atp security committee articles/webinars/atp...cedma special interest group security committee...

Association of Test Publishers

Security Committee

CEdMA Special Interest Group

CEdMA Certification SIG

Friday, January 24, 2014

2


Introductions

• Beth Holst, Holst and Associates Co-Chair, Executive Committee

• Cathy Donath, The Donath Group Co-Chair, ATPSC Enforcement Subcommittee

• Kerri Davis, Microsoft Co-Chair, ATPSC Enforcement Subcommittee


Agenda

• Introductions

• ATP Security Committee – Overview

– Initiatives

• Collaborative Website Enforcement – Overview

– IP Rights Enforcement

• Assessment Delivery Security Options

• Security Committee Reports

• Q & A

• Wrap Up


Security Committee Mission

• Assist testing organizations to protect and enhance the

integrity and the value of their assessments

• Encourage collaborative efforts aimed at establishing,

promoting and disseminating industry-accepted test

security practices


Security Committee Goals

• Provide an environment where groups can collaborate to

address security concerns

• Enable a free exchange of ideas/concepts

• Partner with other testing associations

• Deliver webinars/workshops at conferences


• Conducted New Security Survey

• Created a Resource Document on

Assessment Delivery Security Options

• Conducted Collaborative Website Enforcement

campaign

• Developed a Candidate Roles and Responsibility

Template

• Distributed ATPSC Newsletter

• Assembled a Live Lab for ATP Conference

7

2012-2013 ATP Security Committee Goals Met


• Published 2012 Security Report and

Assessment Delivery Security Options Report

• Research Proctor Protocol

• Candidate Rights and Responsibilities

• Research Security Practices for Special Needs

Candidates

• European ATP Live Lab Innovations

• Remote Testing Protocols – ATP Conference

2013-2014 ATP Security Committee Goals

8


• Security workshops and sessions

• Breakfast Briefing

• Remote Testing Demonstrations Two-day offering; several demonstrations

of solutions focused on addressing security measures

– How IP theft can be prevented

– Process to avoid proxy testing

– Measures to prevent cheating

ATP Conference – Security

9


Enforcement Subcommittee

Collaborative Website Enforcement

Program

10


• Encourage organizations to join in

collaborative efforts to take down

websites by:

– Educating testing programs on methods

to enforce IP rights

– Providing resources and tools to initiate a

take-down strategy per their programs

– Demystifying the processes used to protect IP

CWE Program Objectives

11


• Tools, templates and enforcement

approaches

• A list of infringing websites to target

• Suggested timelines to coordinate sending

letters/ notices

• Data gathering and reporting on successes

CWE Program Objectives - What We Offer

12

CEdMA Special Interest Group 13

IP Enforcement Process

Overview


Identify

• Search web for sites offering your content

• Tip hotline

Investigate

• Buy suspect exam

• Establish “good faith belief”

Compare

• Evaluate and document content to establish substantial similarity

Notify

• Identify ISP(s) for infringing site

• //whois.domaintools.com

• Send DMCA to ISP(s)


Hundreds of rogue websites –

selling “actual” exams actual-exams.com

actualtests.com

beitcertified.net

braindumps.biz

certbible.org

certfx.com certification-

exams.com certification-

paper.com certificationtutorials.

com

certifyexpress.com

certifysky.com

certifysky.net

certinfo.net

certinside.com

certmagic.com

cheat-test.com


Collaborative Website Enforcement

How can we be more effective?

Some organizations expressed an interest in

participating but were unsure what steps needed to be

taken. The CWE team offered:

– Expanded Information Package

– Conducted Information Sessions

– Provided tools with simple and effective ways to

enforce your rights to protect your IP


CWE Information Package

• Information on what you need to prepare

and conduct your own website enforcement

• List of target websites and host providers

with contact information

• DMCA template

• Process overview – steps to take

• FAQs about enforcing your IP rights


DMCA Take-Down Notice

1. Tell them WHO you are and WHAT you’re

concerned about

2. Give Specifics About Your Exams

3. Give Specifics About the Infringing Web Site

4. Tell Them What You Want, e.g., “…requests the immediate suspension of www.braindumps.com”

http://www.braindumps.com/


• Do the pirated exam questions have to be identical to my

program’s real test questions?

• What if the web site is using my organization’s logo or

name?

• Do I need to send a notice to all ISPs on the list?

• Do I need to purchase every exam offered for sale by the

web site in order to confirm that infringement is

occurring?

