SlideShare a Scribd company logo

The fraud triangle : understanding and mitigating threats to test and exam security

Questionmark
Questionmark

The fraud triangle : understanding and mitigating threats to test and exam security

TechnologyEducation
1 of 13
Eric Shepherd eric@questionmark.com Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Fraud Triangle Threats  Rationalization  Impersonation  Opportunity  Content Theft  Motivation  Cheating Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Donald Cressey, a famed criminologist, came up with a hypothesis while researching his doctoral thesis in the 1950s now called the “Fraud Triangle” it explains why people commit fraud. In order to reduce the likelihood of fraudulent activities we need to remove one of the elements of the Fraud Triangle. Motivation The three key elements in the Fraud Triangle are Motivation, Rationalization, and Opportunity. Fraud Risk Opportunity Rationalization Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
What’s at Stake? High Life and Limb Higher Medium Promotion & Jobs & Legal Concern Stakes Low Educational Exams Medium Stakes Tests Elearning & Low Stakes Surveys Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 4 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Licensure exams Motivation to commit fraud Certification exams Stakes of assessment Summative Assessments Placement tests Pre-certification exams Job Task analysis surveys Needs analysis surveys Post-course test Pre-course test Formative quizzes Course Evaluations Satisfaction surveys Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged. Slide 5
Short Term with Low Trust Relationships Higher threats require more “Oversight” and so cost Public Pre- more Certifications employment Large Programs & Licensing Small Program Lower threats require less Sales and “Oversight” Regulatory Technical and so cost Compliance Channel less to Verification administer Long Term with High Trust Relationships Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Identity Fraud •Proxy takes the test on behalf of the real candidate Content Theft •Content is stolen and sold/given to potential cheaters Cheating •Candidate uses unauthorized “aids” to help them answer the questions Counterfeit Certificates/Licenses •Proof of certification/licensure is counterfeited Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Rationalization Mitigation •Explain the facts: “Everyone else cheats so why •Most people do not cheat shouldn’t I?” •Consequences for cheating “I have no alternative but to •Provide learning environments for the candidate to be able to pass the assessment cheat and I have to pass honestly. because <fill in the blank>.” •Explain some of the security measures that are in place, that there are more, and the “I can get away with this.” consequences if they are caught. •Explain and gain positive agreement to the: •Honesty code “I didn’t know <fill in the •Code of ethics blank>” •Non-Disclosure •Consequences for cheating “The ends justify the means •Explain and gain positive agreement to the: (financial reward).” •Consequences for cheating “The Assessment provider is •Maintain a positive public image incompetent/bad/corrupt/etc.” Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 8 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Locking down the candidate’s technology Tight controls over the test papers or (secure browser) to help eliminate the access to the technology before, during possibility of content being electronically and after the assessment harvested Shuffling items and choices and using a Not exposing the scoring algorithm beyond limited number of questions from a pool the content repositories/databases helps reduce item exposure Ensuring that people involved with the content databases have signed NDAs so Securing, and only providing limited access that they are aware of their to, the content repositories/databases responsibilities, the consequences of not fulfilling them and their legal accountability Vigorously following up on infractions Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 9 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Formal honesty contracts that are agreed to at each stage of the process that explain the consequences for cheating Invigilation/proctoring of an assessment to monitor candidates’ behaviors Locking down the candidate’s devices, maybe using a secure browser, helps eliminate the possibility of them linking to internet resources via their browsers, instant messaging, etc. Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 10 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Minimizes Protect Content ID Fraud Cheating • Personable, consistent Test Centers • Monitor vulnerable to unfair influence √ √ √ Events (Classrooms or • Convenient, personable, consistent Conventions) • Monitor vulnerable to unfair influence √ √ √ • Monitor is less vulnerable Test Station Kiosk √ √ √ • New and not yet widespread • Easy to deploy for use at home PC & 360 webcam • Little for content theft √ X √ • Seems secure PC & webcam & WebEx • Nothing for content theft √ X √ • Works for employees Un-Monitored • Nothing for content theft √ X X Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 11 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
Levels of Monitoring High Medium Stakes Stakes Exams Low Stakes Exams Exams Diagnostic Tests Formative Quizzes Course Evaluations Stakes of Assessment Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
 Blog article “Oversight, Monitoring and Deliver of Higher Stakes Assessments Safely and Securely”  http://blog.eric.info/2010/02/oversight-monitoring-and- deliver-of-higher-stakes-assessments-safely-and- securely/  Contact  Web: www.questionmark.com/us/whitepapers  Email: info@questionmark.com Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 13 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.

Recommended

Arens12e ab.az 01
Arens12e ab.az 01Arens12e ab.az 01
Arens12e ab.az 01Sagita Fajarahayu
 
Chapter 25 slide present audit
Chapter 25 slide present auditChapter 25 slide present audit
Chapter 25 slide present auditieyqa1990
 
slide arens chapter 25
slide arens chapter 25slide arens chapter 25
slide arens chapter 25Faisal ijal
 
Fraud triangle
Fraud triangleFraud triangle
Fraud triangleMiss. Antónia FICOVÁ, Engineer. (Not yet Dr.)
 
James hall ch 3
James hall ch 3James hall ch 3
James hall ch 3David Julian
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlDominic Sroda Korkoryi
 
Fraud detection
Fraud detectionFraud detection
Fraud detectionInternational School of Engineering
 
ONLINE EDUCA 2011
ONLINE EDUCA 2011ONLINE EDUCA 2011
ONLINE EDUCA 2011Questionmark
 

Recommended

Arens12e ab.az 01
Arens12e ab.az 01Arens12e ab.az 01
Arens12e ab.az 01Sagita Fajarahayu
 
Chapter 25 slide present audit
Chapter 25 slide present auditChapter 25 slide present audit
Chapter 25 slide present auditieyqa1990
 
slide arens chapter 25
slide arens chapter 25slide arens chapter 25
slide arens chapter 25Faisal ijal
 
Fraud triangle
Fraud triangleFraud triangle
Fraud triangleMiss. Antónia FICOVÁ, Engineer. (Not yet Dr.)
 
