May

crookpatedhatMobile - Wireless

Dec 10, 2013 (3 years and 8 months ago)

102 views



Page
1




Director’s Update

As of
May

3
1
, 201
1

Prepared by:

Stephen A. Vieira

Chief Information Officer and Executive Director of IT



Security Awareness:


P
asswords!

Time for a change?

Lock ‘em down!

Everyone knows that the most important computer
-
related info
rmation you have is your user
account name and password combination. That magic mixture provides access to a variety of
computing services and allows you to do things online that avoid much paperwork. Every time
you connect, you must
authenticate

who you

are which identifies the role you have at the
college. That role
authorizes

what access you get to those various computing services.

Having your password stolen is extremely costly since it could lead to stealing your files, your
email and essentially
privacy information protected against intruders. One way to avoid
password theft is to change passwords periodically. There are many suggestions for how often
this activity should occur; anywhere from every 45 days to once every six months. The most
imp
ortant facet of this advice is that your password should change regularly according to a
schedule

determined by those responsible for protecting your information.

When you change your password, you should try to create a strong password. Key elements of a

strong password are that it
is

long enough using uppercase and lowercase letters with umbers
interspersed. Three suggestions for determining a strong password are:



Make it 8 or more characters in length



The greater the variety of characters the better



Se
lect letters from the entire keyboard and not those used most often

However, choose a password you can remember. One suggestion is to start with a sentence or
two which would be meaningful to you. Turn your sentence(s) into a row of letters and then add
complexity; like capitalizing letters throughout. Finally add some numbers that are also
meaningful intermixed in the letters. Remember this password is yours to keep until you need to
change again so ensure it is something you can recall. If you must,
you can write it down but
keep that document secure and hidden from prying eyes.

To test if you have a strong password, Microsoft has provided a
secure password checker
.

Try it
and see if you have the strongest password possible. If not, you might want to fix that.

Some common pitfalls that cyber criminals are adept at deciphering

when it comes to passwords
are:



Dictionary words in any language



Page
2






Words spelled backwards an
d abbreviations



Sequences of repeated characters



Personal information like
name, birthday, license number, etc.

One way to guarantee that you have

complete control over your password is to sign up for
SMOP (Self
-
Management of Passwords), a service provided

by IT. Visit the web site,
https://live.ccri.edu/smop/
, and

enroll in this program. It is fast and easy and it enables you to
change your password for every computing service you might use. CCRI supports a si
ngle sign
-
on option for all user accounts which makes remembering your username and password even
more important. By enrolling in SMOP, even if you forget your password, you can always reset
it without calling the Help Desk. In the past six months severa
l attempts have been made to have
password changes done over the phone. IT has a strict policy that no passwords can be changed
for anyone without positive picture ID presented at the time of the request. Avoid this bother by
enrolling in SMOP; it takes
minutes but allows you to have complete control over your password
maintenance.

FakeAv
…Don’t get caught!



The Department of Information Technology
provides a
Sophos

use
-
at
-
home license for anti
-
v
irus
protection for your home computer. This is done to
ensure that if your computer at home does not have
anti
-
virus protection, the college can offer an
alternative. Having up
-
to
-
date, dynamic anti
-
virus
protection is extremely important and something
your computer should have.

With Sophos installed, viruses, worms, malware are
all blocked from invading your computer and
causing damage or worse. Many of these malicious
programs today install themselves and sit quietly for a period of time before waking

up and
connecting to other web sites collecting your personal information and sharing it. IT cannot
possibly urge you enough to protect yourself with an anti
-
virus program and in this case, Sophos.

One really nasty application that has been making the ro
unds lately is the FakeAv program. The
phony anti
-
virus program installs itself on your computer and then provides a popup window
telling you that you have a virus. No matter what you try to do, short of installin
g Windows
from scratch, the same message
will be delivered. However and here is where the FakeAV
program gets you, if you purchase the Anti
-
Virus package suggested, the cleanup will start
immediately and the virus will be eliminated.

