[Xerte] Quiz Security
Mark Tomlinson, AC&S Ltd
mark.tomlinson at acns-group.com
Wed Dec 10 13:07:30 GMT 2008
Is that relating to the security of the data that you store about
individuals? If so, I am not talking about that....
What I am talking about is the following scenario:
- A legitimate user of a system is told to take some training, let's say for
compliance purposes.
- Said user does not want to complete the training so he logs in to the LMS
legitimately and launches the course he has been allocated to.
- This SCORM compliant course could have been created in Xerte, Flash,
Authorware, Articulate, Presenter, Captivate or any number of other content
creation systems.
- Said user, opens another browser window and fills out some data in the
form provided there for 100% Score, course passed and clicks a button.
- That is then set in the LMS.
He then closes the course and logs out of the LMS.
In this simple scenario, there would be other indications that something was
wrong if anyone was bothered to check such as the total time in the course.
This and any other SCORM data type can be set in the same way though.
So in the database of the LMS this user is flagged as passed. That data
(and all the other user data) may be extremely securely held and meet the
appropriate Federal Regulations you linked to, but the data itself is not
correct, which was my point about SCORM.
I saw such as scenario demonstrated at EeLS this year.
Mark
-----Original Message-----
From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Martín Dobovšek
Sent: 10 December 2008 12:42
To: Xerte discussion list
Subject: RE: [Xerte] Quiz Security
Speaking about security and software electronic records take a look at
Title 21 Code of Federal Regulations (21 CFR Part 11) Electronic Records;
Electronic
Signatures
http://www.fda.gov/ora/compliance_ref/Part11/
Here you can find what a system must fulfill for electronic records and
signatures.
After, you need to validate the software using specific rules and
procedures.
It depends of the security level you are looking for.
The one i point is the most strict: legal binding for pharmaceutical
production records.
There are scorm packages and systems that fulfill this regulation.
Take a lool at
http://www.sumtotalsystems.com/learning/res/datasheets/regulatory_compliance
_ds.html
Hope this helps
Martin
--- Julian Tenney <Julian.Tenney at nottingham.ac.uk> escribió:
> Like I said, if passing the test puts you in control of an aircraft
> acrrier or nuclear power station, then don't use Xerte. In fact, don't
> use computers. Even if the system is secure (and very few are truly)
> then unless you can see who is doing the test, how do you know the
> student isn't cheating? How do you know it's the student you think it
> is? How do you know they are not sitting there looking up the answers on
> aircraftcarrierexams.com?
>
>
>
>
>
> From: xerte-bounces at lists.nottingham.ac.uk
> [mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Mark
> Tomlinson, AC&S Ltd
> Sent: Wednesday, December 10, 2008 11:18 AM
> To: 'Xerte discussion list'
> Subject: RE: [Xerte] Quiz Security
>
>
>
> To be quite frank, SCORM itself is not secure at all, never mind the
> eLearning tool. I was shown at EeLS an html / javascript file that
> allows a user to set what they want in the LMS while their course is
> running.... You want a 100% pass...No problem, click a button! You
> want to show 'completed'..... No problem, click a button!
>
>
>
> Mark
>
>
>
> ________________________________
>
> From: xerte-bounces at lists.nottingham.ac.uk
> [mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
> Sent: 10 December 2008 11:02
> To: Xerte discussion list
> Subject: RE: [Xerte] Quiz Security
>
>
>
> I think it probably depends on what's at stake. If passing the exam
> means a huge payrise, then students have a big incentive to try and
> cheat. If the test is simply a formative test to give them feedback on
> their learning, then you could argue that, as long as the students get
> the feedback, they are continuing to learn.
>
>
>
> If the test is high stakes, then Xerte probably isn't the tool for the
> job. Students would have to try quite hard, and be reasonaly tech-savvy,
> but they could get at the data if they really wanted to.
>
>
>
> From: xerte-bounces at lists.nottingham.ac.uk
> [mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Leonardi
> Sent: Wednesday, December 10, 2008 5:13 AM
> To: Xerte discussion list
> Subject: [Xerte] Quiz Security
>
>
>
> Hello all, i'm new in e-learning and scorm things... :)
>
> I have a question, if i create a scorm web based quiz using xerte does
> it secure? Can the students somehow cheating and obtain the answer?
>
> Thanks.
>
> --
> Leonardi -
> dodollipret.wordpress.com
>
> > _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>
Yahoo! Cocina
Recetas prácticas y comida saludable
http://ar.mujer.yahoo.com/cocina/
_______________________________________________
Xerte mailing list
Xerte at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte
More information about the Xerte
mailing list