Overview The following case revolves around the development and deployment of a

Question

Overview

The following case revolves around the development and deployment of a secure, online certification exam based on actual events that have been fictionalized. The project presented numerous security concerns, both technical and non-technical, as well as ethical and legal issues that put the project, and the professional reputations of its sponsors, at risk. The actual project was fraught with security concerns and related ethical issues. An important security, legal, and ethical framework is that of risk management. Risk management is an area important to project management and security, and an important part of the case revolves around identifying, prioritizing, mitigating, and recovering from project risks. Some of the security issues considered include cheating, inadvertent and intentional release of exam items, defenses against intrusions, memory leak and SQL injection attack vulnerabilities, confidentiality and privacy issues related to the information collected on individuals and institutions, and solutions for all.

The case picks up with the development of the online exam-taking software finishing up with less than a week to go before the launch of the exam.

Assessing Risks with Less Than a Week To Go

It was a Monday morning and Janet was worried. Under Will’s leadership, the security of the iSec-Cert exam system was in good hands, but time was running short. It was Monday morning. There was less than a week to go before Saturday’s pilot test at Midwest College. Janet knew from her past industry experience and based on how recent testing had gone that they weren’t ready. Two specific concerns were fresh in her mind. First, they still had to find a large group to test the fix to the connection pool leak problem. Second, they were not sure how the exam was going to behave in a different time zone.

When she got to thinking, she began to realize that more and more things could go wrong. If something did go wrong, Janet didn’t have any confidence that they would go much better on a second pilot test. She wanted it to go right the first time, or get so close that the second time would be a charm. She certainly didn’t want the worst possible things to go wrong—a severe security breach, like the test content getting released into the public—or a complete shutdown of an exam-in-progress. What if that happens? What then? A complete disaster, she thought. With all the testing that needed to be done, and the fact that Will was still coding, Janet was worried. They couldn’t push back Saturday’s start date, because several schools were on a tight schedule, and it was getting late in the spring semester.

Janet didn’t think she was paranoid, but just being a bit negative. She was worried about the risk of failure. Even though there was plenty of work to do before Saturday’s kick-off, Janet decided to stop and realistically assess the risk of failure.

She called a meeting with Gene and Will at Satchmo’s Coffehouse, a popular hangout with students and faculty. At the meeting Janet confronted Gene and Will: “Are we ready for Saturday?” With an enthusiastic wave of his fist, Gene responded:   “YEEEESSSSSSS!”   Will just laughed.

Gene was always the positive thinker of the group, a master of interpersonal skills and motivation, a kind of “wizard” with whom people enjoyed working if for no other reason than feeling good. Janet said: “There is a time for positive thinking, Gene, but this is not it. I don’t want us to fail on Saturday, and while I do appreciate your cheerleading, it does nothing for my confidence. It’s time for risk management. My question is ‘what can possibly go wrong that we need to do something about?’”

Gene, Will, and Janet took turns thinking up things that could go wrong. Not that they thought they would go wrong. They indulged themselves in scenarios of wrongdoing, coming up with about 20 risks, which Janet summarized in a spreadsheet, along with the likelihood and consequence, and associated level of risk. See Table 3, in which the risks are ordered by risk level, from highest (EXTREME) to lowest (LOW).

Table 3. iSec-Cert Risk Assessment

Risk

Likelihood

Consequence

Risk Level

Mitigation

Recovery

proctor unable to troubleshoot a problem quickly

LIKELY

CATASTROPHIC

EXTREME

have someone "on-call" and have all everyone know who it is that's on call, and list all phone numbers for iSec-Cert and proctors to use (one of us can get in touch with any of us)

more education and preparation for proctor and on-call iSec-Cert people when they try again

critical failure due to fault in test-taking software

UNLIKELY

CATASTROPHIC

EXTREME

make necessary software changes up to last minute, but also do a last-minute test of whole test scheduling, registration, verification, and test-taking process, with off-campus, too

Will on-call to make a quick fix

GSU network problem shuts down access to server (e.g. domain name server crash)

UNLIKELY

CATASTROPHIC

EXTREME

move to an off-site server, eventually

affected schools must reschedule exam

exam fails to work due to an interoperability issue

POSSIBLE

MAJOR

EXTREME

create a test login page for trying out on a machine that will be used to take test

have Will on-call and near computer access for quick adjustments

student discovers exam session password; and can log in off site to continue exam or call or e-mail the password to someone else

RARE

CATASTROPHIC

HIGH

(a) stress to proctors the importance of not giving out password, and having students turn head while they type it in; (b) have a "no keyboard activity" rule enforced during the test