You provide your credit card information, the anti
-
virus pro
gram is delivered to your computer
online and lo and behold,
and your

problem has been solved. Unfortunately, that is not the
whole story. The package delivered to you actually does nothing more than getting rid of the


Page
3




virus message you have been getting
. The delivered anti
-
virus program does not provide any
“real” protection and the criminals now have your credit card information for their use.

I’ve provided a
vi
deo

from Sophos Senior Security Advisor, Chester Wisniewski, describing
how FakeAv works. Review this information to learn even more about how FakeAV can
infiltrate your computer and how despicable the cyber criminals can be.

Next month a discussion abo
ut

spear phishing!


Academic
I
nitiatives:


Microsoft
Office 2010

It has been well
-
advertised and communicated that, based upon faculty
members’
requests;

the Department of Information Technology is rolling
out Microsoft Office 2010 to all computing labs a
nd classrooms, where it
will not adversely affect the instructional process. Focusing on this move,
let us describe
five

features

new
to the
Office suite.

1)


Ribbon interface and Backstage View across all applications


The Ribbon interface in
Office 2010 h
as changed
somewhat but still reflects
the set of commands for
working in a document. The
example here demonstrates
some of the features
introduced in Office 2007
and maintained in the new
suite.

The Backstage View can be displayed by
clicking on the Fil
e tab. Backstage is where you
manage documents for sharing with others,
gathering data about the document and doing
things with the document (like printing, saving,
etc.)





Page
4





2)

Background Removal Tool

The Background Removal tool is a really slick feature t
hat
emulates Photoshop and Photoshop
Elements, not quite as nicely but enough for most jobs. Insert an image by clicking on Insert |
Picture and select the required picture to insert.







In the Picture Tools | Format tab, click on Remove Background. T
he background becomes
purple indicating what will be removed when you press the Enter key. Press the Enter key and
you will get the result shown above on the right. A simple and easy tool to work with imbedded
pictures in your documents.

3)

Math Type


One a
dd
-
in for the Microsoft Office 2010 suite is Math Type. It is a powerful equation editor
that adds mathematical notation to documents, web pages desktop publishing and presentations.
To write an equation, on the Insert tab, in the Symbols group, click th
e arrow next to Equation.

Click the equation you want or click Insert New Equation.
You can save and add
equations to that list by clicking (
Under Equation Tools, on the Design tab, in the
Tools group
)

Equation, and then click Save Selection to Equation
Gallery.

You
can name the equation and use it in other documents throughout the Office 2010
suite. This takes some experimenting but once you get the hang of it, it is a
handy tool for those documents requiring equations.

4)

Screen Capturing and Clipping t
ools

Office 2010 provides a screenshot capability
in the Insert | Illustrations area. Clicking on
this option enables the various screens that
are currently displayed in Windows to be
selected for inclusion in your document.
Once you have selected the sc
reen, all the


Page
5




Picture formatting tools are available for cropping and adjusting the screenshot to your exact
needs.

5)

Jumplists

in Windows 7

Jumplists make accessing recently used material
much simpler. Right
clicking a program button on the taskbar provides a list of documents,
songs, pictures or whatever you were recently viewing or using in each
application. This video describes how easy it is to use
Jumplists

and
how you can drag and drop applications into your taskbar. Imagine
being able to see a list of recently edited Word documents simply by
right clicking the icon the taskbar and opening the
document of choice
by simply clicking on it.

Office 2010 includes new and improved
features, ways of sharing
documents and providing
better version control

for shared material.

Next month this newsletter will highlight more features of Microsoft Office
2010 like
Sparklines
,

Slicers,
personalized

videos in a presentation
,
bookmark
ing

key points in
a video,
compression
of long e
-
mail threads into a few conversations that can be
categorized
, filed, ignored, or cleaned
up

and t
he new Broadcast Slide Show.

