COTS 2022: A Collective Effort to Protect Test Validity Results and Brand Integrity
Princeton, September 28, 2022: At the 11th annual Conference, several critical discussions were centered around exploring test security capabilities to protect and enhance the validity of test results and help in maintaining the brand integrity. Industry experts and thought leaders brainstormed to establish new guidelines and best practices to secure the tests.
To weather a test security storm, there is a need for effective incident response planning, examining common exam security risks, and watching out for potential pitfalls. Testing experts deliberated and reviewed several exam security incidents and provided practical advice for test security incident response planning to maintain the brand integrity of a program.
Over the past three years, organizations and educational institutes have primarily focused on improving and maintaining the security of their assessment programs. The COVID-19 pandemic significantly disrupted testing in 2020 and 2021 by disrupting normal standardized testing. Organizations and assessors had to make numerous adjustments to their plans for administering the assessments and to protect test validity. On a positive note, during this process, they also became much more flexible in the security procedures implemented to minimize irregularities.
A Deeper Dive into Improving Test Security
Confidentiality is one of the cornerstones of information security; it is an obligation of the organization or individual to keep its information confidential and protect itself from vulnerabilities. Security testing evaluates the security of a system and determines its potential vulnerabilities and threats to its security. For an assessment to be successful and positively impact a system’s security posture, elements beyond the execution of testing and examination must support the technical process.
To accomplish technical security assessments and ensure that technical security testing and examinations provide maximum value, organizations should be more proactive in establishing an information security assessment policy. The policy must first identify the organization’s requirements for executing assessments. Organizations must also implement a repeatable and documented assessment methodology.
Organizations must also determine the level of risk they are willing to accept. This will help to tailor their approaches accordingly. Processes that minimize risk caused by specific assessment techniques include using skilled assessors, developing comprehensive assessment plans, logging assessor activities, performing testing off-hours, and conducting tests on duplicates of production systems.
Security assessments have specific objectives, acceptable levels of risk, and available resources. Since no individual technique gives a complete picture of an organization’s security when executed alone. Organizations should use a combination of techniques to limit risk and resource usage. To ensure that security assessments provide their ultimate value. Organizations must also conduct root cause analysis of an assessment to translate their assessment findings into actionable mitigation techniques.
According to Trushant Mehta, Co-founder, and CTO of OpenEyes Technologies, “There is a rising need to reduce existing skill gaps. For greater transparency, it is necessary to recognize, the utility of credentials. And how we can enhance them to ensure that they are reliable, valid, and secure.
And since the security and authentication of credentials significantly impact their trustworthiness and usefulness. It’s essential to focus on providing a common understanding of the different levels of security available. And this will help stakeholders make informed decisions about using credentials in their own business or profession.”
About OpenEyes Technologies
OpenEyes Technologies Inc. is an ISO 9001: Quality Management and ISO 27001: Information Security certified IT consulting, services, and business process outsourcing organization. We are a Small Minority Women Owned business. We offer custom software development, strategic IT consulting, and managed services to the non-profit, government organizations, and commercial sector.
About COTS
The Conference on Test Security began in 2012 as the Conference on the Statistical Detection of Test Fraud. It focused primarily on statistical methods. The Conference Executive Committee expanded the scope of the Conference to include a broader range of test-security subjects. The Conference addresses pressing issues organizations face during development of the test security program.