Engl.

402 | Fall 2015 | Team 4

Security Improvement Initiative 2015

Project Report

Prepared for:

Aminah BarnesCannon
Professor of English, Washington State University

Prepared by:

Joe Reese, Christina Kwong, Myron Jenkins, and Jeff Girmus

Engl. 402 - Team 4

Page |1

Team 4, Engl. 402 Fall 2015

WSU Online Students
Pullman, WA 99163

Date:
To:
From:
Subject:

November 15, 2015

Aminah BarnesCannon
Professor of English, Washington State University
Joe Reese, Christina Kwong, Myron Jenkins, and Jeff Girmus
Team 4
Transmittal Letter - Security Improvement Initiative of 2015

Due to the recent security breach in August 2015 and with permission from the Office of the President,
Engl. 402 - Team 4 has begun an initiative to improve security of our Information Technology (IT). This
project, known as the Security Improvement Initiative of 2015, aims to help minimize the risk of breach
of our personal data contained in WSU IT systems. This project delivers a new website for WSU students
and faculty that is accessed directly from myWSU and BlackBoard websites. This site provides security
tips and information related to help everyone protect information here at WSU. The site contains
additional security tools aimed to help our users maintain security, while safeguarding their personal
information.
The project collaboration began envisioning phase on October 26, 2015, developing security concepts
for the site. On Monday November 2, the execution of the project was fully underway and began
developing content and the website. As of November 8, the website was completed and usability
studies have commenced and completed on November 15.
This letter of transmittal letter provides a project report of the work completed and its accompanying
results. The report contains full details on the project background, design and development results,
conclusions, and recommendations. In addition, this report contains screenshots of website product
itself and all pertinent security enhancing content for your review.
We appreciate the trust you have shown in allowing us to perform this project on the behalf of
Washington State University and we look forward to your feedback on any of the activities we
performed. If you have any questions or concerns please contact Team 4, at joseph.d.reese@wsu.edu
or at 503-313-7774.

Page |2
Executive Summary....................................................................................................................................... 3
Introduction .................................................................................................................................................. 3
Research Methods ........................................................................................................................................ 3
Project Approach ...................................................................................................................................... 3
Project Task Details ................................................................................................................................... 4
Task 1 - Gather Security Information .................................................................................................... 4
Task 2 Build Test Website .................................................................................................................. 4
Task 3 Populate Site Content ............................................................................................................. 4
Task 4 Test Usability ........................................................................................................................... 4
Task 5 Conduct Site Analysis .............................................................................................................. 5
Task 6 Research Methods .................................................................................................................. 5
Task 7 - Results ...................................................................................................................................... 5
Task 8 - Conclusions .............................................................................................................................. 5
Task 9 Executive Summary and Introduction..................................................................................... 5
Design Concerns........................................................................................................................................ 5
Project Resources and Tools ..................................................................................................................... 5
Results ........................................................................................................................................................... 5
Home Page ................................................................................................................................................ 6
Password Tips............................................................................................................................................ 6
Changing Password ................................................................................................................................... 6
Service Advice ........................................................................................................................................... 6
Contact Page ............................................................................................................................................. 7
Conclusions ................................................................................................................................................... 7
Recommendations ........................................................................................................................................ 7
Appendix A ................................................................................................................................................. 8

Page |3

Executive Summary
The Security Improvement Initiative of 2015 project report gives detailed information regarding product
and project execution for the Security Improvement Initiative of 2015. Due to the recent security
breach in August 2015 and with permission from the Office of the President, Engl. 402 - Team 4
completed an initiative to improve security of our Information Technology (IT). This project, known as
the Security Improvement Initiative of 2015, aims to help minimize the risk of breach of our personal
data contained in WSU IT systems. This project delivers a new website for WSU students and faculty
that is accessed directly from myWSU and BlackBoard websites. The project began on October 26 and
completed all planned work on November 15. Deliverables for this project include:

Website, prototype site built using accepted web design practices

Password management practices based on general accepted security practices
Instructions for changing WSU ID password
User forum to ask questions and get answers
News and alert notifications

In addition, this report contains a breakdown of work completed, results of the product and
acceptance/usability by the primary audience, conclusions, and recommendation of the future use of
this product here at WSU.