S
tudent Orientation

Working with
Counseling and Advising, the Department of Information
Technology has begun a program working with Student Orientation to
provide introductory instruction to students for help with logging in and
password management.
Start
ing June 23
rd

and running through September
1
st
, a crew of Beth Dowling, David Judd, Dawn Lewis and Steve Vieira will
be guiding groups through “how to find your username”, “how to login”,
“self management of password enrollment”, “the CCRI portal” and “ho
w to
log off”. These sessions are meant to provide enough expereince for students
to know how to use the computing resources in the computing labs, libraries
and classrooms throughout CCRI’s four campuses.

It is anticipated that the orientation session
s might meet with approximately
2000 students over this period and hopefully avert some distressed Help Desk
calls at the beginning of the semester.

Desktop
Computer
Rollouts
!

The spring and summer always bring with it the refreshment of
computers to facul
ty and staff across CCRI. With over 3200
computing devices in classrooms, libraries, labs and on personal
desks, the task is to replace a percentage of older computers every


Page
6




year. With such a large number of desktop
units, the challenge is to find the ti
me to deliver these
upgrades while not interrupting instruction or schedules. Over the years, the window of
opportunity has gotten tighter and tighter but the crew at each of the campuses makes every
effort to get it done.

This year we are rolling out ove
r 400 new computers through the efforts of Lynn Gudeczauskas
in Newport, Pat Lambrou and Leslie Kennedy in Lincoln, Sherry Zinn in Providence and Mike
McNally and Tony Tanzi in Warwick. The rollout consists of installing new software on each
machine, call
ing to make appointments to backup personal files on the old machine and then
loading those files onto the new desktop computer. Obviously this takes some coordination and
cooperation from those who are getting new computers delivered to their area.

IT i
s certainly
grateful for those
folks who are getting their computers upgraded for making the time available
to us. We know that it can be an interruption in your schedule.

New Scantron Scanner and Software provides alternatives to bubble sheets!

The Depa
rtment of Information Technology has
recently requisitioned a new Scantron scanner
and accompanying software that enables anyone
using it to create their own bubble sheet for any
purpose imaginable. The new software, Survey
Tracker, supports integrated sc
annable form
design, printing and data collection using the new scanner.

One feature that enhances the data collection process is the application’s ability to do Image Clip
capture, basically the ability to collect written responses exactly as they were
written. This
eliminates the need to manually copy or enter written data included with surveys, evaluations or
tests.

Survey Tracker allows a CCRI
-
designed exam, survey or
feedback instrument to be
distributed in

several methods;
through two types of e
-
m
ail (HTML and text), web sur
vey and
surveys

by disk

and classic paper
-
based. Scanning or
collecting any of these distributed instruments is simple using the scanner or automatic data
collection to a SQL
-
based database for future analysis.

Survey design is

also simple using wizards which make it easier to create a survey or design a
survey style for repetitive use. A WYSIWYG user interface makes it easy to drag and drop
logos, designs, images and questions so designing a new instrument is not a difficult
task. AND,
multiple languages are supported so exams can be customized to a specific French, Italian, etc.
course. Any instrument designed can then be distributed in the multiple fashions previously
described. If a faculty member designs an exam for the
ir class, they can distribute it through
paper format or online. The flexibility of this program will be a feature that everyone using it
will embrace.



Page
7




A survey library contains over 100 pre
-
written surveys, a question library, a message library, an
image

library and a survey style library. This collection can be added to with user
-
definable
surveys created locally at CCRI for repeated usage.

Question design is also very flexible in that any of the various scale types are supported
including single respon
se, multiple response, horizontal numerical, fixed sum, forced ranking,
yes/no, true/false, write
-
in text, write
-
in numeric and write
-
in date. Each question can have up to
six scales as customary in any bubble sheet design.

Another feature that will be we
lcome will be the availability of “hidden data” which pre
-
populate
various fields on the bubble sheet. This will facilitate the mail merge fields that are often
required for each course section. Each of these fields can be pre
-
populated eliminating possi
ble
errors in filling in bubble sheets for large stacks of courses.

