Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security in the final step of test delivery

1,944 views

Published on

Published in: Education, Technology
  • D0WNL0AD FULL ▶ ▶ ▶ ▶ http://1url.pw/lIOUe ◀ ◀ ◀ ◀
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Security in the final step of test delivery

  1. 1. Security in the Final Step of Test and Exam DeliveryCopyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmarkis a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  2. 2. Key drivers for secure assessment delivery  Protection of candidate/student/employee PII (Personally Identifiable Information)  Protection of valuable assessment content  Test/Exams are expensive to develop:  Average corporate test: $20,000 USD  Average certification test: $150K to $200K  Protect integrity of test/exam results  A lot could be on the line…  Reputation  Life and Limb Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 2 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  3. 3. Low/High to High/High Stakes Tests What’s at Stake? High Life and Limb Higher Medium Promotion & Jobs & Legal Concern Stakes Low Educational Exams Medium Stakes Tests Low Stakes Elearning & Surveys Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 3 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  4. 4. Key Threats to be Addressed in High-stakes Exam Delivery Impersonation Content Theft Cheating Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 4 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  5. 5. Threat Level in Higher Stakes Short Term with Low Trust Relationships Higher threats require more “Oversight” and Public so cost more Pre- Certifications employment Large Programs & Licensing Small Program Lower threats Sales and require less Regulatory Technical “Oversight” Compliance Channeland so cost less Verification to administer Long Term with High Trust Relationships Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 5 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  6. 6. Combating / Mitigating Threats Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 6 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  7. 7. Mitigate Leakage of Content Tight controls over the access Shuffling items and choices – to content limit exposure of item pool Not exposing the scoring Securing, and only providing algorithm beyond the content limited access to, the content repositories/databases repositories/databases Legally enforceable candidate Vigorous follow up on agreements infractions Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 7 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  8. 8. Mitigate Cheating Legally enforceable candidates agreement; formal honesty contracts Invigilation/proctoring Secure browsers/players on candidate devices Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 8 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  9. 9. Protect Content ID Fraud Minimizes Cheating Monitoring Tests Securely • Personable, consistent Test Centers • Monitor vulnerable to unfair influence √ √ √ Events (Classrooms or • Convenient, personable, consistent Conventions) • Monitor vulnerable to unfair influence √ √ √ Remote Real-time • Monitor is less vulnerable √ √ √ 360 cam • New and not yet widespread Remote Real-time • Monitor is less vulnerable webcam • Easy to deploy for use at home √ √ √ Record & Review • Seems secure 360 or webcam • Nothing for content theft √ X √ • Works for employees Un-Monitored • Nothing for content theft √ X X Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 9 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  10. 10. Combating Technology Threats  Physical Security Measures  Environment monitoring  Power & Network Monitoring  Certifications Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 10 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  11. 11. Mitigation: Ensuring Data Security  Formal data security policy  Employees tested on policy  Employee background checks  Password policies  Tracking of Highly Confidential data  End of life disk policies Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 11 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  12. 12. Mitigation: Ensuring Network Security Authors and Participants Administrators Internet  TLS/SSL security  Intrusion Firewalls detection  Firewalls  Anti-virusPresentation  Multiple servers Layer  Segregated on separate networks Business Layer  Bastion host Data Layer Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  13. 13. Mitigation: Ensuring Application Security  Architecture  Authentication  By application  External via single sign-on  Encryption  Logging  Application Development Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 13 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  14. 14. Mitigation: Ensuring Physical Security of Data Center Bonded security staff on duty 24/7/365 Multiple levels of physical security Environment monitoring Power & Network Monitoring Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. QuestionmarkSlide 14 is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  15. 15. Redundancy to Ensure Service Continuity Batteries Generators Power Grid Power Grid Internet Internet Backup Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  16. 16. Security in the Final Step of Test and Exam Delivery www.questionmark.comCopyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmarkis a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.

×