(a) have proctors report suspicious behavior, like student leaving early in exam after logging in; (b) consider a proctor being able to "turn off" a student's test if they leave without hitting "finish"

time zone confusion

UNLIKELY

MAJOR

HIGH

do an off-site test at an eastern, mountain or pacific zone school

manipulate server clock to offset

time on server is incorrect

RARE

MAJOR

HIGH

check with network administrator about using atomic clock updates

exam contains spelling, grammar errors or duplicate questions or questions with >1 correct answer

ALMOST CERTAIN

MINOR

HIGH

perform a last-minute proofread

make changes to questions after first session (Sat.), treating Saturday's session as a pilot, if necessary

students get fatigued; quit test

POSSIBLE

MODERATE

HIGH

have proctor tell students to close browser, take a break, come back, and log them back in

consider shorter test if it's a big problem

system response time is slow

POSSIBLE

MODERATE

HIGH

(a) monitor exam in progress (via database queries and/or cell phone w/ proctor, (b) invest in new server

none

proctor makes a procedural error

POSSIBLE

MODERATE

HIGH

update detailed proctor guidelines; make sure Will and Janet understand them; make sure proctors are registered and have computer access during exam; give proctors the cell phone number of who is on-call

have well-trained support people on-call

students unable to log into the test

POSSIBLE

MINOR

MODERATE

(a) add a "candidate is not verified" warning when that is the reason for problem; (b) remind proctors to verify candidates

students don't get verified in time

POSSIBLE

MINOR

MODERATE

educate proctor in steps of registration and verification

students can't get their passwords to log in to their account

POSSIBLE

MINOR

MODERATE

verify that e-mails send out passwords promptly

have student's ask proctor, who can check on a student's password; Will, Gene, and Janet are not to take phone calls and give out student passwords over the phone

students can't sign up for exam session

POSSIBLE

MINOR

MODERATE

ask proctor to check to see if student is verified

figure doesn't show up on a question

RARE

MODERATE

MODERATE

make sure that questions on the test that need a figure, have one defined in the database, and that it shows up in a pre-Saturday beta of real test

make changes to questions after first session (Sat.), treating Saturday's session as a pilot, if necessary

score report not ready for Saturday

UNLIKELY

INSIGNIFICANT

LOW

Will responsible for finishing, testing, debugging, up to last minute

tell students to check back later for scores

browser settings cause anomalies

UNLIKELY

INSIGNIFICANT

LOW

make proctors understand that test software might work differently for different browsers

instruct proctor to ask students to try a different browser or switch machines

too many students sign up, fill up room

UNLIKELY

MINOR

LOW

(a) create IS admin utility to show students signed up in a group; (b) alert proctors to this problem

They then defined risk mitigation and recovery strategies for each risk, starting with the highest priority risks, those at the EXTREME level. It took about three hours. When they were done, they created a work schedule for the rest of the week. It was decided that:

the test questions themselves would undergo one more round of review

software changes could be made up until the last minute, but that one complete system test had to be conducted on Friday night

someone had to be on-call, and the others had to know who was to be on-call, and the phone numbers had to be distributed to all faculty contacts

One of the threats was that an exam proctor would make a procedural error, resulting in a security breach or a complete failure of an exam session, i.e. students cannot take or finish test and had to leave.   A complete failure of this kind is akin to a disaster, in information security terms. The mitigation and recovery strategy involved all of the following:

Gene would update the proctor guidelines with the cell phone numbers of on-call iSec-Cert personnel, and redistribute the guidelines to all faculty contacts

Janet and Will would review the new proctor guidelines and be on-call during the pilot, with Will agreeing to be within minutes of computer access

Will would make sure the proctors were registered and had computer access during the exam

Before the meeting, Janet wasn’t sure if they would be able to identify all the important risks, and that there wouldn’t be enough time to do anything about any but the few top-priority threats. But, with the knowledge and experience of the three of them, and working as a team focusing on the task, they were able to be certain that they had identified a comprehensive collection of threats, including the most probable and severe. To their surprise, they were able to come up with risk mitigation and recovery strategies for not just the high-priority threats, but for all of them. They were able to identify some low-effort tactics that could be done within the week’s time as well.

Question:

For the risk “students can’t get their passwords…” the team decided to allow proctors to access student passwords in order to assist students. What do you think of this response? What new security risk(s) might result from allowing proctors to access student accounts?

