Last reviewed: June 2017
In an effort to help institutions create effective information security websites that are informative and helpful to their users, the Higher Education Information Security Council has compiled a list of common features and effective practices that can serve as an outline for a college or university developing or updating their campus information security website.
Getting Started with Your Website
Developing an information security website for your campus involves more than deciding on a color scheme, laying out a home page and creating content. A successful site that will continue to be useful to a broad audience over time starts with a few preparatory steps to lay a solid foundation before diving into the specifics. Not every item will be relevant in all cases, so feel free to modify this plan to suit your own needs.
- Form a website development committee.
- It is recommended that this committee include at least one individual from the following areas: web development, marketing/public relations, IT communications, IT training and awareness, and information security.
- During these committee meetings, you can discuss the following: brainstorm about focus and branding for the website, how it will integrate with the broader IT department's website, appropriate software or content management system to use (legacy or new), audience, content, and project timeline.
- Prepare a high-level overview of the website to present to senior leaders and obtain their approval in order to move forward with tasks and the launch.
- Schedule a meeting with information security project managers and appropriate senior leaders to obtain content. These people will comprise your content approval chain before anything is posted online.
- Assign individuals as content managers. These people will be responsible for updating pieces of content or pages, and maintaining them by periodically ensuring that the content is current and that links are working properly.
- Work with the IT communications team or marketing/public relations to create a communications plan geared towards spreading awareness about the website to target audience(s).
- Identify measurement tools (such as Google Analytics) to gauge how successful the website is over time and how often visitors are going to specific pages.
6 Elements for a Successful Website
Once you have laid the foundation, it's time to get down to specifics. As above, not every identified element may be appropriate for your site. Adapt what makes sense for your situation.
1. Engaging Design to Attract and Educate Viewers
While many sites provide thorough, reliable information, not all of them present it well. Format, attractiveness, and accessibility are key to catching and keeping the attention of the reader. Content alone does not guarantee success. Excellent sites feature topics, graphics, and headlines that grab your attention. They encourage the viewer to learn more about information security by presenting the subject matter in a creative and engaging way. Some, for example, offer quizzes to test users on how much they know about security, so that an otherwise passive experience becomes an active learning opportunity. Others have dynamic sites featuring a "carousel" that catches the eye and quickly highlights a variety of content, such as Purdue University's Secure Purdue site or Indiana University's Protect IU site. Some summarize the key points on their site, like MIT's Top Ten Safe Computing Tips or Carnegie Mellon University's list of Faculty and Staff Safe Computing Tips. They are carefully designed so that searching for topics is intuitive for the viewer. The University of Notre Dame and the University of Florida are two good examples of sites that provide content in an appealing manner. One other key aspect of design is making sure that your site can be used by those with a wide variety of abilities. Visit EDUCAUSE’s Accessible Web Design library page for recommendations on how to build a universally user-friendly site.
2. News Updates and Alerts
Some of the better sites feature up-to-date news articles, as well as malware and phishing alerts. Good examples are the information security sites for the Rochester Institute of Technology and the UC Berkeley, which contain both internal and external news, alerts, and headlines. Some, such as Duke University, go one step further by providing an RSS feed, the ability to subscribe to a newsletter, and/or an e-mail list option for those who want to receive security alerts in their inboxes as incidents occur. With new challenges to information security arising constantly, timely information is critical. Providing the latest information about potential threats to the campus is an important element for maintaining security and demonstrates a site's higher caliber.
3. Antivirus Software and Scanning Options
The overwhelming majority of security websites offer students and other campus end users free antivirus software. Most also provide scanning services, so students may detect viruses, spyware, or other problems with their personal computers or mobile devices.
4. Other Resources
Information by topic, Q&A, and recommended external links are important for educating users about security issues. The most successful sites provide relevant, timely information on hot topics, including viruses, identity theft, and social networking safety. Furthermore, they provide helpful outside links that help students further learn about security matters. A number of sites reference the Federal Trade Commission (FTC) for information on identity theft, the National Cyber Security Alliance (NCSA) for online safety tips, as well as public alerts and advisories from the SANS Internet Storm Center, REN-ISAC, and US-CERT.
