You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

In an effort to help institutions create effective information security websites that are informative and helpful to their users, the Higher Education Information Security Council has compiled a list of common features and effective practices that can serve as an outline for a college or university developing or updating their campus information security website.

Getting Started with Your Website

Developing an information security website for your campus involves more than deciding on a color scheme, laying out a home page and creating content.  A successful site that will continue to be useful to a broad audience over time starts with a few preparatory steps to lay a solid foundation before diving into the specifics. Not every item will be relevant in all cases, so feel free to modify this plan to suit the needs of your department or institution.

  1. Form a website development committee.
    • This committee should involve at least one individual from the following departments: web development, marketing/public relations, IT training and awareness and information security.
    • During these committee meetings, you can discuss the following: brainstorm about focus and branding for the website, how it will integrate with the broader IT department's website, appropriate software or content management system to use (legacy or new), audience, content and project timeline.
  2. Prepare a high-level overview of the website to present to senior leaders and obtain their approval in order to move forward with tasks and the launch.
  3. Schedule a meeting with information security project managers and appropriate senior leaders to obtain content. These people will comprise your content approval chain before anything is posted online.
  4. Assign individuals as content managers. These people will be responsible for updating pieces of content or pages, and maintaining them by periodically ensuring that the content is current and that links are working properly.
  5. Work with marketing/public relations to create a communications plan geared towards spreading awareness about the website to target audience(s).
  6. Identify measurement tools (such as Google Analytics) to gauge how successful the website is over time and how often visitors are going to specific pages.

Six Elements for a Successful Website

Once you have laid the foundation, it's time to get down to specifics. As above, not every identified element may be appropriate for your site. Adapt what makes sense for your situation.

1. Engaging Design to Attract and Educate Viewers:
While many sites provide thorough, reliable information, not all of them present it well. That is, format, attractiveness, and accessibility are key to catching and keeping the attention of the reader. Content alone does not guarantee success. Excellent sites feature topics, graphics, and headlines that grab your attention. They encourage the viewer to learn more about information security by presenting subject matter in an interesting or creative way. Some, for example, offer quizzes to test users on how much they know about security, so that an otherwise passive experience becomes an active learning opportunity. Others have dynamic sites featuring a "carousel" that catches the eye and quickly highlights a variety of content, such as Purdue University's or Indiana University's sites. Some, like MIT, summarize the key points on their site into Top Ten Safe Computing Tips, or Brown University's 5 Quick Tips to Get Control. They are carefully designed so that searching for topics would be rather intuitive for the viewer. The University of Notre Dame and the University of Wisconsin-Madison are two good examples of sites that provide content in an interesting and accessible manner.

2. News Updates and Alerts:
Some of the better sites feature up-to-date news articles, as well as virus, spyware, and phishing alerts. Good examples are the information security sites for Duke University and The University of Arizona, carrying both internal and external news, alerts and headlines. A smaller number go one step further by providing an RSS feed, ability to subscribe to an newsletter, and/or an e-mail list option for those who want to receive security alerts in their in boxes as incidents occur. With new challenges to information security arising constantly, timely information is critical. Providing the latest on potential threats to the campus is an important element for maintaining security and demonstrates a site's higher caliber.

3. Anti-virus Software and Scanning Options:
The overwhelming majority of security websites offer students and other university users free anti-virus software. Most also provide scanning services, so students may detect viruses, spyware, or other problems with their personal computers.

4. Other Resources:
Information by topic, Q&A, and recommended outside links are important for educating users about security issues. The most successful sites provide relevant, timely information on hot topics, including viruses, identity theft, and social networking safety. Furthermore, they provide helpful outside links that help students further learn about security matters. A number of sites, for example, reference the Federal Trade Commission (FTC) for information on identity theft or the National Cyber Security Alliance (NCSA), for tips on protecting one's computer, and alerts from the SANS Internet Storm Center and US-CERT.

5. A Place to Ask Questions and Report Incidents (Accessibility is Key):
While good sites may provide a plethora of information and seem to cover all bases, even the best cannot foresee all questions. Consequently, a reliable help desk and easy access to contact information is very important. The most successful sites will prominently display e-mail and phone information, so that users may ask questions and report incidents, such as this page on Yale's Secure Computing site.

6. Social Media:
Savvy sites will reach their readers where they are most likely to be, i.e., on Twitter, Facebook, Foursquare or Pinterest. Rochester Institute of Technology's Information Security office, for example, connects with its community on both Facebook and Twitter.

Developing Your Social Side

This section builds on the final element, outlining considerations you should take in developing a social media component to your online presence.

