atp security committee articles/webinars/atp...cedma special interest group security committee...
TRANSCRIPT
Association of Test Publishers
Security Committee
CEdMA Special Interest Group
CEdMA Certification SIG
Friday, January 24, 2014
2
CEdMA Special Interest Group
Introductions
• Beth Holst, Holst and Associates Co-Chair, Executive Committee
• Cathy Donath, The Donath Group Co-Chair, ATPSC Enforcement Subcommittee
• Kerri Davis, Microsoft Co-Chair, ATPSC Enforcement Subcommittee
CEdMA Special Interest Group
Agenda
• Introductions
• ATP Security Committee – Overview
– Initiatives
• Collaborative Website Enforcement – Overview
– IP Rights Enforcement
• Assessment Delivery Security Options
• Security Committee Reports
• Q & A
• Wrap Up
CEdMA Special Interest Group
Security Committee Mission
• Assist testing organizations to protect and enhance the
integrity and the value of their assessments
• Encourage collaborative efforts aimed at establishing,
promoting and disseminating industry-accepted test
security practices
CEdMA Special Interest Group
Security Committee Goals
• Provide an environment where groups can collaborate to
address security concerns
• Enable a free exchange of ideas/concepts
• Partner with other testing associations
• Deliver webinars/workshops at conferences
CEdMA Special Interest Group
• Conducted New Security Survey
• Created a Resource Document on
Assessment Delivery Security Options
• Conducted Collaborative Website Enforcement
campaign
• Developed a Candidate Roles and Responsibility
Template
• Distributed ATPSC Newsletter
• Assembled a Live Lab for ATP Conference
7
2012-2013 ATP Security Committee Goals Met
CEdMA Special Interest Group
• Published 2012 Security Report and
Assessment Delivery Security Options Report
• Research Proctor Protocol
• Candidate Rights and Responsibilities
• Research Security Practices for Special Needs
Candidates
• European ATP Live Lab Innovations
• Remote Testing Protocols – ATP Conference
2013-2014 ATP Security Committee Goals
8
CEdMA Special Interest Group
• Security workshops and sessions
• Breakfast Briefing
• Remote Testing Demonstrations Two-day offering; several demonstrations
of solutions focused on addressing security measures
– How IP theft can be prevented
– Process to avoid proxy testing
– Measures to prevent cheating
ATP Conference – Security
9
CEdMA Special Interest Group
Enforcement Subcommittee
Collaborative Website Enforcement
Program
10
CEdMA Special Interest Group
• Encourage organizations to join in
collaborative efforts to take down
websites by:
– Educating testing programs on methods
to enforce IP rights
– Providing resources and tools to initiate a
take-down strategy per their programs
– Demystifying the processes used to protect IP
CWE Program Objectives
11
CEdMA Special Interest Group
• Tools, templates and enforcement
approaches
• A list of infringing websites to target
• Suggested timelines to coordinate sending
letters/ notices
• Data gathering and reporting on successes
CWE Program Objectives - What We Offer
12
CEdMA Special Interest Group 13
IP Enforcement Process
Overview
CEdMA Special Interest Group
Identify
• Search web for sites offering your content
• Tip hotline
Investigate
• Buy suspect exam
• Establish “good faith belief”
Compare
• Evaluate and document content to establish substantial similarity
Notify
• Identify ISP(s) for infringing site
• //whois.domaintools.com
• Send DMCA to ISP(s)
CEdMA Special Interest Group
Hundreds of rogue websites –
selling “actual” exams actual-exams.com
actualtests.com
beitcertified.net
braindumps.biz
certbible.org
certfx.com certification-
exams.com certification-
paper.com certificationtutorials.
com
certifyexpress.com
certifysky.com
certifysky.net
certinfo.net
certinside.com
certmagic.com
cheat-test.com
CEdMA Special Interest Group
Collaborative Website Enforcement
How can we be more effective?
Some organizations expressed an interest in
participating but were unsure what steps needed to be
taken. The CWE team offered:
– Expanded Information Package
– Conducted Information Sessions
– Provided tools with simple and effective ways to
enforce your rights to protect your IP
CEdMA Special Interest Group
CWE Information Package
• Information on what you need to prepare
and conduct your own website enforcement
• List of target websites and host providers
with contact information
• DMCA template
• Process overview – steps to take
• FAQs about enforcing your IP rights
CEdMA Special Interest Group
DMCA Take-Down Notice
1. Tell them WHO you are and WHAT you’re
concerned about
2. Give Specifics About Your Exams
3. Give Specifics About the Infringing Web Site
4. Tell Them What You Want, e.g., “…requests the immediate suspension of www.braindumps.com”
CEdMA Special Interest Group
• Do the pirated exam questions have to be identical to my
program’s real test questions?
• What if the web site is using my organization’s logo or
name?
• Do I need to send a notice to all ISPs on the list?
• Do I need to purchase every exam offered for sale by the
web site in order to confirm that infringement is
occurring?