James hall ch 3
James hall ch 3James hall ch 3
James hall ch 3David Julian
 
Presentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlPresentation on fraud prevention, detection & control
Presentation on fraud prevention, detection & controlDominic Sroda Korkoryi
 
Fraud detection
Fraud detectionFraud detection
Fraud detectionInternational School of Engineering
 
ONLINE EDUCA 2011
ONLINE EDUCA 2011ONLINE EDUCA 2011
ONLINE EDUCA 2011Questionmark
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

The fraud triangle : understanding and mitigating threats to test and exam security

  • 1. Eric Shepherd eric@questionmark.com Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 2. Fraud Triangle Threats  Rationalization  Impersonation  Opportunity  Content Theft  Motivation  Cheating Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 3. Donald Cressey, a famed criminologist, came up with a hypothesis while researching his doctoral thesis in the 1950s now called the “Fraud Triangle” it explains why people commit fraud. In order to reduce the likelihood of fraudulent activities we need to remove one of the elements of the Fraud Triangle. Motivation The three key elements in the Fraud Triangle are Motivation, Rationalization, and Opportunity. Fraud Risk Opportunity Rationalization Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 4. What’s at Stake? High Life and Limb Higher Medium Promotion & Jobs & Legal Concern Stakes Low Educational Exams Medium Stakes Tests Elearning & Low Stakes Surveys Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 4 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 5. Licensure exams Motivation to commit fraud Certification exams Stakes of assessment Summative Assessments Placement tests Pre-certification exams Job Task analysis surveys Needs analysis surveys Post-course test Pre-course test Formative quizzes Course Evaluations Satisfaction surveys Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged. Slide 5
  • 6. Short Term with Low Trust Relationships Higher threats require more “Oversight” and so cost Public Pre- more Certifications employment Large Programs & Licensing Small Program Lower threats require less Sales and “Oversight” Regulatory Technical and so cost Compliance Channel less to Verification administer Long Term with High Trust Relationships Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 7. Identity Fraud •Proxy takes the test on behalf of the real candidate Content Theft •Content is stolen and sold/given to potential cheaters Cheating •Candidate uses unauthorized “aids” to help them answer the questions Counterfeit Certificates/Licenses •Proof of certification/licensure is counterfeited Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 8. Rationalization Mitigation •Explain the facts: “Everyone else cheats so why •Most people do not cheat shouldn’t I?” •Consequences for cheating “I have no alternative but to •Provide learning environments for the candidate to be able to pass the assessment cheat and I have to pass honestly. because <fill in the blank>.” •Explain some of the security measures that are in place, that there are more, and the “I can get away with this.” consequences if they are caught. •Explain and gain positive agreement to the: •Honesty code “I didn’t know <fill in the •Code of ethics blank>” •Non-Disclosure •Consequences for cheating “The ends justify the means •Explain and gain positive agreement to the: (financial reward).” •Consequences for cheating “The Assessment provider is •Maintain a positive public image incompetent/bad/corrupt/etc.” Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 8 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 9. Locking down the candidate’s technology Tight controls over the test papers or (secure browser) to help eliminate the access to the technology before, during possibility of content being electronically and after the assessment harvested Shuffling items and choices and using a Not exposing the scoring algorithm beyond limited number of questions from a pool the content repositories/databases helps reduce item exposure Ensuring that people involved with the content databases have signed NDAs so Securing, and only providing limited access that they are aware of their to, the content repositories/databases responsibilities, the consequences of not fulfilling them and their legal accountability Vigorously following up on infractions Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 9 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 10. Formal honesty contracts that are agreed to at each stage of the process that explain the consequences for cheating Invigilation/proctoring of an assessment to monitor candidates’ behaviors Locking down the candidate’s devices, maybe using a secure browser, helps eliminate the possibility of them linking to internet resources via their browsers, instant messaging, etc. Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 10 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 11. Minimizes Protect Content ID Fraud Cheating • Personable, consistent Test Centers • Monitor vulnerable to unfair influence √ √ √ Events (Classrooms or • Convenient, personable, consistent Conventions) • Monitor vulnerable to unfair influence √ √ √ • Monitor is less vulnerable Test Station Kiosk √ √ √ • New and not yet widespread • Easy to deploy for use at home PC & 360 webcam • Little for content theft √ X √ • Seems secure PC & webcam & WebEx • Nothing for content theft √ X √ • Works for employees Un-Monitored • Nothing for content theft √ X X Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 11 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 12. Levels of Monitoring High Medium Stakes Stakes Exams Low Stakes Exams Exams Diagnostic Tests Formative Quizzes Course Evaluations Stakes of Assessment Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.
  • 13. Blog article “Oversight, Monitoring and Deliver of Higher Stakes Assessments Safely and Securely”  http://blog.eric.info/2010/02/oversight-monitoring-and- deliver-of-higher-stakes-assessments-safely-and- securely/  Contact  Web: www.questionmark.com/us/whitepapers  Email: info@questionmark.com Copyright © 1995-2010 Questionmark Corporation and/or Questionmark Computing Limited, known collectively as Questionmark. All rights reserved. Slide 13 Questionmark is a registered trademark of Questionmark Computing Limited. All other trademarks are acknowledged.