When the Scanner and Survey Tracker arrive on campus, IT will offer multiple opportunities for
anyone to learn how the software works and how it might be useful for exam creation, survey
c
ollection or other uses where data collection is necessary.

Microsoft Home Use Program


Last summer, CCRI signed an agreement with Microsoft

to participate
in their Home Use Program for all eligible faculty members and staff of
the college. This agreemen
t replaces the Microsoft Campus Agreement
version 3.2 program. The HUP program is less restrictive and generally
more functional for the home user.

You can get Microsoft Office 2010 for your home computer using the
Software Assurance H
o
me Use Program (HUP)

. By clicking on this
link, you can obtain a fully
-
licensed copy of the latest software for the
cost of the DVD and shipping. The version avail
able under the
agreement is Office 2010 Professional for Windows and Office 2008
for Mac.

To access the Microsoft Home Use Program website, please follow the steps below:



Contact the IT Help Desk by phone (825.1112) or email (helpdesk@ccri.edu) to obtain a
n
HUP Program Code for accessing the Microsoft Home Use Program website.

Note: The HUP Program Code you will be given is assigned to CCRI for our sole use

to
access this site. You must not “share” this code with anyone outside CCRI.



Open a web browser an
d go to
https://hup.microsoft.com/




Select the country you wish your order to be shipped to and choose the language for
viewing the order website.



Enter your CCRI email address (username@ccri.edu) and insert the
program code you
requested in step 1.



Page
8




IT will be working with other software and hardware vendors to try to expand the offering of
other programs like HUP. Providing resources at reasonable pricing for home use is a goal of IT
for all students, faculty a
nd staff of CCRI.

Administrative initiatives:

Oracle 11g Database Upgrade


SunGard Higher Education announced over a year ago that they would no longer support Oracle
10g, the current database that supports Banner. The division of Management Information
S
ystems started planning the upgrade at that time. When you tackle an Oracle upgrade, you
affect every other administrative database
-
dependent application supported at the college. So
you need to consider testing Oracle 11g with not only Banner but also t
he Operational Data
Store, the MyCCRI Luminis portal, Blackboard and the UC4 Applications manager. Brian
Walsh, Senior Database Administrator, along with too many of the Banner users to mention,
spent countless hours upgrading test instances to guarantee
a successful upgrade to the
Production Banner system.


The Oracle 11 g upgrade is an absolute requirement in order to stay current with the Oracle
premium support option and to maintain our Banner system. CCRI must be using Oracle 11g by
July 31, 2011 wit
h all applications that have an Oracle database supporting them.


On
Sunday,
July 17

from 7 a.m. to 6 p.m.
,
all applications that have an Oracle database backend
must be down during the upgrade. Information Technology, and particularly Brian, will be
perf
orming the upgrade on six (6) databases using Oracle at the college. They include all
Banner, the MyCCRI portal, Blackboard, Resource 25, the UC4 Application Manager and the
Production Operational Data Store.


Microsoft
Exchange 2010

In the coming Academ
ic Year, the Department of
Information Technology will be
moving

all email

mailboxes throughout the year from Microsoft
Exchange 2007 to Exchange 2010.
Exchange Server
2010 is the new Messaging and Collaboration
platform from Microsoft, and it has a lot o
f new, compelling features. The new High
Availability, management and compliancy features make Exchange Server 2010 a very
interesting product
with

less complexity, which is always a good thing!

There are a number of reasons why this move is being made.



Page
9






Simplified high availability and disaster recovery

Exchange 2010 introduces a simplified approach to
high availability

and disaster recovery to
achieve new levels of reliabilit
y and reduce the complexity of delivering business continuity.

With the new version of the server, this will assure that email will be up and running without
interruption, except in the event of a planned upgrade or outage.



Easier administration and decre
ased dependence on the help desk

Exchange 2010 provides
new self
-
service capabilities

to help users perform common tasks
without calling the help desk.

