Scary thoughts – Data safer in a cupboard or the Cloud?

halloween-postJohn Kleeman HeadshotPosted by John Kleeman

Is it safe to put your data in the Cloud? Or is it safer in a server in a cupboard under your desk, or even in an internal corporate data center? It’s scary how many organizations think a local server is in fact safer than the cloud, when this isn’t always the case.

I was struck recently by a surprising statistic in the 2016 Data Breach Investigations Report by Verizon. This is a very well respected annual report (available here) on security breaches and how to prevent them.

The surprising and scary data relates to the number of data breaches that are caused by publicly announced bugs in software that organizations have not patched. When security vulnerabilities in software like Microsoft Windows or other widely used software is identified, it is given a CVE number and put in a CVE database. CVEs vary with severity. More serious ones might allow an attacker to gain access to a server without permission; others might be a gap in security that could allow an attacker to increase their access or gain access in conjunction with some other exploit. For almost all CVEs, it’s important to patch them to avoid risk.

In the graph below, you can see that during 2015, around 70 CVEs found in 2015 were exploited in 2015, but an amazing number of other vulnerabilities were also exploited – some dating back many years. So a large number of actual breaches are caused by organizations not fixing vulnerabilities that were found and fixed last year or in previous years.

Graph showing count of CVEs exploited in 2015 by CVE publication date showing a large number of vulnerabilities from prior to 2015 still exploited in 2015

Questionmark, like any other reputable cloud vendor, has a well organized process to keep watch for publicly announced security vulnerabilities. We subscribe to all the appropriate information feeds — and when we hear of a vulnerability, we review the risk and if it is critical, we will deploy very quickly; even if that means disrupting our team’s other projects to ensure security is paramount.

But the graph above shows that some organizations don’t update their systems reliably or often enough. Or else they incorrectly deploy software and get caught by old vulnerabilities. The scary thing is that once a vulnerability is disclosed, attackers set up programs to try attacks based on it indiscriminately.  As the Verizon report says, “attackers automate certain weaponized vulnerabilities and spray them across the internet, sometimes yielding incredible success.”

We can draw an analogy between this and money. Some people are worried that it’s not safe to keep money in the bank, and they store their cash in a cupboard or under a mattress. Those people don’t get hurt by bank fraud but are much more vulnerable to fire, theft and other risks of keeping money at home.

Many organizations that use on-premise software have well-staffed, professional IT departments that implement software fixes promptly and quickly. But the graph above shows that many organizations worldwide do not patch their software for vulnerabilities quickly or at all. You could think that those organizations are essentially keeping their data in a cupboard or under the mattress.They might think it’s safe as it’s under their control, but if you don’t have a well-organized process to fix patches reliably and fast, that safety is only an illusion.pumpkin

Is your assessment data in a cupboard? If so, consider putting it in in the Cloud with a system like Questionmark OnDemand!

Wishing Everyone a Safe and Happy Halloween!

Calling all Speakers: Share your story in Santa Fe & become a VIP

Posted by Julie Delazyn

We have officially announced the Questionmark Conference 2017 March 21-14, and we look forward to seeing you at the beautiful Inn and Spa at Loretto for this important learning event.

In order to create a rich and varied conference program, we have opened a call for proposals and invite you to submit your idea for case study presentation or a peer discussion soon.

How do you know if you should submit a proposal? If you can answer yes to any of the questions below, we want to hear from you! Click here to find out more and download the proposal forms!

  • Your experience with Questionmark technologies will help others
  • You have found innovative ways to use online assessments
  • You can explain how you organized your assessment program and what you learned
  • You have gained a lot from previous conferences and want to contribute in 2015
  • You are using assessments to support organizational goals
  • You have a unique application of online or mobile assessments
  • You have integrated Questionmark with another system

We are accepting proposals from now until December 1, so consider what you’d like to contribute.

The Inn and Spa at Loretto

Aside from helping your fellow Questionmark users by sharing your story, please note that presenters will also get some perks:

Presenters and discussion leaders will receive some red carpet treatment — including a special dinner in their honor on Wednesday, March 21. And we award one 50% registration for each case study presentation.

Click here to start the process of becoming a speaker!

Even if you are not sure you’ll attend the conference, we would like to hear from you! And whether you plan to present or not, plan now to have the conference in your budget for 2017.

International University gains scalability, advanced authoring, single sign-on and more!

ChloePosted by Chloe Mendonca

Earlier this month I had the pleasure of speaking with The International University of Languages and Media (IULM) based out of Milan, Italy. IULM has been using Questionmark’s Assessment Management System for almost 10 years, so I was also keen to see what prompted their recent move from managing their assessment program on-premise to Questionmark OnDemand (Questionmark’s SaaS cloud-based solution).iulm

IULM serves approximately 5,000 students enrolled across a range of postgraduate and undergraduate courses including interpretation, translation and cultural studies; communication, public relations and advertising, and arts and tourism.

