Written by David Foster, CEO of Caveon
There is a funny television commercial where a group of friends is running from an unseen danger, seeking a place to hide. They make several panicked suggestions to each other including hiding in an attic and a basement. They finally decide to hide behind a wall of chainsaws. The point was that in a horror movie you make poor decisions.
For a high-stakes testing program, the number and variety of test security threats would rival any horror movie, and the potential and actual damage can keep you up at night. In the light of day, it makes sense to be aware of those threats—and what to do about them—in order to make better decisions than the group in the commercial.
For years now I’ve talked about using a threat-based approach to security, eventually producing a list of 12 test security threat categories, divided equally between cheating and theft. In its simplest form, here is the list:
- Using Pre-Knowledge of Test Questions
- Using a Proxy Test Taker
- Getting Help During the Test
- Using Cheating Aids
- Tampering with Scores after the Test
- Copying from Another Person During the Test
- Capturing Downloaded Test Files on a Server or Stealing Test Booklets
- Photographing Test Content During the Exam
- Copying the Test Content Electronically
- Memorizing the Test
- Recording the Content Orally on a Recorder
- Receiving the Test Content from a Testing Program Insider
For each of these there are dozens, or maybe even hundreds, of different ways the threat can be carried out.
By reviewing this list, a program can evaluate which threats pose the greatest danger or risk. The program can then put in place a carefully-crafted solution to prevent a possible breach or deter an attacker. It can set up a defense in order to better detect the beginnings of a breach or to mitigate any potential damage.
There are several reasons why avoidable test security breaches occur. Some testing programs will be surprised by a breach, and then be focused for months and years on future solutions for that specific breach, ignoring other dangers. A program may rely on a single security solution, such as requiring proctoring for their exam, not realizing that there are many threats to the security of a program that a proctor cannot detect or do anything about. Programs may not be aware how technology is being used today to cheat or to steal a program’s tests. Or a program is simply not funded adequately to protect the tests and usefulness of the test scores. These programs are living in a real horror movie with no control over the ending.
The good news is that great decisions can be made; risks of cheating and test piracy can be eliminated or mitigated. Good solutions are available. There is no reason to be in a horror movie to begin with or to stay there any longer than is necessary.