Give me an "A” and Security Issues for UA Web Developers

Date: 
Wednesday, November 8, 2006

Give me an "A”

Leslie Johnson, UA External Relations
To contact Leslie Johnston, email: lesliej@email.arizona.edu
Attachment: Give me an "A” (Powerpoint)

  • Leslie presented the powerpoint “Give me an A”. It covered the history of the UA logos and colors; the importance of branding; and why the wordmark was replaced with a redeveloped block “A” logo.
  • She discussed a directive from President Shelton to have a common look for all types of UA media including websites and print. A team is now meeting to begin planning for the implementation of this directive of a common institutional identity. The UA website is one of our primary brand touch points. Web designers should work the marketing people in their area to coordinate the verbal and visual messages.

Comments or Concerns:
 

  • Timeframe; none yet
  • Different options or just one design for the banner?;
  • different design option are planned.
  • Colors – what if it clashes with the institutional wide banner(s):
  • A color palette that works well with UA red/blue has been developed and will be released soon; the palette will include RGB, CMYK, and HEX values and web safe colors.
  • What will this do to screen real estate?
  • The plan is for the banners to use a minimum amount of space at the top of the screen.
  • Will there be resources to help implement the new element into existing websites?
  • Since the planning is in the very stages, this has not yet been addressed.
  • Authority needs to be mandated from the top to make this happen
  • Will there be enforcement?;
  • too early in the planning stage; some discussion about how Oregon State pulls websites that do not comply.
  • What about research-funded websites? Example, NASA funds a project and expects the design of the website to follow their standards. How will the UA’s directive work within a research contract’s requirement?
  • this will be addressed during the planning.
  • Will this affect top level pages only or will the UA institutional banner carry over to second and third level pages as well? Will this affect official department and college websites only or professor’s course homepages, organizations, committees as well?
  • The hope is that it will apply to all UA web pages.
  • Individual autonomy is very important to departments; How will this allow departments to keep their individuality?; Why is the president focused on branding issues and raising money instead of academic issues?
  • What about departments who are currently redesigning their website now?
  • Departments should prepare for having the site look like it is coming from the UA and the need to incorporate an institutional banner into their site; the site should be built in such a way to allow it to be easy to incorporate new design elements (CSS, templates, CMS).
  • The color palette will be released soon.
  • Will there be more discussion with this group as the planning continues?
  • There will be an opportunity for more dialog/discussion with the webmasters.
  • Who is involved in the team who are currently planning?

Security Issues for UA Web Developers

Kelley Bogart, Information Security & Privacy
To contact Kelley, email: bogartk@email.arizona.edu
Security website: http://security.arizona.edu
Attachment: Security Issues for UA Web Developers (Powerpoint)


Kelley presented information on the policies, guidelines and vulnerabilities related to web development.

She pointed out the UA policy statement that appears on the footer of each of the main UA webpages that was in response to House Bill 2043. The privacy statement provides:
 

  • Notice regarding what services the web site provides
  • A person’s ability to choose to proceed with the transaction and the alternatives available
  • Who has access to the information the person provides
  • What security measures are in place to protect the person’s private information and what information will be protected.
  • Covers information collected from websites:

Email and Form Information
System Generated Information
Monitoring
Cookies

And disclosure of information:

Student Records
Chat rooms, forums, message boards, and news groups
Employee records
Public records law
Contractors
 

  • Need an alternative to electronic communication – can force someone to submit online.
  • If you collect personally identifiable information, you should provide your own privacy statement or a paragraph or two explain how the information is collected and used with a link to the full UA privacy statement.
  • Example of departments who wrote their own privacy statements:

ag.arizona.edu/general/privacy.html
www.hr.arizona.edu/09_rel/privacy.php
wildcat.arizona.edu/user/privacypolicy/
www.uofabookstores.com/uaz/

Departments that have written an intro paragraph or two and then linked to UA’s

allergy.peds.arizona.edu/southwest/
www.library.arizona.edu/about/access/privacy.html
 

  • Some students have their SIDs set to the SSN. This can cause a security problem if you are storing SIDs. Do not store SIDs unless absolutely necessary.
  • UA Data Access Policy: If you are grabbing or using information from UIS, you are responsible for that data; you need to be aware of the policy.
  • Notification of Security Breach law has passed. Most provide notification of any unauthorized access to a system.
  • Google hacking information