Risk

Likelihood

Consequence

Risk Level

Mitigation

Recovery

proctor unable to troubleshoot a problem quickly

LIKELY

CATASTROPHIC

EXTREME

have someone "on-call" and have all everyone know who it is that's on call, and list all phone numbers for iSec-Cert and proctors to use (one of us can get in touch with any of us)

more education and preparation for proctor and on-call iSec-Cert people when they try again

critical failure due to fault in test-taking software

UNLIKELY

CATASTROPHIC

EXTREME

make necessary software changes up to last minute, but also do a last-minute test of whole test scheduling, registration, verification, and test-taking process, with off-campus, too

Will on-call to make a quick fix

GSU network problem shuts down access to server (e.g. domain name server crash)

UNLIKELY

CATASTROPHIC

EXTREME

move to an off-site server, eventually

affected schools must reschedule exam

exam fails to work due to an interoperability issue

POSSIBLE

MAJOR

EXTREME

create a test login page for trying out on a machine that will be used to take test

have Will on-call and near computer access for quick adjustments

student discovers exam session password; and can log in off site to continue exam or call or e-mail the password to someone else

RARE

CATASTROPHIC

HIGH

(a) stress to proctors the importance of not giving out password, and having students turn head while they type it in; (b) have a "no keyboard activity" rule enforced during the test

(a) have proctors report suspicious behavior, like student leaving early in exam after logging in; (b) consider a proctor being able to "turn off" a student's test if they leave without hitting "finish"

time zone confusion

UNLIKELY

MAJOR

HIGH

do an off-site test at an eastern, mountain or pacific zone school

manipulate server clock to offset

time on server is incorrect

RARE

MAJOR

HIGH

check with network administrator about using atomic clock updates

exam contains spelling, grammar errors or duplicate questions or questions with >1 correct answer

ALMOST CERTAIN

MINOR

HIGH

perform a last-minute proofread

make changes to questions after first session (Sat.), treating Saturday's session as a pilot, if necessary

students get fatigued; quit test

POSSIBLE

MODERATE

HIGH

have proctor tell students to close browser, take a break, come back, and log them back in

consider shorter test if it's a big problem

system response time is slow

POSSIBLE

MODERATE

HIGH

(a) monitor exam in progress (via database queries and/or cell phone w/ proctor, (b) invest in new server

none

proctor makes a procedural error

POSSIBLE

MODERATE

HIGH

update detailed proctor guidelines; make sure Will and Janet understand them; make sure proctors are registered and have computer access during exam; give proctors the cell phone number of who is on-call

have well-trained support people on-call

students unable to log into the test

POSSIBLE

MINOR

MODERATE

(a) add a "candidate is not verified" warning when that is the reason for problem; (b) remind proctors to verify candidates

students don't get verified in time

POSSIBLE

MINOR

MODERATE

educate proctor in steps of registration and verification

students can't get their passwords to log in to their account

POSSIBLE

MINOR

MODERATE

verify that e-mails send out passwords promptly

have student's ask proctor, who can check on a student's password; Will, Gene, and Janet are not to take phone calls and give out student passwords over the phone

students can't sign up for exam session

POSSIBLE

MINOR

MODERATE

ask proctor to check to see if student is verified

figure doesn't show up on a question

RARE

MODERATE

MODERATE

make sure that questions on the test that need a figure, have one defined in the database, and that it shows up in a pre-Saturday beta of real test

make changes to questions after first session (Sat.), treating Saturday's session as a pilot, if necessary

score report not ready for Saturday

UNLIKELY

INSIGNIFICANT

LOW

Will responsible for finishing, testing, debugging, up to last minute

tell students to check back later for scores

browser settings cause anomalies

UNLIKELY

INSIGNIFICANT

LOW

make proctors understand that test software might work differently for different browsers

instruct proctor to ask students to try a different browser or switch machines

too many students sign up, fill up room

UNLIKELY

MINOR

LOW

(a) create IS admin utility to show students signed up in a group; (b) alert proctors to this problem

Explanation / Answer

in the risk management the risk mitigation use for the steps to reduce or less odd effects

that is use for the recovery and the continutiy the this process.

risk acceptance

it is not stop the effect but avoid the redce or limitation the risk

if the proctor not do the immediately this solution for the error

risk avoid the if the exam online is not working then stop the tht process that time

risk limitation and the trasference

that is one of the limit when the solve the online exam error status and the resolve them in more time

transference

is the involment of the someone other can resolve the problem or the erroer and the solve that

when the risk student's can't get their paswords

the when the solve this use the risk transference to access the students passwords by the proctors

but their is the risk that is missuse for the information any student's passwords by the exam in the marks add or delete

so whenerver the student's accounts their is the one process add the student is who is the open their account

by the any mail or message

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.