Among the self service ca
pabilities in Exchange 2010 are
updating your information in the address book, managing distribution groups, subscribing or
deleting yourself from a distribution group, managing your mobile phone, etc. All these
features are available using Web Access whi
ch allows you to use them without havin
g to
upgrade the Outlook client.



Greater mobility and flexible access

Exchange 2010 offers an enhanced universal inbox experience

which provides to all business
communications from a single location.

Unified messagin
g in Exchange 2010 has many
features such as call answering rules (similar to Outlook rules), voice mail preview in email,
protected voice mail, etc. You can view presence information and initiate chat directly within
Outlook and Web Access instead of havi
ng to rely on an Instant Messaging client. Thus the
use of Office Communicator expands into the Exchange environment.



Conversation view capabilities to reduce noise

-

Exchange now provides a more
advanced conversatio
n view feature

b
y grouping messages fro
m a single conversation
together
. T
he conversation view enables
you

to quickly identify the most recent messages
and the chain of responses. By treating an entire group of messages as a single conversation,
the messages can be managed, ignored, moved, and

deleted as a whole. New messages that
are part of a conversation that
you

cho
o
se to ignore are sent straight to the deleted items
folder.
You

could also use the
cleanup

feature to delete redundant messag
es in a chain.



Out of Office

-

In Exchange 2010,
you

can now set an Out Of Office response in advance
with a defined schedule. It also allows messages to be customized for internal and external
users or allowing to send messages only to your contacts
.



Improved Web Access

-

Outlook Web Access (now called Ou
tlook Web App) has many
improved features including
integration

with other browsers such as Firefox and Safari, name
cache

(allows you to have auto completion of an email address you are typing)
, ability to set
status for messages, filters, advanced search
, Instant Messagin
g, SMS Text message sync,
etc.



Sharing calendar, free/busy and contacts with external users
-

You

can
now
share
calendar, free/busy information and contacts with
friends

outside of
CCRI. In the past,
sharing calendars with others outside

of the college was difficult and required a complicated
web string of characters. This new feature allows you much more freedom to collaborate
with those not within your organization



MailTips
-

The MailTips feature warns users of any damaging or embarra
ssing
consequences
-

such as sending a message outside your organization, to a large distribution
list, to someone who is out of the office, with attachments that are too big to deliver, and
custom MailTips created by system administrators.

MailTips will
help prevent unwanted
outcomes in your use of email.



Personal Archive

-

Even though Exchange 2010 allows for much larger mailbox sizes
and increases the limits on the number of items in a folder, an additional option of an archive


Page
10




mailbox
will

be provisi
oned for
you
.

For the first time, b
oth the primary and the archive
mailboxes can be accessed using Outlook
and

Web Access.

Archiving and retention policies
can be applied to messages in your primary mailbox and messages can be automatically
archived to t
he archive mailbox without user intervention. This eliminates having to use PST
files and
the
inability to access those PST files when you are mo
bile and are using Web
Access.



Protection Rules
-

You

can apply IRM (information rights management) protection
to
messages by using policy templates.
Every day we send email to exchange sensitive
information. Because you can access email from just about anywhere (mobile phone, web
access, iPad, etc.) mailboxes have transformed into repositories containing large am
ounts of
potentially sensitive personally identifiable information. As a result, information leakage can
be a serious threat to the college and you. To help prevent this, Exchange 2010 includes
IRM features which provide persistent online and offline prot
ection of email messages and
attachments.
The protection policy can be applied at the origin
of an email message
when
composing to avoid eavesdropping on the server.


There are many more features worthy of mention in Exchange 2010. In combination with
Ou
tlook 2010 there are many additional features which are geared towards improving
productivity and networking such as Quick Steps, Schedule View, and Team Calendars. Outlook
2010 Social Connectors brings together communications history, contact information,

and
professional and social networking information into the Outlook experience. Social Connectors
include add
-
ins for Facebook, LinkedIn and MySpace.

