage multiple social profiles and schedule your messages. See more social media management tools below.

2. Selecting Your Social Media Channel(s)
Facebook is currently the most popular social media app, so if you're considering a social media presence, you should take a little time to consider its pros (most popular) and cons (time it takes to administer it) and how it might fit into your overall online presence. Will it complement or conflict with your website? Since there are many choices, focus on the social media that best serve your specific needs and resources. Use the following comparison chart of social media to assist in your decision for what is right for your situation.

Social Media

Characteristics & Considerations

Pros

Cons

Facebook

  • Messages presented in a timeline
  • Allows for longer posts, links to images and videos, can build a webpage within Facebook environment
  • Can establish as a page (wide open) or a group (targeted to a select audience)
  • Can be your dynamic presence with website for more permanent content (such as how-to's, documentation, best practices)
  • Frequency of messages: three or more times a week recommended
  • Most popular
  • Easy to use (especially with mobile apps)
  • Great for generating buzz
  • Ongoing issues regarding privacy and security
  • Promoting Facebook may be perceived as a mixed message from security and privacy professionals

Twitter

  • Limited to 140 characters per post
  • Shortened URLs recommended (e.g., bitly.com and tinyurl.com)
  • More personal and informal than Facebook
  • Frequency of messages: daily at a minimum
  • Best at real-time multi-way messaging and conversations
  • Hashtags allow for targeting of messages
  • Easy to use
  • Can be overwhelming for senders and receivers (lots of "white noise")
  • Limited message length
  • Short shelf-life for tweets

Google+

  • Share documents, surveys, & quizzes
  • Form/join groups to share conversations (blog-like interface)
  • Offers ability to connect with users in hangouts (free option limited to 10 users)
  • Live broadcasts on web via your YouTube channel (share a hangout "on air")
  • Clean and easy to navigate
  • Real time face-to-face chats (hangouts)
  • "Broadcasting" ability good for training, demos and events
  • May be good option for GAE schools
  • Not as popular as other social media sites
  • Difficult to administer

YouTube

  • Can be a supplement your website and Facebook page
  • Pair with Google+ for online broadcasting
  • Able to brand yourself by establishing your own YouTube channel
  • Very popular
  • Venue for training, demo and awareness videos
  • Video could go viral (good and bad, depending on reason)
  • Videos can get lost in the glut of offerings, leading to short shelf-life
Instagram
  • App to quickly share photos and videos
  •  Includes filters and tools to quickly customize an image
  •  Visitors to Instagram channels can follow them (like YouTube)
  •  iOS, Android and Windows apps

 

  • Easy to use
  •  Clean and inviting channel home pages
  •  Ability to apply comments to images
  •  Includes trending (Tags and Places), driven by a “like” function similar to Twitter’s

 

  • All photos are public by default but they offer “private option”
Vine
    • Repository of very-short looping videos

    • Apps for iOS, Android & Windows; use to watch, create and share videos

    • Channel-based
  •  Easy to use
  • Very popular
  • Interfaces well with Facebook and Twitter
  • Great for short-attention spans (i.e., students) 
  • Brevity of video limits it to simple concepts (like a moving poster), so not good for more abstract ideas or training

Pinterest

 

  • Online pinboard that lets users organize and share items of interest
  •  Category-based
  •  Items can be "repinned"
  •  iOS and Android apps

 

 

  • Another way to tell a story with pictures
  •  Could use to promote your website (allows pinning things from your site)
  •  Cross-platform (Apple and Android only)

 

 

  • Very visual, so challenging when dealing with abstract concepts
  • Narrow audience (used chiefly by women)
  • Consumer-based (used for purchases)

 

For another opinion, see the “Social Media Pyramid, "A Guide to Using Social Media Channels for Your Business," "Social Media for Business: A Marketer's Guide," and Patricia Redsicker's article "Pros & Cons of 6 Social Media Channels", the latter of which was one source for the above chart.

3. Managing Social Media
All of these options can soon be overwhelming. The good news is, "there's an app for that." Four popular dashboards to investigate are: HootSuite, TweetDeck, ScooptIT, and MediaFunnel. Select the message aggregator that suits your needs to create a "communication central" to help manage your social media presence.

4. Training and Support
NERCOMP offers various classes focused on the use of social media. For peer support, consider getting involved with the EDUCAUSE IT Communications or Social Media constituent groups and/or subscribing to their lists.

Checklist of Recommended Practices

  • Create an information security website that provides basic security information for all users (faculty, students, and staff).
  • Use a common alias (e.g., http://www.university.edu/security or http://security.university.edu). Note: For some institutions, the campus safety office may already be using one or both of these aliases.
  • Prominently display contact information (e-mail and/or phone number).
  • Include RSS feeds for for security-related news, updates, and alerts (e.g., many schools use the US-CERT National Cyber Alert System or Symantec Security Response).
  • When possible, an institution's main IT page should provide a highly visible link to their security page.

Recommended Model Websites

Institutions Using RSS Feeds for Security News and Alerts

 


 

(question) Questions or comments? (info) Contact us.

(warning) Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).