Security in the final step of test delivery

1,716 views
1,577 views

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,716
On SlideShare
0
From Embeds
0
Number of Embeds
693
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • I classify assessments as Low, Medium and Higher, with Higher being sub-divided into Low/Higher, Medium/Higher and High/Higher. The exact categorization of each sub-division is imperfect and appears to be in the mind of the beholder. 
  • Threats to assessment security boil down to Impersonation, Content Theft and Cheating and the size of these risks vary by:■Length of relationship with candidate – which builds trust■Demonstrated trust -such as employees that are already trusted to run nuclear power stations and financial transactions■The size of audience for the assessmentThe larger the assessment program to an unknown audience the larger the threat/risk; an audience that has already demonstrated the ability to be trustworthy the lesser the threat/risk.
  • This slide discusses tips and techniques for mitigating the threat of content leakage.
  • This slide discusses tips and techniques for mitigating the threat of cheating.
  • Security in the final step of test delivery

    1. 1. Security in the Final Step of Test and Exam DeliveryCopyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmarkis a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    2. 2. Key drivers for secure assessment delivery  Protection of candidate/student/employee PII (Personally Identifiable Information)  Protection of valuable assessment content  Test/Exams are expensive to develop:  Average corporate test: $20,000 USD  Average certification test: $150K to $200K  Protect integrity of test/exam results  A lot could be on the line…  Reputation  Life and Limb Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 2 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    3. 3. Low/High to High/High Stakes Tests What’s at Stake? High Life and Limb Higher Medium Promotion & Jobs & Legal Concern Stakes Low Educational Exams Medium Stakes Tests Low Stakes Elearning & Surveys Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 3 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    4. 4. Key Threats to be Addressed in High-stakes Exam Delivery Impersonation Content Theft Cheating Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 4 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    5. 5. Threat Level in Higher Stakes Short Term with Low Trust Relationships Higher threats require more “Oversight” and Public so cost more Pre- Certifications employment Large Programs & Licensing Small Program Lower threats Sales and require less Regulatory Technical “Oversight” Compliance Channeland so cost less Verification to administer Long Term with High Trust Relationships Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 5 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    6. 6. Combating / Mitigating Threats Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 6 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    7. 7. Mitigate Leakage of Content Tight controls over the access Shuffling items and choices – to content limit exposure of item pool Not exposing the scoring Securing, and only providing algorithm beyond the content limited access to, the content repositories/databases repositories/databases Legally enforceable candidate Vigorous follow up on agreements infractions Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 7 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    8. 8. Mitigate Cheating Legally enforceable candidates agreement; formal honesty contracts Invigilation/proctoring Secure browsers/players on candidate devices Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 8 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    9. 9. Protect Content ID Fraud Minimizes Cheating Monitoring Tests Securely • Personable, consistent Test Centers • Monitor vulnerable to unfair influence √ √ √ Events (Classrooms or • Convenient, personable, consistent Conventions) • Monitor vulnerable to unfair influence √ √ √ Remote Real-time • Monitor is less vulnerable √ √ √ 360 cam • New and not yet widespread Remote Real-time • Monitor is less vulnerable webcam • Easy to deploy for use at home √ √ √ Record & Review • Seems secure 360 or webcam • Nothing for content theft √ X √ • Works for employees Un-Monitored • Nothing for content theft √ X X Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 9 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    10. 10. Combating Technology Threats  Physical Security Measures  Environment monitoring  Power & Network Monitoring  Certifications Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 10 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    11. 11. Mitigation: Ensuring Data Security  Formal data security policy  Employees tested on policy  Employee background checks  Password policies  Tracking of Highly Confidential data  End of life disk policies Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 11 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    12. 12. Mitigation: Ensuring Network Security Authors and Participants Administrators Internet  TLS/SSL security  Intrusion Firewalls detection  Firewalls  Anti-virusPresentation  Multiple servers Layer  Segregated on separate networks Business Layer  Bastion host Data Layer Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    13. 13. Mitigation: Ensuring Application Security  Architecture  Authentication  By application  External via single sign-on  Encryption  Logging  Application Development Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 13 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    14. 14. Mitigation: Ensuring Physical Security of Data Center Bonded security staff on duty 24/7/365 Multiple levels of physical security Environment monitoring Power & Network Monitoring Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 14 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    15. 15. Redundancy to Ensure Service Continuity Batteries Generators Power Grid Power Grid Internet Internet Backup Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
    16. 16. Security in the Final Step of Test and Exam Delivery www.questionmark.comCopyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmarkis a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.

    ×