Exchange 2010 will be implemented in a deliberate and steady fashion over the fall semester
ensuring no i
nterruption in service and transparency to all faculty and staff of the college.
Moving everyone into the new environment in a controlled and fault tolerant manner is the
primary goal of this project.


Mobile Devices
…here to stay!

I
n a straw poll that IT

has been conducting with
students in the Academic Computing labs,
approximately 40


50% of them have
smartphones of some type. Although the tablet
has not become the flavor of the day, it is clear
that mobility is happening at CCRI. One
question that k
eeps cropping up
among students
is “how do I connect my CCRI email to my
phone?”

Mobile devices,
also known as handheld devices, handheld computers or simply handhelds, are
generally conveniently
-
sized computers with touch screen displays and often minia
ture or
displayable

touch screen keyboards. They can be described as smartphones, tablets, PDAs and
in some cases enterprise digital assistants. At CCRI, the observant student watcher will see
iPhones, Droids,
Blackberrys

and the occasional tablet. More

students are texting and


Page
11




communicating in the moment than reading email. Sending email to their smartphone simply
makes that communication more efficient rather than any other delivery mechanism.

So what makes handheld devices so popular? They are rugge
d. They are inexpensive. They are
available. They provide freedom to get messages and keep in touch no matter the location or
time. The benefits of social computing are reflected in the device independence of the type of
communication that students use
. My Black
b
erry can
send
text
messages
to your iPhone and so
on. The beauty (and perhaps the beast) of the devices is the fact that you can be reachable
anywhere, anytime. The “always on” feature for this new generation of computer users is
perhaps the
greatest attraction.

These mobile collaboration systems also feature audio, video and gaming functions that keep the
devices in your hand. Continued expansion of the capabilities of these devices will extend
functionality using technology like Quick Resp
onse Barcode (QR code) scanning which is in use
today. This technology allows you to point your smartphone at a code displayed here and collect
information about a product, book, performance, etc. and save it to your phone for later use and
review.

Anothe
r technology that is being embedded in smartphones is
Near Field Communications which will allow you to use your
smartphone as a secure, purchasing tool for movie tickets by
simply pointing at a poster of a movie you want to see and
getting information onl
ine about where it is playing, the price of
the tickets and purchasing them in a simple click of your
smartphone. This is a simple example of that capability but it
extends to security mechanisms on your car, your home and at
work. Credit cards could be
securely stored in your smartphone
and used to buy lunch. Exchanging business cards will all be done through smartphones.

Clearly the mobile device marketplace will become even more competitive, more functionality
infused and more confusing as to which

device offers which functions. Similar to the early days
of purchasing personal computers, the user will be asked more questions about what they want
the device to do and how they are going to use that specific mobile computer. However, it
appears that
the affordability and availability of these devices will be the driving force behind the
competition in the marketplace. So, more power to the user and more responsibility as well as
these devices hold more information about each of us and security of tha
t information becomes
even more important and at risk.

Tablets at CCRI seem to be focused around two
operating systems, iOS and
And
roid. iOS is Apple’s
mobile operating system. Originally developed for the
iPhone, it has been extended to support the iPad
, iPad
2, iPod Touch and Apple TV. Apple does not license
iOS for installation on third
-
party

hardware so if you
don’t own one of the previously
-
mentioned devices,
you aren’t using iOS. In the past this was the same


Page
12




strategy used by Apple during its heyd
ay surrounding the Macintosh and all the following
computers that Apple introduced. The operating system is based upon the concept of direct
manipulation using multi
-
touch gestures. The fluidity and instantaneous reaction to user input
makes it very
pop
ular with a small learning curve for how to use it.


The Android operating system, purchased by Google in 2005, is
based on Linux. The Android Open Source Project (AOSP) was
established to maintain and further develop Android. The Android
operating sys
tem is currently the world’s best
-
selling Smartphone
platform. There are over 200,000 droid applications available for
Android
-
supported devices that can be downloaded through Android
market or through third
-
party sites. The primary devices that are
seen

at CCRI are the Droid smartphones and the Motorola Xoom
tablet.