Introduction
The Security Improvement Initiative of 2015 will create a prototype product (e.g. website) targeted to
increase security regarding access to WSU IT systems. Its goals include protecting our most vital and
personal information, promote proactive user account monitoring, improve user knowledge around
security best practices, and minimize information breach on an individuals private data. Long-term
goals include integration (site linking) with MyWSU and BlackBoard that allow simple and easy
navigation to this educational security information. In addition, this prototype demonstrates ease of
security warnings and notification to both students and faculty. Overall, this site will help drive
increased awareness regarding security best practices, imparting this knowledge to users to enact it
against WSU IT systems.

Research Methods
Project Approach
The Security Improvement Initiative of 2015 project was structured into two main phases Product
Development and Project Report and Analysis. The phases were subdivided into multiple tasks and
assigned individual resources on the project team. Work progress was tracked via BlackBoard Tasks and
visible to all of the project members.
Project plan overview (see below):

Page |4

Figure 1- Project Plan

Project Task Details

Task 1 - Gather Security Information
Four main work streams for this area include Password Strength, Password Change Period, Instructions
for Changing Passwords, and third party sources of security information.

Password Strength This task gathered security best practices about password length and
complexity. High-level results determined passwords should be at least eight characters long
and include letters (both upper and lower case), digits and symbols.
Password Change Period Results suggest frequently changing passwords between intervals of
60-90 days to prevent programs that can crack passwords, thus gaining access to a users
account.
Instructions for Changing Passwords locate and document instructions that instruct users how
to change their Student/WSU ID through the myWSU website.
Third Party Sources identifying primary security resources from NIST, CERN, and other credible
sources such as instructional videos on YouTube.

Task 2 Build Test Website

Build Test Website task deploys a prototype website on Weebly based on the content needs developed
in Task 1. All team members received permissions to the site to allow for collaboration for content
refinement. Initial site design selected a site style and layout along with creation of content regions for
various security information components and subpages.

Task 3 Populate Site Content

Populate Site Content task is to upload content gathered from Task 1 to the site. Content formatting
and other aesthetic tasks shaped the content to desired levels of usability, thus completing this task.

Task 4 Test Usability

Test Usability task is to review site subpages, review of content information, and layout met project
specifications. Review of site material is to be record all information of as a prerequisite for Task 5 Site
Analysis.

Page |5

Task 5 Conduct Site Analysis

Conduct Site Analysis task is to analysis the site, including review of site functionality, measurement of
usability, and identify areas for future enhancement.

Task 6 Research Methods

Research Methods task involves two subtasks of Design Concerns and Usability and site Standardization.
These tasks review the security website and assess it on usability and web design standards. The
assessment shall provide insight about the design of the website and its general ease of use for our
audience members.

Task 7 - Results
Results task combines all the analysis and findings together in an orderly fashion, along with being a
prerequisite task for Conclusions. The purpose of this task is to understand how the website impacts the
users experience for improving security.

Task 8 - Conclusions
Conclusions task reviews and accesses the information gathered to date to evaluate it regarding this
project. Evaluations of the website will indicate the degree of success achieved by this program and its
desired reach of improving security to WSU IT Systems. .

Task 9 Executive Summary and Introduction

Executive Summary and Introduction task finalizes the report deliverable with an Executive Summary of
the findings and project overview. The Introduction section will reiterate the details of the project, its
purpose and envisioned impact, along with providing background regarding the execution of the project
and its work breakdown.

