Version 3.0: December 2015Last reviewed: June 2017
In an effort to help institutions create effective information security websites that are informative and helpful to their users, the Higher Education Information Security Council has compiled a list of common features and effective practices that can serve as an outline for a college or university developing or updating their campus information security website.
...
- Form a website development committee.
- It is recommended that this committee include at least one individual from the following areas: web development, marketing/public relations, IT communications, IT training and awareness, and and information security.
- During these committee meetings, you can discuss the following: brainstorm about focus and branding for the website, how it will integrate with the broader IT department's website, appropriate software or content management system to use (legacy or new), audience, content, and project timeline.
- Prepare a high-level overview of the website to present to senior leaders and obtain their approval in order to move forward with tasks and the launch.
- Schedule a meeting with information security project managers and appropriate senior leaders to obtain content. These people will comprise your content approval chain before anything is posted online.
- Assign individuals as content managers. These people will be responsible for updating pieces of content or pages, and maintaining them by periodically ensuring that the content is current and that links are working properly.
- Work with the IT communications team or marketing/public relations to create a communications plan geared towards spreading awareness about the website to target audience(s).
- Identify measurement tools (such as Google Analytics) to gauge how successful the website is over time and how often visitors are going to specific pages.
...
6 Elements for a Successful Website
Once you have laid the foundation, it's time to get down to specifics. As above, not every identified element may be appropriate for your site. Adapt what makes sense for your situation.
1. Engaging Design to Attract and Educate Viewers:
While many sites provide thorough, reliable information, not all of them present it well. Format, attractiveness, and accessibility are key to catching and keeping the attention of the reader. Content alone does not guarantee success. Excellent sites feature topics, graphics, and headlines that grab your attention. They encourage the viewer to learn more about information security by presenting the subject matter in a creative and engaging way. Some, for example, offer quizzes to test users on how much they know about security, so that an otherwise passive experience becomes an active learning opportunity. Others have dynamic sites featuring a "carousel" that catches the eye and quickly highlights a variety of content, such as Purdue University's Secure Purdue site or Indiana University's sites Protect IU site. Some , like MIT, summarize the key points on their site into , like MIT's Top Ten Safe Computing Tips, or or Carnegie Mellon University's list of Faculty and Staff Safe Computing Tips. They are carefully designed so that searching for topics is intuitive for the viewer. The University of Notre Dame and the University of Florida are two good examples of sites that provide content in an appealing manner. One other key aspect of design is making sure that your site can be used by those with a wide variety of abilities. Visit EDUCAUSE’s Accessible Web Design library page for for recommendations on how to build a universally user-friendly site.
2. News Updates and Alerts:
Some of the better sites feature up-to-date news articles, as well as malware and phishing alerts. Good examples are the information security sites for the Rochester Institute of Technology and the University of Rhode Island UC Berkeley, which contain both internal and external news, alerts, and headlines. Some, such as Duke University, go one step further by providing an RSS feed, the ability to subscribe to a newsletter, and/or an e-mail list option for those who want to receive security alerts in their inboxes as incidents occur. With new challenges to information security arising constantly, timely information is critical. Providing the latest information about potential threats to the campus is an important element for maintaining security and demonstrates a site's higher caliber.
3. Anti-virus Antivirus Software and Scanning Options:
The overwhelming majority of security websites offer students and other university campus end users free anti-virus antivirus software. Most also provide scanning services, so students may detect viruses, spyware, or other problems with their personal computers or mobile devices.
4. Other Resources:
Information by topic, Q&A, and recommended outside external links are important for educating users about security issues. The most successful sites provide relevant, timely information on hot topics, including viruses, identity theft, and social networking safety. Furthermore, they provide helpful outside links that help students further learn about security matters. A number of sites , for example, reference the Federal Trade Commission (FTC) for information on identity theft, the National Cyber Security Alliance (NCSA) for tips on protecting one's computer, and alerts online safety tips, as well as public alerts and advisories from the SANS Internet Storm Center, REN-ISAC, and US-CERT.
5. A Place to Ask Questions and Report Incidents (Accessibility is Key):
While good sites may provide a plethora of information and seem to cover all bases, even the best cannot foresee all questions. Consequently, a reliable help desk and easy access to contact information is very important. The most successful sites will prominently display e-mail and phone contact information, so that users may ask questions and report incidents, such as this example from Tufts University.
6. Social Media:
Savvy sites will reach their readers where they are most likely to be, i.e., on Twitter, Facebook, Instagram, Vine, Snapchat, or Pinterest. Rochester Institute of TechnologyRIT's Information Security office, for example, connects with its community on both Facebook and Twitter.
...
2. Selecting Your Social Media Channel(s)
Facebook is currently the most popular social media app, so if you're considering a social media presence, you should take a little time to consider its pros (most popular) and cons (time it takes to administer it) and how it might fit into your overall online presence. Will it complement or conflict with your website? Since there are many choices, focus on the social media that best serve your specific needs and resources. Use the following comparison chart of social media to assist in your decision for what is right for your situation.
Social Media | Characteristics & Considerations | Pros | Cons |
---|---|---|---|
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
Vine |
|
|
|
|
|
|
For another opinion, see PowerUpSocial's “Social Media Pyramid”, "A Guide to Using Social Media Channels for Your Business," and Patricia Redsicker's article "Pros & Cons of 6 Social Media Channels", the latter of which was one source for the above chart.
...