FAQs

19


• Review information package

• Get management/legal buy-in

• Identify resources

• Prepare a schedule of activities

• Notify committee if you plan to participate

• Review websites listed in Appendix 1

• Investigate website offerings

• Compare to validate infringement

• Create and send DMCA notices

• Report results to committee

What should you do to take action?


• Join in the collaborative campaign

• Notify your peers to encourage others to

participate

• Taking action….again and again (future

campaigns)

How can I help?


Enforcement Subcommittee Members

Cathy Donath,

Co-Chair

The Donath Group

Kerri Davis,

Co-Chair

Microsoft

Brent Hill Cisco

Amanda Hoberg Pearson VUE

Ben Mannes American Board of Internal Medicine

Layne Pethick Association of American Medical Colleges

G. Matthew Rice Linux Professional Institute

Jennifer Ancona Semko Baker & McKenzie LLP

Christie Zervos Caveon


Assessment Delivery

Security Options

23


Assessment Delivery Security Options

Considerations by Delivery Channel and Assessment

Model Report

• Share the security methodologies utilized by members of

the community across various delivery methodologies

• Create a primer document for ATP members regarding

the various security options available for their

consideration

• Includes descriptions of procedures and best practices

currently in use to enhance security and thwart IP theft


Assessment Delivery - Security Options

Sections:

1. Security Threats and Risks; Exam Delivery Models;

Exam Delivery Channels and Practices to Enhance

Security

2. Data Forensics/Fraud Detection and Analytical

Tools and Services

3. Fraud Detection Items

- Available free to ATP members

- Available for non-members for purchase at ATP bookstore:

www.testpublishers.org/book-store

http://www.testpublishers.org/book-store




Security Options

• Fraud Detection Items

• Rapid Republishing/Continuous Publishing

• Randomized Presentation – applied at various levels

• Item Pool Flooding

• CBT/IBT Blended Delivery Model

• Answer Key Withholding (Non-Immediate Scoring)*

(Note: Some of these are not mutually exclusive)


Test Delivery Subcommittee Members

Nikki Eatchel, ATPSC Chair

Scantron Corporation

Liz Burns Juniper

John Dight Kryterion

Cathy Donath The Donath Group

Chuck Friedman Professional Examination Services

Aurora Hamilton American Registry of Radiologic Technologists

Greg Stephens Microsoft

Beverly van de Velde Symantec Corporation

Lauren Wood American Registry of Radiologic Technologists


ATP Security Committee

Testing professionals collaboration


ATP Security Committee Reports ATPSC 2012 Website Enforcement Report.pdf

ATPSC Report on DMCA Pilot Program 2010.pdf

ATP Exam Security Survey Report 2007.pdf

ATP Exam Security Survey Report 2010.pdf

ATP Test Security Survey Report 2012.pdf

ATP Security Survey Report 2013.pdf

ATP Test Security Messages Report 2009.pdf

ATP Test Security Messaging Report 2012.pdf

ATP Guide Combat IP Theft_2010.pdf

ATP SecurityBestPrac Protection Exam Content.pdf

ATP Test Security Guidelines.doc

Assessment Security Options -Considerations by Delivery Channel and Assessment

Model 1-23-13.pdf


ATP Security Committee Reports

• All published reports are available to ATPSC

members

• Published reports available to testing

community for purchase at ATP bookstore:

• The Security Survey Report 2013

• Assessment Delivery Security Options

www.testpublishers.org/book-store


Questions?


Association of Test Publishers

Security Committee

32


Creating our Community

• As a resource center for testing programs

• Establish and disseminate security best

practices

• Forum to access information and get assistance

for implementing or improving security efforts

and programs.

We need you!


• Communications

– Security Committee newsletter

– LinkedIn: Test Security Group

– ATP Website

– ATP Newsletter

• Liaison with other associations

• Networking with testing industry colleagues

Committee Activities


ATP Conference – Innovations in Testing March 2-5, 2014

Scottsdale Arizona, The Westin Kierland Resort & Spa

http://www.innovationsintesting.org/

35


Contact information:

• Beth Holst, Co-Chair, Executive Committee Holst and Associates [email protected]

• Cathy Donath, Co-Chair, ATPSC Enforcement Subcommittee The Donath Group, Inc. [email protected]

• Kerri Davis, Co-Chair, ATPSC Enforcement Subcommittee Microsoft [email protected]


Thank You!

Join us to help us achieve success through collaboration!

Go to www.testpublishers.org

37

atp security committee articles/webinars/atp...cedma special interest group security committee...

Documents