Patrizia Lettieri, the digital platform administrator in the university’s IT department explains why after 10 years, the IULM decided to make the move:  “Our teachers liked using Questionmark; we didn’t want to change that, but there was definitely a need for a more scalable and innovative solution that would match the direction the university was headed in terms of growth. Security and reporting were also very important to us and there is nothing on par with Questionmark OnDemand in regards to security and reporting.”

Here are some highlights from our conversation. You can read the entire case study here.

Advanced authoring
A big draw for IULM in using Questionmark was the ease of use when it came to assessment authoring and improving the way items are written and also the efficiency with which they can manage their item bank. Patrizia elaborates: “The variety of item types and ability to embed images, videos and links into our questions and feedback enable us to further develop the way we are helping our students to learn. Meta tagging of items is also very simple. Before using OnDemand we had to separate these into different folders and our teachers used to delete items that were invalid. Now we can easily assign the appropriate meta tags and modify the status of questions to retired if they are invalid.”

Scalability and save-as-you-go
iulm_campusBefore using Questionmark OnDemand IULM had a few challenges when it came to assessing large numbers of students.  With OnDemand, IULM can reliably deliver their assessments to multiple classes of students. And in the event that something does go wrong — such as a power cut or other technical failure — Questionmark’s save-as-you-go is there to ensure student answers are automatically saved at regular intervals. “My priority is the students; they are our customers and I want them to be comfortable,” adds Patrizia. “With OnDemand everything runs smoothly and our students are more comfortable and confident when taking their assessments.”

Single Sign-On
It used to be that every day, staff and students at the university were having to interact with a variety of applications requiring individuals to remember different credentials for the various applications.  “With Questionmark OnDemand, we were able to take advantage of single sign-on (SSO). For a forward-thinking technological university, improving access for both students and staff just made sense for us.” SSO also saves IULM time on the administrative side. Once students have completed their studies and leave the university, staff no longer have to remove their access to each application but only need to remove each student’s identity provider account. Without that account, the student can no longer log on to any of the linked applications.

Multilingual delivery
Being an international university, having students who speak different languages is a common scenario. Questionmark’s multilingual delivery helps IULM accommodate students whose first language is not Italian or English by enabling them to change the delivery interface to their preferred language. Having the navigation controls in a participant’s own language can often make students feel more at ease during the test taking experience.

If you’re interested in trying out Questionmark OnDemand, request a demo today and one of our team will show you how simple assessment management can be.

5 methods to use when planning your assessments

AprilPosted by April Barnum

In my previous article, I gave an overview of the six authoring steps that can help you achieve trustable assessment results. Each step contributes to the next and useful analysis of results is only possible if all six steps are done effectively.assessment plan

Now, let’s dig into step 1 of the authoring process: planning the assessment. There are five methods you can use to plan your assessments for trustable results. Questionmark offers you the technology to do each of these five methods covered below.

  1. To determine what the test should cover you can use job task analysis surveys to make sure you assess the right competencies. This will help analyze what tasks within a job role are most important and are key to discover what topics need to be covered in an assessment. Questionmark technology offers a JTA question type and provides JTA reports to help you run JTAs easily and effectively and get useful data to use in your assessment design.
  2. Once the JTA has been completed, you can determine the topics that an assessment needs to cover. Using an assessment management system with an item bank that structures items by hierarchical topics is hugely beneficial and makes it easy to manage and view all items and assessments under development.
  3. Indexing or metatagging items by specific job tasks, knowledge, skills and abilities can be useful in planning assessments to allow for more flexible management of items and selection within the appropriate assessments.
  4. Protecting against content theft is an important part of the planning of items and assessments because if item or assessment content is leaked out during the assessment construction process, it will reduce the assessment’s validity. Having secure access to items and assessments is essential. Individual logons protected by strong passwords and good policies and culture within your team can help prevent this.
  5. Planning for assessing someone’s competence in the language they are most comfortable in is an important part of the assessment planning process. Planning for translation management for managing translation and multilingual delivery capabilities is an important part of planning your assessments if you need multilingual assessments for your participants.

qm-white-paper2I often share this white paper: 5 Steps to Better Tests, as a strong resource to help you plan a strong assessment, and I encourage you to check it out.

Next time, we’ll discuss authoring items. I hope you enjoyed these tips. If there are any more that you go back to when you begin your assessment planning process, please add them to the comment section below!