1. Integrating Social Media

  • Whether you've made the decision to jump in with both feet or simply put in a toe for now, you will want to consider the administrative requirements for using social media. These would include existing policies that your institution and/or department already has in place. Check with your marketing/public relations staff (you will have made a good contact during the "Getting Started" phase of development mentioned above) for any existing guidelines or policies (example: Social Media @ Brown University includes guidelines for institutional as well as personal use and best practices for social media site managers.
  • Branding: Social media is, at the heart of it, social and all about making personal connections. Keep this in mind when setting up your social media profiles. Having a friendly face in that little thumbnail -- whether belonging to the staff member who blogs, posts and/or tweets, or an artist's rendering of your mascot --  will ensure better connections.  Whatever you select, it should align with your website and presents an excellent opportunity to do some branding.
  • Dashboards and Automation: Keeping your messages fresh, ongoing and in sync can be daunting but luckily there are tools that can help. Dashboards such a Hootsuite allow you to manage multiple social profiles and schedule your messages. See more social media management tools below.

2. Selecting Your Social Media Channel(s)
Facebook is currently the social media app, so if you're considering a social media presence, you should take a little time to consider its pros (most popular) and cons (time it takes to administer it) and how it might fit into your overall online presence.  Will it complement or conflict with your website? Once established, are there resources to keep it timely and engaging? Use the following comparison chart of social media to assist in your decision for what is right for your situation.

Social Media

Characteristics & Considerations

Pros

Cons

Facebook

  • Messages presented in a timeline
  • Allows for longer posts, links to images and videos, can build a webpage within Facebook environment
  • Can establish as a page (wide open) or a group (targeted to a select audience)
  • Can be your dynamic presence with website for more permanent content (such as how-to's, documentation, best practices)
  • Frequency of messages: three or more times a week recommended
  • Most popular
  • Easy to use (esp with mobile apps)
  • Great for generating buzz
  • Ongoing issues regarding privacy and security.
  • Promoting Facebook may be perceived as a mixed message from security professionals

Twitter

  • Limited to 140 characters per post
  • Shortened URLs recommended (e.g., bitly.com and tinyurl.com)
  • More personal and informal than Facebook
  • Frequency of messages: daily at a minimum
  • Best at real-time multi-way messaging and conversations 
  • Hashtags allow for targeting of messages 
  • Easy to use
  • Can be overwhelming for senders and receivers (lots of "white noise")
  • Limited message length
  • Short shelf-life for tweets

Google+

  • Share documents, survey & quizzes
  • Form/join groups to share conversations (blog-like interface)
  • Offers ability to connect with users in hangouts (free option limited to 10 users)
  • Live broadcasts on web via your YouTube channel (share a hangout "on air")
  • Clean and easy to navigate
  • Real time face-to-face chats (hangouts)
  • "Broadcasting" ability good for training, demos and events
  • May be good option for GAE schools
  • Not as popular, may not catch on
  • Difficult to administer

YouTube

  • Can be a supplement your website and Facebook page 
  • Pair with Google+ for online broadcasting 
  • Able to brand yourself by establishing your own YouTube channel
  • Very popular
  • Venue for training, demo and awareness videos
  • Video could go viral (good and bad, depending on reason)
  • Videos can get lost in the glut of offerings, leading to short shelf-life

Foursquare

  • First social medium that started as a mobile app
  • Location-based social media service for smartphones to share and save visited locations
  • Users "check-in" to collect badges
  • Cross-platform (Apple, Android & Blackberry)
  • Possible uses: publicize training locations or build into a cyber security awareness contest
  • Some privacy concerns as it uses personal GPS-based data

Pinterest

  • Online pinboard that lets users organize and share items of interest 
  • Category-based 
  • Items can be "repinned"
  • Another way to tell a story with pictures
  • Could use to promote your website (allows pinning things from your site)
  • Cross-platform (Apple and Android only)
  • In early stages of development with security and related privacy concerns 
  • Very visual, so challenging when dealing with abstract concepts 
  • Narrow audience (used chiefly by women) 
  • Consumer-based (used for purchases)

For another opinion, see PowerUpSocial's analysis and Patricia Redsicker's article "Pros & Cons of 6 Social Media Channels", the latter of which was one source for the above chart.

3. Managing Social Media
All of this can soon be overwhelming. The good news is, "there's an app for that." Four popular dashboards to investigate are: HootSuite, Tweetdeck, ScooptIT, and MediaFunnel. Select the message aggregator that suits your needs to create a "communication central" to help manage your social media presence.

4. Training and Support
NERCOMP offers various classes focused on the use of social media. For peer support, consider getting involved with the IT Communications Constituent Group  and/or subscribing to their listserv.

Checklist of Recommended Practices

  • Create an information security website that provides basic security information for all users (faculty, students, and staff).
  • Use a common alias (e.g., http://www.university.edu/security or http://security.university.edu). Note: For some institutions, the campus safety office may already be using one or both of these aliases.
  • Prominently display contact information (e-mail and/or phone number).
  • Include RSS feeds for for security-related news, updates, and alerts (e.g., many schools use the US-CERT National Cyber Alert System or Symantec Security Response).
  • When possible, an institution's main IT page should provide a highly visible link to their security page.

Recommended Model Websites

Institutions Using RSS Feeds for Security News and Alerts

(question) Questions or comments? (info) Contact us.

(warning) Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).

  • No labels