So what is a tablet PC and what functionality can I expect from one? First there are multiple
forms of tablets. The
slate tablet PC

is basically a classical tablet PC with a touch screen
and no
keyboard, such as an iPad or a Xoom. A
convertible tablet PC

is a notebook computer with
touch screen capability, like the Dell

Latitude Touch Screen laptop on my desk. A
hybrid tablet
PC
is a convertible tablet with a detachable keyboard. A
Book
let

is a dual screen tablet that can
be folded like a book. Finally there is the
rugged tablet PC
which is a platform for use in the
field requiring a tough exterior design for the terrain in which it is used.

As you can see, the tablet market is clearly
dominating the formerly mobile laptop environment.
The portability and connectivity functions of the tablet make it ideal for the computer user no
longer wishing to be locked to a desk. Two other features that lead to its popularity are its size
and weig
ht with most units
between 7 and 12 inches in screen size and weights measuring less
than five pounds.
Estimates are that 40% growth per year will be a conservative approximation
of this most rapidly growing market among personal computer devices.

How m
any different tablets can you name?
Below I have included
a
great table put together by
Tablet Comparison that gives you a brief description and comparison of sixteen different
varieties of tablets from many vendors. I would venture to say that this mark
etplace has much
more to offer. When asked what tablet someone should buy, the answer is either “wait as long as
you can because the best is yet to come” or “jump in and find the device that is right for you,
knowing that three months from now there will
be improvements”. Needless to say, let the buyer
beware! This is a very volatile marketplace where the flashy, fantastic tablet of the month could
be next month’s Betamax.

Here is the promised table…enjoy!




Page
13









PCI Assessment



On May 10
th
, William F
ranklin, a Quality Security Assessor from Compass IT Compliance
provided the college with a PCI DSS 2.0 Assessment Report. PCI is an abbreviation for
Payment Card Industry and DSS is an abbreviation for Data Security Standard. The report
generally review
s and analyzes the manner in which credit card handling is done throughout the
various departments at CCRI. Mr. Franklin sat with representatives from all departments across
the four campuses where credit cards were taken for payment of any and all transa
ctions.


Findings determined that documented procedures were one category where much improvement
is needed. While CCRI has lots of adopted standards and policies understood, many of these are
not documented and thus not always repeatable. CCRI’s utilizat
ion of cloud computing to
outsource credit card handling through TouchNet (for student payments) and Raiser’s Edge (for
alumni and foundation donations) has greatly enhanced the protective measures to separate credit
card data from being stored on campus.

Additionally all TouchNet servers have been moved to


Page
14




their secure data center in Kansas City to further ensure that no credit card information is stored
on CCRI premises.


One area that particularly needs attention is the future implementation of features

that will
prevent data leaks (DLP equals Data Leak Prevention). This functionality will restrict all
unprotected confidential data from being sent over the various messaging technologies available
at the college or from being transported using external d
ata storage instruments. Specifically one
action that must occur is locking down the transport of personally identifiable information such
as social security numbers and account information
through email

o
r loaded onto USB memory
sticks or unencrypted lap
tops. Much security awareness training must be developed and
delivered to all CCRI constituents in order to ensure that this data is protected and people
understand why.


Another area that needs to be addressed is the upgrade of physical security requirem
ents to
ensure that systems are better protected and an audit trail is kept of entry to the data center and
servers within that environment. While the Information Security Council is in its early stages of
development, the coming Academic Year will see a
big push to making security awareness a key
element in the strategic planning for the college.


Much thanks needs to go to the many folks who participated and had their specific processes and
their payment card profiles examined. Interviews with IT and bu
siness unit staff members, a
review of available documentation and tour of various facilities completed the assessment.
Those who participated were, (from the Office of Institutional Advancement) Heather Butler and
Robin McDuff, (Assistant Controller) Dav
id Rawlinson, (Book Store Manager) Don Baker,
(from the Bursar’s office) Marilyn Kelly and Dennis Grassini, (from MBS Books) Todd
Whetton, (from the Center for Workforce & Community Education) Jaime Nash and
(
from
Information Technology
)

Manny Correia and
Anthony Dzikiewicz
. Their professional,
knowledgeable and forthcoming attitude led to this complete and accurate assessment.



