FBI and Homeland Security advice on trumping cybersecurity attacks

Posted by John Kleeman

There’s a lot in the news recently about possible cybersecurity attacks on the political process. Here are some thoughts on how we can learn from this and apply it to assessment security.

One of the most interesting documents I’ve read on this subject is the Department of Homeland Security and FBI’s joint analysis report  JAR-16-20296 titled GRIZZLY STEPPE – Russian Malicious Cyber Activity.  This presents evidence on how a cybersecurity attack was made on a US political party in 2016 and gives some practical advice on how others can set up their systems to avoid such attacks.

Whoever the attack was performed by (and there has been some debate about this), the practical advice is useful to anyone who wants to improve their security. I was particularly struck by a section in the report which offered questions to ask your organization to see if they have good cybersecurity practices. I’ve taken the liberty of including the questions in the graphic below:

See Grizzly Steppe report for text here

I’ve shared various sets of security questions in this blog, including Eight ways to check if security is more than skin deep and 24 midsummer questions to ask your assessment software provider, but here are some questions from a very credible source!

I’d encourage you to pose these questions within your organization and with your suppliers to check that you are well protected in case of a cyberattack. Questionmark, like all sensible organizations, believes in continuous improvement in our security, and listening to sources like this analysis informs our improvement.

I hope highlighting the report and these questions helps strengthen your defenses against cybersecurity and acts as a guide in choosing your vendors.

Seven New Year’s Resolutions to Keep Your Assessments Safe

Paper with "Resolutions" written on it implying one is about to write some resolutions downJohn Kleeman HeadshotPosted by John Kleeman

Many blogs at this time of year seek to predict the year ahead, and many of them foresee more data breaches and security incidents in 2017.  But I’m a great believer that the best way to predict the future is to create or change it yourself. So if you want to reduce the chances of your assessment data security being breached in 2017, make some of the things you’ve talked about happen.

Here are some possible New Year’s resolutions that could help keep your assessments safe and secure.

1. Audit your user accounts. Go through each of your systems that hold or give access to assessment data, and check there are no accounts for ex-employees or ex-contractors. Make sure there are no generic or test accounts that do not belong to a current individual. Dormant accounts like this are a common route to a breach. Also check that no one who has changed role has the privileges of their old role.

2. Run an incident response table-top practice exercise. This is a session where you gather together those responsible for security, pretend there is a breach or other incident and work through verbally how you’d deal with it as a team. You can do this in a couple of hours with good preparation, and it allows you to check your procedures and ensure people know what to do. It will often give useful insight into improving your preparedness.  As Benjamin Franklin once said “An ounce of prevention is worth a pound of cure”.

3. Start testing your personnel on security procedures. One of the biggest security risks for any organization is staff mistakes and accidents that compromise credentials or data. Security awareness training makes an important difference. And if you test your personnel on security after the training, you verify that people understand the training and you identify areas of weakness. This makes it more likely that your personnel become more aware and follow better security practices. If you have access to an online assessment tool like Questionmark, it’s very, very easy to do.

Photo of doctor stethoscope on computer keyboard4. Review some of your key vendors. A risk for most organizations is weaknesses in suppliers or subcontractors that have access to your data. Ask suppliers to share information on their technical and organizational measures for security and what they are doing to ensure that your data is not breached. Any reputable organization will be willing and able to provide this under NDA. See 24 midsummer questions to ask your assessment software provider on this blog for some of the questions you can ask.

 

5. Conduct a restore test from backups. How do you know your backups work? Over the years, I’ve come across a few organizations and teams who’ve lost their data because their backups didn’t work. The only way to be sure is to test restoring it from backup and check data is there. If you don’t already run restore tests, organize a restore test in 2017 (ideally once a quarter, but once is better than not at all). You shouldn’t need to do this if you use a cloud service like Questionmark OnDemand as the vendor should do it for you.

6. Run a pilot for online proctoring. Microsoft do it. SAP do it. Why shouldn’t you do it? If you run a certification program that uses physical test centers, consider whether online proctoring might work for you. Not only will it reduce the risk of collusion with proctors helping candidates cheat, but it will also be a huge boon to your candidates who will no longer need to travel to test centers.

