You are on page 1of 12

Engl.

402 | Fall 2015 | Team


4

Securit
y
Improv
ement
Initiati
ve
2015
Project Report

Prepared for:

Prepared by:

Aminah BarnesCannon
Professor of English, Washington State
University
Joe Reese, Christina Kwong, Myron Jenkins, and Jeff Girmus
Engl. 402 - Team 4

Page | 1

Team 4, Engl. 402 Fall


2015
WSU Online Students
Pullman, WA 99163

Date:
To:
From:
Subject:

November 15, 2015


Aminah BarnesCannon
Professor of English, Washington State University
Joe Reese, Christina Kwong, Myron Jenkins, and Jeff Girmus
Team 4
Transmittal Letter - Security Improvement Initiative of 2015

Due to the recent security breach in August 2015 and with permission from the
Office of the President, Engl. 402 - Team 4 has begun an initiative to improve
security of our Information Technology (IT). This project, known as the Security
Improvement Initiative of 2015, aims to help minimize the risk of breach of our
personal data contained in WSU IT systems. This project delivers a new website for
WSU students and faculty that is accessed directly from myWSU and BlackBoard
websites. This site provides security tips and information related to help everyone
protect information here at WSU. The site contains additional security tools aimed
to help our users maintain security, while safeguarding their personal information.
The project collaboration began envisioning phase on October 26, 2015, developing
security concepts for the site. On Monday November 2, the execution of the project
was fully underway and began developing content and the website. As of
November 8, the website was completed and usability studies have commenced
and completed on November 15.
This letter of transmittal letter provides a project report of the work completed and
its accompanying results. The report contains full details on the project
background, design and development results, conclusions, and recommendations.
In addition, this report contains screenshots of website product itself and all
pertinent security enhancing content for your review.
We appreciate the trust you have shown in allowing us to perform this project on
the behalf of Washington State University and we look forward to your feedback on
any of the activities we performed. If you have any questions or concerns please
contact Team 4, at joseph.d.reese@wsu.edu or at 503-313-7774.

Page | 2
Executive Summary.................................................................................................... 3
Introduction................................................................................................................ 3
Research Methods...................................................................................................... 3
Project Approach..................................................................................................... 3
Project Task Details.................................................................................................. 4
Task 1 - Gather Security Information....................................................................4
Task 2 Build Test Website...................................................................................4
Task 3 Populate Site Content.............................................................................4
Task 4 Test Usability........................................................................................... 5
Task 5 Conduct Site Analysis............................................................................. 5
Task 6 Research Methods................................................................................... 5
Task 7 - Results..................................................................................................... 5
Task 8 - Conclusions............................................................................................. 5
Task 9 Executive Summary and Introduction.....................................................5
Design Concerns..................................................................................................... 5
Project Resources and Tools.................................................................................... 5
Results........................................................................................................................ 6
Home Page.............................................................................................................. 6
Password Tips.......................................................................................................... 6
Changing Password................................................................................................. 6
Service Advice......................................................................................................... 7
Contact Page........................................................................................................... 7
Conclusions................................................................................................................ 7
Recommendations...................................................................................................... 7
Appendix A............................................................................................................... 8

Page | 3

Executive Summary
The Security Improvement Initiative of 2015 project report gives detailed
information regarding product and project execution for the Security Improvement
Initiative of 2015. Due to the recent security breach in August 2015 and with
permission from the Office of the President, Engl. 402 - Team 4 completed an
initiative to improve security of our Information Technology (IT). This project, known
as the Security Improvement Initiative of 2015, aims to help minimize the risk of
breach of our personal data contained in WSU IT systems. This project delivers a
new website for WSU students and faculty that is accessed directly from myWSU
and BlackBoard websites. The project began on October 26 and completed all
planned work on November 15. Deliverables for this project include:

Website, prototype site built using accepted web design practices


Password management practices based on general accepted security
practices
Instructions for changing WSU ID password
User forum to ask questions and get answers
News and alert notifications

In addition, this report contains a breakdown of work completed, results of the


product and acceptance/usability by the primary audience, conclusions, and
recommendation of the future use of this product here at WSU.