5. A Place to Ask Questions and Report Incidents (Accessibility is Key)
While good sites may provide a plethora of information and seem to cover all bases, even the best cannot foresee all questions. Consequently, a reliable help desk and easy access to contact information is very important. The most successful sites will prominently display e-mail and phone contact information, so that users may ask questions and report incidents, such as this example from Tufts University.
6. Social Media
Savvy sites will reach their readers where they are most likely to be, i.e., on Twitter, Facebook, Instagram, Vine, Snapchat, or Pinterest. RIT's Information Security office, for example, connects with its community on both Facebook and Twitter.
Developing Your Social Side
This section builds on the final element, outlining considerations you should take in developing a social media component to your online presence.
1. Integrating Social Media
- Whether you've made the decision to jump in with both feet or simply put in a toe for now, you will want to consider the administrative requirements for using social media. These requirements include existing policies that your institution and/or department already has in place. Check with your marketing/public relations staff (you will have made a good contact during the "Getting Started" phase of development mentioned above) for any existing guidelines or policies. For example, Social Media @ Brown University includes guidelines for institutional use, as well as guidelines and best practices for personal use and social media site management.
- Branding: Social media is, at the heart of it, social and all about making personal connections. Keep this in mind when setting up your social media profiles. Having a friendly face in that little thumbnail -- whether belonging to the staff member who blogs, posts and/or tweets, or an artist's rendering of your mascot -- will ensure better connections. Whatever you select, it should align with your website and presents an excellent opportunity to do some branding.
- Dashboards and Automation: Keeping your messages fresh, ongoing and in sync can be daunting but luckily there are tools that can help. Dashboards such a Hootsuite allow you to manage multiple social profiles and schedule your messages. See more social media management tools below.
2. Selecting Your Social Media Channel(s)
Facebook is currently the most popular social media app, so if you're considering a social media presence, you should take a little time to consider its pros (most popular) and cons (time it takes to administer it) and how it might fit into your overall online presence. Will it complement or conflict with your website? Since there are many choices, focus on the social media that best serve your specific needs and resources. Use the following comparison chart of social media to assist in your decision for what is right for your situation.
Social Media | Characteristics & Considerations | Pros | Cons |
---|---|---|---|
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
Vine |
|
|
|
|
|
|
For another opinion, see the “Social Media Pyramid”, "A Guide to Using Social Media Channels for Your Business," "Social Media for Business: A Marketer's Guide," and Patricia Redsicker's article "Pros & Cons of 6 Social Media Channels", the latter of which was one source for the above chart.
3. Managing Social Media
All of these options can soon be overwhelming. The good news is, "there's an app for that." Four popular dashboards to investigate are: HootSuite, TweetDeck, ScooptIT, and MediaFunnel. Select the message aggregator that suits your needs to create a "communication central" to help manage your social media presence.
4. Training and Support
NERCOMP offers various classes focused on the use of social media. For peer support, consider getting involved with the EDUCAUSE IT Communications or Social Media constituent groups and/or subscribing to their lists.
Checklist of Recommended Practices
- Create an information security website that provides basic security information for all users (faculty, students, and staff).
- Use a common alias (e.g., http://www.university.edu/security or http://security.university.edu). Note: For some institutions, the campus safety office may already be using one or both of these aliases.
- Prominently display contact information (e-mail and/or phone number).
- Include RSS feeds for for security-related news, updates, and alerts (e.g., many schools use the US-CERT National Cyber Alert System or Symantec Security Response).
- When possible, an institution's main IT page should provide a highly visible link to their security page.
Recommended Model Websites
- Azusa Pacific University
- Brigham Young University
- Brown University
- Carnegie Mellon
- Cornell University
- Duke University
- Indiana University
- Massachusetts Institute of Technology
- Northwestern University (news podcasts)
- Ohio State University
- Purdue University
- Rochester Institute of Technology
- Stanford University
- University of Chicago
- University of Colorado at Boulder
- University of Georgia
- University of Nebraska-Lincoln
- University of Notre Dame
- University of Virginia (Facebook and Twitter)
- University of Wisconsin-Madison
- Yale University
Institutions Using RSS Feeds for Security News and Alerts
- Duke University
- Penn State
- Rutgers University
- The University of Arizona
- University of British Columbia
- University of Colorado Boulder
- University of Virginia
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).