TheCadetHonorCodeMonument7. Put in place a code of conduct for your participants. This is a simple thing to do and can make a big difference in reducing cheating by encouraging test-takers to stay honest.  See Candidate Agreements: Establishing honor codes for test takers and What is the best way to reduce cheating? on this blog for tips on how and why to do this. If you are looking for inspiration, at famous code of conduct is that of the U.S. Army West Point Military Academy which simply says: “A cadet will not lie, cheat, steal, or tolerate those who do.” Of course you need to communicate and get buy-in for your code of conduct, but if you do, it can be very effective.

Many of you will already be doing all of these things, but if you’re not, I hope one or more of these resolutions help you improve your assessment security in 2017.

And here’s a bonus New Year’s resolution to consider. Questionmark Information Security Officer David Hunt and I are giving a session on Staying Ahead of Evolving Security Threats at the Questionmark conference in March in Santa Fe. Make a New Year’s resolution to come to the conference, and learn about security and assessment!

Item Writing & Questionmark Boot Camp: Pre-Conference Workshops

Rick Ault, Questionmark Trainer

Julie ProfilePosted by Julie Delazyn

Planning for Questionmark Conference 2017 in Santa Fe, New Mexico, March 21-14 is well underway.

We have begun posting descriptions of breakout sessions and are pleased to announce two pre-conference workshops.

Both of these all-day sessions will take place on Tuesday, March 21, 2017:

assessments-2017Questionmark Boot Camp: Basic Training for Beginners

Do you want to get the most out of the Questionmark Users Conference even though you are just starting out with Questionmark?

Here’s what to do: Bring your laptop and learn directly from Questionmark expert Rick Ault.

Bring your laptop and get into gear with hands-on practice in creating questions, putting together an assessment, then scheduling it, taking it and seeing the results. Start off with some first-hand experience that will give you a firm footing for learning more at the conference.

jimparry_nov2016_xsmll

Jim Parry, Owner and Chief Executive Manager of Compass Consultants, LLC

features-functions-2017Advanced Test Item Writing Workshop: Learn how to test more than just knowledge

Writing test items is difficult, but trying to make them check more than knowledge is a huge challenge.

Join Certified Performance Technologist Jim Parry  — an expert user of Questionmark technologies — in this fast-paced, high-powered workshop, which will present a review of the basics of testing and provide hands-on practice to help you turn low complexity, knowledge-based test items into higher complexity, performance-based items following Bloom’s Taxonomy and Gagne’s Nine Events of Instruction.

Conference Registration Tuition:

  • You can save $200 by registering for the conference on or before January 18. You can sign up for a workshop at the same time or add in a workshop later. It’s up to you! Pre-conference workshop or bootcamp add-ons available during the registration process.

Secrets to Measuring & Enhancing Learning Results: Webinar

Julie ProfilePosted by Julie Delazyn

Research has shown that assessments play an important role on learning and retention — and the benefits vary before, during and after a learning experience. No matter where learning occurs, the goal remains the same: ensuring people have the knowledge, skills and abilities to perform well.

So, how can you use assessments to measure and enhance learning within your organization?

Check out our newest 30-minute webinar – and register today!

  • The Secrets to Measuring and Enhancing Learning Results
  • Date & Time: Wed, Dec 7  at 4:00 p.m. UK GMT / 11:00 a.m. US EDT

Join us as we discuss the important role assessments play within the learning process and explore the benefits of using them before, during and after learning. We’ll also give you some useful pointers and resources to take away.

Register for the webinar now. We look forward to seeing you at the session!

International University gains scalability, advanced authoring, single sign-on and more!

ChloePosted by Chloe Mendonca

Earlier this month I had the pleasure of speaking with The International University of Languages and Media (IULM) based out of Milan, Italy. IULM has been using Questionmark’s Assessment Management System for almost 10 years, so I was also keen to see what prompted their recent move from managing their assessment program on-premise to Questionmark OnDemand (Questionmark’s SaaS cloud-based solution).iulm

IULM serves approximately 5,000 students enrolled across a range of postgraduate and undergraduate courses including interpretation, translation and cultural studies; communication, public relations and advertising, and arts and tourism.