Introduction
The Security Improvement Initiative of 2015 will create a prototype product (e.g.
website) targeted to increase security regarding access to WSU IT systems. Its
goals include protecting our most vital and personal information, promote proactive
user account monitoring, improve user knowledge around security best practices,
and minimize information breach on an individuals private data. Long-term goals
include integration (site linking) with MyWSU and BlackBoard that allow simple and
easy navigation to this educational security information. In addition, this prototype
demonstrates ease of security warnings and notification to both students and
faculty. Overall, this site will help drive increased awareness regarding security best
practices, imparting this knowledge to users to enact it against WSU IT systems.

Research Methods
Project Approach
The Security Improvement Initiative of 2015 project was structured into two main
phases Product Development and Project Report and Analysis. The phases were
subdivided into multiple tasks and assigned individual resources on the project
team. Work progress was tracked via BlackBoard Tasks and visible to all of the
project members.
Project plan overview (see below):

Page | 4

Figure 1- Project Plan

Project Task Details


Task 1 - Gather Security Information
Four main work streams for this area include Password Strength, Password Change
Period, Instructions for Changing Passwords, and third party sources of security
information.

Password Strength This task gathered security best practices about


password length and complexity. High-level results determined passwords
should be at least eight characters long and include letters (both upper and
lower case), digits and symbols.
Password Change Period Results suggest frequently changing passwords
between intervals of 60-90 days to prevent programs that can crack
passwords, thus gaining access to a users account.
Instructions for Changing Passwords locate and document instructions that
instruct users how to change their Student/WSU ID through the myWSU
website.
Third Party Sources identifying primary security resources from NIST, CERN,
and other credible sources such as instructional videos on YouTube.

Task 2 Build Test Website


Build Test Website task deploys a prototype website on Weebly based on the
content needs developed in Task 1. All team members received permissions to the
site to allow for collaboration for content refinement. Initial site design selected a
site style and layout along with creation of content regions for various security
information components and subpages.

Task 3 Populate Site Content


Populate Site Content task is to upload content gathered from Task 1 to the site.
Content formatting and other aesthetic tasks shaped the content to desired levels of
usability, thus completing this task.

Page | 5

Task 4 Test Usability


Test Usability task is to review site subpages, review of content information, and
layout met project specifications. Review of site material is to be record all
information of as a prerequisite for Task 5 Site Analysis.

Task 5 Conduct Site Analysis


Conduct Site Analysis task is to analysis the site, including review of site
functionality, measurement of usability, and identify areas for future enhancement.

Task 6 Research Methods


Research Methods task involves two subtasks of Design Concerns and Usability and
site Standardization. These tasks review the security website and assess it on
usability and web design standards. The assessment shall provide insight about the
design of the website and its general ease of use for our audience members.

Task 7 - Results
Results task combines all the analysis and findings together in an orderly fashion,
along with being a prerequisite task for Conclusions. The purpose of this task is to
understand how the website impacts the users experience for improving security.

Task 8 - Conclusions
Conclusions task reviews and accesses the information gathered to date to evaluate
it regarding this project. Evaluations of the website will indicate the degree of
success achieved by this program and its desired reach of improving security to
WSU IT Systems. .

Task 9 Executive Summary and Introduction


Executive Summary and Introduction task finalizes the report deliverable with an
Executive Summary of the findings and project overview. The Introduction section
will reiterate the details of the project, its purpose and envisioned impact, along
with providing background regarding the execution of the project and its work
breakdown.

Design Concerns
We selected a website as our product aimed to help improve security, but
collectively have minimal design experience across our team. We opted to select a
minimal webpage design, to keep things simple and the site functionality easy to
use. While we believe project goals were achieved, additional time to thoroughly
test the site is needed to quantify the findings. Additionally, Washington State
University wireless internet has blocked weebly due to the security breaches. In
order for our website to be used effectively we would need WSU to unblock weebly
so students and faculty could use our website on campus.

