Security in the final step of test delivery
-
Upload
questionmark -
Category
Education
-
view
1.784 -
download
0
Transcript of Security in the final step of test delivery
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Security in the Final Stepof Test and Exam Delivery
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Protection of candidate/student/employee PII (Personally Identifiable Information)
Protection of valuable assessment content Test/Exams are expensive to develop:
Average corporate test: $20,000 USD Average certification test: $150K to $200K
Protect integrity of test/exam results A lot could be on the line…
Reputation Life and Limb
Key drivers for secure assessment delivery
Slide 2
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Low/High to High/High Stakes Tests
Slide 3
Higher Stakes
High
Medium
Low
Medium Stakes
Low Stakes
What’s at Stake?
Life and Limb
Promotion & Jobs & Legal Concern
Educational Exams
Tests
Elearning & Surveys
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Impersonation Content Theft Cheating
Key Threats to be Addressed in High-stakes Exam Delivery
Slide 4
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Pre-employmen
t
Public Certification
s& Licensing
Regulatory Compliance
Sales and Technical Channel
Verification
Threat Level in Higher StakesShort Term with Low Trust Relationships
Long Term with High Trust Relationships
Larg
e Pr
ogra
ms
Smal
l Pro
gram
Higher threats require more
“Oversight” and so cost more
Lower threats require less “Oversight”
and so cost less to administer
Slide 5
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Combating / Mitigating Threats
Slide 6
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Tight controls over the access to content
Shuffling items and choices – limit exposure of item pool
Not exposing the scoring algorithm beyond the content repositories/databases
Securing, and only providing limited access to, the content repositories/databases
Legally enforceable candidate agreements
Vigorous follow up on infractions
Mitigate Leakage of Content
Slide 7
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Legally enforceable candidates agreement;
formal honesty contracts
Invigilation/proctoring
Secure browsers/players on candidate devices
Mitigate Cheating
Slide 8
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
•Personable, consistent•Monitor vulnerable to unfair influenceTest Centers•Convenient, personable, consistent•Monitor vulnerable to unfair influence
Events (Classrooms or Conventions)
•Monitor is less vulnerable •New and not yet widespread
Remote Real-time 360 cam
•Monitor is less vulnerable•Easy to deploy for use at home
Remote Real-time webcam
•Seems secure•Nothing for content theft
Record & Review360 or webcam
•Works for employees•Nothing for content theftUn-Monitored
Monitoring Tests Securely
Slide 9
ID F
raud
Prot
ect
Cont
ent
Min
imize
s Ch
eatin
g
√ √ √
√ √ √
√ X
√ X X
√ √ √
√
√ √ √
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Physical Security Measures Environment monitoring Power & Network Monitoring Certifications
Combating Technology Threats
Slide 10
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Formal data security policy Employees tested on policy
Employee background checks Password policies Tracking of Highly Confidential data End of life disk policies
Mitigation: Ensuring Data Security
Slide 11
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
TLS/SSL security Intrusion
detection Firewalls Anti-virus Multiple servers
Segregated on separate networks
Bastion host
Mitigation: Ensuring Network Security
Internet
Firewalls
Business Layer
Presentation Layer
Participants Authors and Administrators
DataLayer
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Architecture Authentication
By application External via single sign-on
Encryption Logging Application Development
Mitigation: Ensuring Application Security
Slide 13
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Bonded security staff on duty 24/7/365
Multiple levels of physical security
Environment monitoring
Power & Network Monitoring
Mitigation: Ensuring Physical Security of Data Center
Slide 14
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Power Grid
Redundancy to Ensure Service Continuity
Power Grid
Internet
Internet
GeneratorsBatteries
Backup
Copyright © 1995-2012 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Security in the Final Stepof Test and Exam Delivery
www.questionmark.com