Patrizia Lettieri, the digital platform administrator in the university’s IT department explains why after 10 years, the IULM decided to make the move:  “Our teachers liked using Questionmark; we didn’t want to change that, but there was definitely a need for a more scalable and innovative solution that would match the direction the university was headed in terms of growth. Security and reporting were also very important to us and there is nothing on par with Questionmark OnDemand in regards to security and reporting.”

Here are some highlights from our conversation. You can read the entire case study here.

Advanced authoring
A big draw for IULM in using Questionmark was the ease of use when it came to assessment authoring and improving the way items are written and also the efficiency with which they can manage their item bank. Patrizia elaborates: “The variety of item types and ability to embed images, videos and links into our questions and feedback enable us to further develop the way we are helping our students to learn. Meta tagging of items is also very simple. Before using OnDemand we had to separate these into different folders and our teachers used to delete items that were invalid. Now we can easily assign the appropriate meta tags and modify the status of questions to retired if they are invalid.”

Scalability and save-as-you-go
iulm_campusBefore using Questionmark OnDemand IULM had a few challenges when it came to assessing large numbers of students.  With OnDemand, IULM can reliably deliver their assessments to multiple classes of students. And in the event that something does go wrong — such as a power cut or other technical failure — Questionmark’s save-as-you-go is there to ensure student answers are automatically saved at regular intervals. “My priority is the students; they are our customers and I want them to be comfortable,” adds Patrizia. “With OnDemand everything runs smoothly and our students are more comfortable and confident when taking their assessments.”

Single Sign-On
It used to be that every day, staff and students at the university were having to interact with a variety of applications requiring individuals to remember different credentials for the various applications.  “With Questionmark OnDemand, we were able to take advantage of single sign-on (SSO). For a forward-thinking technological university, improving access for both students and staff just made sense for us.” SSO also saves IULM time on the administrative side. Once students have completed their studies and leave the university, staff no longer have to remove their access to each application but only need to remove each student’s identity provider account. Without that account, the student can no longer log on to any of the linked applications.

Multilingual delivery
Being an international university, having students who speak different languages is a common scenario. Questionmark’s multilingual delivery helps IULM accommodate students whose first language is not Italian or English by enabling them to change the delivery interface to their preferred language. Having the navigation controls in a participant’s own language can often make students feel more at ease during the test taking experience.

If you’re interested in trying out Questionmark OnDemand, request a demo today and one of our team will show you how simple assessment management can be.

5 methods to use when planning your assessments

AprilPosted by April Barnum

In my previous article, I gave an overview of the six authoring steps that can help you achieve trustable assessment results. Each step contributes to the next and useful analysis of results is only possible if all six steps are done effectively.assessment plan

Now, let’s dig into step 1 of the authoring process: planning the assessment. There are five methods you can use to plan your assessments for trustable results. Questionmark offers you the technology to do each of these five methods covered below.

  1. To determine what the test should cover you can use job task analysis surveys to make sure you assess the right competencies. This will help analyze what tasks within a job role are most important and are key to discover what topics need to be covered in an assessment. Questionmark technology offers a JTA question type and provides JTA reports to help you run JTAs easily and effectively and get useful data to use in your assessment design.
  2. Once the JTA has been completed, you can determine the topics that an assessment needs to cover. Using an assessment management system with an item bank that structures items by hierarchical topics is hugely beneficial and makes it easy to manage and view all items and assessments under development.
  3. Indexing or metatagging items by specific job tasks, knowledge, skills and abilities can be useful in planning assessments to allow for more flexible management of items and selection within the appropriate assessments.
  4. Protecting against content theft is an important part of the planning of items and assessments because if item or assessment content is leaked out during the assessment construction process, it will reduce the assessment’s validity. Having secure access to items and assessments is essential. Individual logons protected by strong passwords and good policies and culture within your team can help prevent this.
  5. Planning for assessing someone’s competence in the language they are most comfortable in is an important part of the assessment planning process. Planning for translation management for managing translation and multilingual delivery capabilities is an important part of planning your assessments if you need multilingual assessments for your participants.

qm-white-paper2I often share this white paper: 5 Steps to Better Tests, as a strong resource to help you plan a strong assessment, and I encourage you to check it out.

Next time, we’ll discuss authoring items. I hope you enjoyed these tips. If there are any more that you go back to when you begin your assessment planning process, please add them to the comment section below!

Next Page »