Design Concerns
We selected a website as our product aimed to help improve security, but collectively have minimal
design experience across our team. We opted to select a minimal webpage design, to keep things
simple and the site functionality easy to use. While we believe project goals were achieved, additional
time to thoroughly test the site is needed to quantify the findings. Additionally, Washington State
University wireless internet has blocked weebly due to the security breaches. In order for our website to
be used effectively we would need WSU to unblock weebly so students and faculty could use our
website on campus.

Project Resources and Tools

Blackboard and the collaboration tools provided enough means to communicate and coordinate work
effectively across project team members. The task scheduler allows individual users to view tasks
related to the project track work accomplishments. The File Exchange and Email communication tools
made it easy to reach, communicate, and exchange information between project team members.

Results
Together, Team 4 was able to create a viable and working prototype website that provides rich
information regarding WSU account management and password best practices. Students and Faculty
will access the site information via a web browser at http://wsusecurity.weebly.com.

Page |6
PCs and other devices with a web browser can navigate to the site to obtain information. The security
web site supports multiple platforms ranging from PCs, tablets, and mobile devices, while also working
across all major platforms such as Apple, Google, and Microsoft. Initially, we developed the site in
English, but adding additional languages (localized) over time as audience requirements shift is easy to
do based on the modular design of the site. In addition, we suggest hosting this site through existing
WSU websites will allow all of our students and faculty access to the information.
The prototype website will increase security awareness, helping to protect our most vital and personal
information by promoting proactive account management and safe credential handling. MyWSU and
BlackBoard benefit with increased security, while students and staff do not have to worry about stolen
personal information. In addition, this product demonstrates how easy getting relevant security
information can be.
Overall, our product helps drive increased awareness regarding security best practices, imparting this
knowledge to users to enact it with WSU IT systems. This should increase levels of security for
individuals as well as for WSU.
The below subsections introduce the site and specific functionality introduces our product along with
individual benefits and purposes.

Home Page
Functionality includes (see Figure 2 & 3):

Recent news and highlights content region, aimed to inform users of high priority items.
All site navigation is easily accessed from the top of the page menu ribbon

Password Tips
Functionality includes (see Figure 5 & 6):

Overview of password and their security implications including importance for keeping them
secure
Definition of weak password, how to create strong passwords, storing and handling password
procedures, and change password regularly

Changing Password
Functionality includes (see Figure 4):

Resetting WSU ID
Alternate means of resetting your password
Detailed Instructions on password reset tool
Reminder on password resets and background information

Service Advice
Functionality includes (see Figure 7):

Forum where users can see latest site news or ask questions regarding security related topics
through a web forum

Page |7

Contact Page
Functionality includes (see Figure 8):

Pullman physical address and map location

Email address (mock up) for information security
Links to WSU social media sites (Facebook and Twitter)

Conclusions
Based on the site, the project delivers usefulness to students and faculty in helping to raise security
awareness. The prototype site is easy to navigate and locate high profile information related to security,
while also providing excellent context for students and faculty. The look and the layout are professional,
adding to the credibility of the site. Its relevance and usability suggest validity to our audience. Based
on these findings, we can infer the project delivered a prototype that WSU can leverage to improve
security education and awareness.

Recommendations
Continued success of this product will depend on a number of factors. Ultimately, to be successful we
need to integrate this prototype site into myWSU and Blackboard websites. Secondly, we need to
encourage student and faculty participation by visiting the site to drive increased awareness around
security. Without meeting these specific objectives, the product will go unknown to our audience and
not achieve our goals of improving security here at WSU for IT systems. Essentially, in full cooperation
with the Office of President, Team 4 and WSU IT jointly must develop a plan of full integration to the
aforementioned websites that includes a project schedule, clear stakeholders, steering committee
oversight, and small resource budget to move this project forward.

Page |8

Appendix A

Figure 2- Prototype Home Page

Figure 3 - Prototype Home Page continued

Page |9

Figure 4 - Changing Passwords

Figure 5 - Password Tips

P a g e | 10

Figure 6 - Password Tips continued

Figure 7 - Security Advice Forum

P a g e | 11

Figure 8 - Contact Page