Project Resources and Tools


Blackboard and the collaboration tools provided enough means to communicate and
coordinate work effectively across project team members. The task scheduler
allows individual users to view tasks related to the project track work
accomplishments. The File Exchange and Email communication tools made it easy
to reach, communicate, and exchange information between project team members.

Page | 6

Results
Together, Team 4 was able to create a viable and working prototype website that
provides rich information regarding WSU account management and password best
practices. Students and Faculty will access the site information via a web browser
at http://wsusecurity.weebly.com/contact.html.
PCs and other devices with a web browser can navigate to the site to obtain
information. The security web site supports multiple platforms ranging from PCs,
tablets, and mobile devices, while also working across all major platforms such as
Apple, Google, and Microsoft. Initially, we developed the site in English, but adding
additional languages (localized) over time as audience requirements shift is easy to
do based on the modular design of the site. In addition, we suggest hosting this site
through existing WSU websites will allow all of our students and faculty access to
the information.
The prototype website will increase security awareness, helping to protect our most
vital and personal information by promoting proactive account management and
safe credential handling. MyWSU and BlackBoard benefit with increased security,
while students and staff do not have to worry about stolen personal information. In
addition, this product demonstrates how easy getting relevant security information
can be.
Overall, our product helps drive increased awareness regarding security best
practices, imparting this knowledge to users to enact it with WSU IT systems. This
should increase levels of security for individuals as well as for WSU.
The below subsections introduce the site and specific functionality introduces our
product along with individual benefits and purposes.

Home Page
Functionality includes (see Figure 2 & 3):

Recent news and highlights content region, aimed to inform users of high
priority items.
All site navigation is easily accessed from the top of the page menu ribbon

Password Tips
Functionality includes (see Figure 5 & 6):

Overview of password and their security implications including importance for


keeping them secure
Definition of weak password, how to create strong passwords, storing and
handling password procedures, and change password regularly

Changing Password
Functionality includes (see Figure 4):

Resetting WSU ID
Alternate means of resetting your password
Detailed Instructions on password reset tool

Page | 7

Reminder on password resets and background information

Service Advice
Functionality includes (see Figure 7):

Forum where users can see latest site news or ask questions regarding
security related topics through a web forum

Contact Page
Functionality includes (see Figure 8):

Pullman physical address and map location


Email address (mock up) for information security
Links to WSU social media sites (Facebook and Twitter)

Conclusions
Based on the site, the project delivers usefulness to students and faculty in helping
to raise security awareness. The prototype site is easy to navigate and locate high
profile information related to security, while also providing excellent context for
students and faculty. The look and the layout are professional, adding to the
credibility of the site. Its relevance and usability suggest validity to our audience.
Based on these findings, we can infer the project delivered a prototype that WSU
can leverage to improve security education and awareness.

Recommendations
Continued success of this product will depend on a number of factors. Ultimately, to
be successful we need to integrate this prototype site into myWSU and Blackboard
websites. Secondly, we need to encourage student and faculty participation by
visiting the site to drive increased awareness around security. Without meeting
these specific objectives, the product will go unknown to our audience and not
achieve our goals of improving security here at WSU for IT systems. Essentially, in
full cooperation with the Office of President, Team 4 and WSU IT jointly must
develop a plan of full integration to the aforementioned websites that includes a
project schedule, clear stakeholders, steering committee oversight, and small
resource budget to move this project forward.

Page | 8

Appendix A

Figure 2- Prototype Home Page

Figure 3 - Prototype Home Page continued

Page | 9

Figure 4 - Changing Passwords

Figure 5 - Password Tips

P a g e | 10

Figure 6 - Password Tips continued

Figure 7 - Security Advice Forum

P a g e | 11

Figure 8 - Contact Page