Test Security Brandt Redd CIOCTO Smarter Balanced CCSSO
Test Security Brandt Redd, CIO/CTO, Smarter Balanced CCSSO NCSA - 21 June 2016 1
Security Goals Should Benefit Students • • Ensure Accurate Scores – Secure Test Items to ensure that items measure what they are supposed to measure. – Secure the Network and the Server and the Data Channel Preserve Student Privacy – Secure Student Data Throughout the Processing Chain – Limit Access to Authorized Users – Data Center Security 2
Security Issues Particular to Online Tests • • Secure Browser to secure the student’s device for the duration of the test. – Prevents access to unauthorized websites, applications, or student-device interactions. – Prevents capture of assessment content. Smarter Balanced has developed Open Source Secure Browsers with a roadmap to a common industry standard. – Open Secure Browser protocol and API. – Open Source solutions for Windows, Mac, Chrome. Book, i. OS, Android, and Linux 3
Distributed Denial of Service Attack DDo. S Thousands of “botnet” computers can overwhelm your testing site. 1. Prepare – – – Partnership with Internet Service Provider Response Plan Partitioned delivery to isolate problems 2. Diagnosis – At first glance it’s hard to tell the difference between DDo. S and Peak Utilization 3. Response – – 4 ISP-level data filtering Communications and expectation management
Security Issues Particular to Computer-Adaptive Tests • • Adaptive test has 20: 1 ratio* of items in pool to items presented – reduced sensitivity to leaked items. Using an item pool lets us address individual item security issues while preserving comparable test results. *Median ratio for Smarter Balanced tests 5
Security Issues Particular to a Multi-Vendor Consortium • • Secure delivery of assessment content to each member and their service provider. – Requires content-use agreements and secure delivery protocols. Secure delivery of de-identified student data from members to consortium for item calibration, test validation, validity studies, and research. – Requires data-sharing agreements, regulation compliance, secure transmission protocols, and access limited to authorized personnel. 6
Security Issues Associated with Test Administration Procedures • • Availability of Resources and Supports while preserving security of the testing environment. – Text-to-Speech – Whiteboards for scratch paper – Permissive mode for Secure Browser – requires additional proctoring. Efforts – Cooperation with the Assistive Technology community and advocacy organizations. – Test Administration Manuals (customized for each member) describe how to administer a standardized test. 7
Summary and Q & A • • • Security Goals are to Benefit Students – Ensure Accurate Scores – Preserve Student Privacy Security Issues are Distinct for: – – Online Testing Computer-Adaptive Testing Multi-Vendor Consortia Large-Scale Standardized Tests See Also: – http: //smarterbalanced. org – http: //smarterapp. org Brandt Redd, CIO/CTO, Smarter Balanced 8
- Slides: 8