Upcoming projects:


Project Web Site


Working with Jim Kirby and Sara Hill
from Web services, a CIO
-
based web

site
has been cre
ated for

all Department of
Information Technology projects, both
completed and ongoing, with project
charters and more. A description of the
IT Governance model employed to
develop the project list and prioritize
those requests
is

also part of the site.




Page
15




While any web site evolves over time, plan
s are

to include items here such as project plans
provided by vendors and timelines for completion of projects as well as status reports on each
ongoing project. The site is called
mITi

which stands for Managing Information Technology
Initiatives. As its purpose states, this will over time become a one
-
stop source for information
about IT projects and a repository for all project related documentation. Another sp
ecific
intention of this site will be as a communication vehicle for keeping stakeholders and user
informed about progress being made and future updates.


The Department of Information Technology certainly welcomes feedback on this site as it
continues to
grow over time. Please feel free to use the contact information email address to
send comments, suggestions and any ideas you might have about how this site could improve.
Since this site is in its infancy, will be continually growing and its contents ch
anging
dynamically, it will deliver frequent updates and additions. So please check back periodically to
see our progress.


Mobile Strategy for CCRI



In a recent presentation at a NERCOMP
event surrounding Future Trends in
Technology, the budding strate
gic direction
of CCRI concerning mobile platforms was
shared with a number of other higher education institutions throughout New England. In
preparation, much research went into what other colleges and universities were doing to address
the growing need o
f students, faculty and staff for mobile applications. A published strategic
plan will be forthcoming before the end of the summer to address possible methods in which IT
will facilitate CCRI’s participation in this new communication paradigm.


One exampl
e presented about how the mobile phone might evolve is offered by Mozilla Labs
through their concept series “Seabird” community driven phone. A YouTube
video

is available
by clicking this li
nk that gives you an idea of what that might look like. Certainly having this
level of functionality in a mobile device that fits within your pocket is something that would
provide incredible flexibility and power in a handheld instrument.


Looking throug
h what others are doing and having had the opportunity to download several
campus application suites, one discovers that several “apps” are student service based and built
with marketing and communications in mind. Fewer apps have been created for use in
the
classroom; however these are expanding rapidly and have incredible functionality in the areas of
language development, skill development and preparation. Projects like
Watermelon Express

and
Janala

show the power of the mobile device and how it might be used for rote and practice
learning where repetition and review is so important.


One thing that is clear is the need for a development
“framework”
at any ins
titution
where mobile

apps
are going to be developed. Three such
mobile web
frameworks
(MWF)
are

evident at
MIT
,
University


Page
16




of California, Berkeley

and
UCLA
.
The example to the right is the MWF being used at UC
Berkeley, derived from that utilized throughout the University of California system.


Based o
n the fundamentals of HTML 5 and CSS 3 and JavaScript, the approach taken is to
remain as agnostic as possible, that being not writing apps for the particular smartphones but
rather righting an app that will work on any platform. As the marketplace wrestl
es with creating
a standard programming environment, this seems to be the direction in which most colleges and
universities are developing mobile apps.


The Department of Information Technology at CCRI is taking a similar approach in the
development of a s
trategic plan for mobile web support. With a comprehensive web presence at
CCRI, a lot of the current web pages and applications can be converted to HTML 5 and CSS 3.
CCRI is also supporting the mobile app being delivered from
Blackboard. SunGard Higher

Education, supporters of Banner, has issued a mobile development tool and with a new
Commons area being developed by all Banner users, some available apps might be something
that CCRI could amend to work with our students, faculty and staff. As a result,

the mobile
strategic plan becomes a combination of support for vendor
-
delivered applications, homegrown
web content and shared code from other Banner sites customizable for CCRI.