FAQs
19
CEdMA Special Interest Group
• Review information package
• Get management/legal buy-in
• Identify resources
• Prepare a schedule of activities
• Notify committee if you plan to participate
• Review websites listed in Appendix 1
• Investigate website offerings
• Compare to validate infringement
• Create and send DMCA notices
• Report results to committee
What should you do to take action?
CEdMA Special Interest Group
• Join in the collaborative campaign
• Notify your peers to encourage others to
participate
• Taking action….again and again (future
campaigns)
How can I help?
CEdMA Special Interest Group
Enforcement Subcommittee Members
Cathy Donath,
Co-Chair
The Donath Group
Kerri Davis,
Co-Chair
Microsoft
Brent Hill Cisco
Amanda Hoberg Pearson VUE
Ben Mannes American Board of Internal Medicine
Layne Pethick Association of American Medical Colleges
G. Matthew Rice Linux Professional Institute
Jennifer Ancona Semko Baker & McKenzie LLP
Christie Zervos Caveon
CEdMA Special Interest Group
Assessment Delivery
Security Options
23
CEdMA Special Interest Group
Assessment Delivery Security Options
Considerations by Delivery Channel and Assessment
Model Report
• Share the security methodologies utilized by members of
the community across various delivery methodologies
• Create a primer document for ATP members regarding
the various security options available for their
consideration
• Includes descriptions of procedures and best practices
currently in use to enhance security and thwart IP theft
CEdMA Special Interest Group
Assessment Delivery - Security Options
Sections:
1. Security Threats and Risks; Exam Delivery Models;
Exam Delivery Channels and Practices to Enhance
Security
2. Data Forensics/Fraud Detection and Analytical
Tools and Services
3. Fraud Detection Items
- Available free to ATP members
- Available for non-members for purchase at ATP bookstore:
www.testpublishers.org/book-store
CEdMA Special Interest Group
Security Options
• Fraud Detection Items
• Rapid Republishing/Continuous Publishing
• Randomized Presentation – applied at various levels
• Item Pool Flooding
• CBT/IBT Blended Delivery Model
• Answer Key Withholding (Non-Immediate Scoring)*
(Note: Some of these are not mutually exclusive)
CEdMA Special Interest Group
Test Delivery Subcommittee Members
Nikki Eatchel, ATPSC Chair
Scantron Corporation
Liz Burns Juniper
John Dight Kryterion
Cathy Donath The Donath Group
Chuck Friedman Professional Examination Services
Aurora Hamilton American Registry of Radiologic Technologists
Greg Stephens Microsoft
Beverly van de Velde Symantec Corporation
Lauren Wood American Registry of Radiologic Technologists
CEdMA Special Interest Group
ATP Security Committee
Testing professionals collaboration
CEdMA Special Interest Group
ATP Security Committee Reports ATPSC 2012 Website Enforcement Report.pdf
ATPSC Report on DMCA Pilot Program 2010.pdf
ATP Exam Security Survey Report 2007.pdf
ATP Exam Security Survey Report 2010.pdf
ATP Test Security Survey Report 2012.pdf
ATP Security Survey Report 2013.pdf
ATP Test Security Messages Report 2009.pdf
ATP Test Security Messaging Report 2012.pdf
ATP Guide Combat IP Theft_2010.pdf
ATP SecurityBestPrac Protection Exam Content.pdf
ATP Test Security Guidelines.doc
Assessment Security Options -Considerations by Delivery Channel and Assessment
Model 1-23-13.pdf
CEdMA Special Interest Group
ATP Security Committee Reports
• All published reports are available to ATPSC
members
• Published reports available to testing
community for purchase at ATP bookstore:
• The Security Survey Report 2013
• Assessment Delivery Security Options
www.testpublishers.org/book-store
CEdMA Special Interest Group
Questions?
CEdMA Special Interest Group
Association of Test Publishers
Security Committee
32
CEdMA Special Interest Group
Creating our Community
• As a resource center for testing programs
• Establish and disseminate security best
practices
• Forum to access information and get assistance
for implementing or improving security efforts
and programs.
We need you!
CEdMA Special Interest Group
• Communications
– Security Committee newsletter
– LinkedIn: Test Security Group
– ATP Website
– ATP Newsletter
• Liaison with other associations
• Networking with testing industry colleagues
Committee Activities
CEdMA Special Interest Group
ATP Conference – Innovations in Testing March 2-5, 2014
Scottsdale Arizona, The Westin Kierland Resort & Spa
http://www.innovationsintesting.org/
35
CEdMA Special Interest Group
Contact information:
• Beth Holst, Co-Chair, Executive Committee Holst and Associates [email protected]
• Cathy Donath, Co-Chair, ATPSC Enforcement Subcommittee The Donath Group, Inc. [email protected]
• Kerri Davis, Co-Chair, ATPSC Enforcement Subcommittee Microsoft [email protected]
CEdMA Special Interest Group
Thank You!
Join us to help us achieve success through collaboration!
Go to www.testpublishers.org
37